Internet DRAFT - draft-perkins-quic-p2p-mux

draft-perkins-quic-p2p-mux







Network Working Group                                         C. Perkins
Internet-Draft                                     University of Glasgow
Intended status: Standards Track                          March 11, 2019
Expires: September 12, 2019


        Peer-to-Peer Connections for the QUIC Transport Protocol
                     draft-perkins-quic-p2p-mux-00

Abstract

   The QUIC transport protocol is intended to be a general purpose
   transport, but is currently defined for client-server operation only.
   To be applicable to all use cases, it needs to develop support for
   peer-to-peer connection establishment.  This memo describes how this
   can be done, in outline form.  Future work is needed to determine if
   such peer-to-peer use of QUIC is desirable and, if so, to define a
   complete and workable standard for peer-to-peer QUIC connection
   establishment.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 12, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Perkins                Expires September 12, 2019               [Page 1]

Internet-Draft              Peer-to-Peer QUIC                 March 2019


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Background  . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  QUIC Connection Establishment in the Presence of NATs . . . .   4
     3.1.  Gathering Candidates  . . . . . . . . . . . . . . . . . .   4
     3.2.  Exchanging Candidates . . . . . . . . . . . . . . . . . .   4
     3.3.  Connectivity Checks . . . . . . . . . . . . . . . . . . .   5
     3.4.  Connection Establishment  . . . . . . . . . . . . . . . .   6
   4.  Demultiplexing QUIC and STUN  . . . . . . . . . . . . . . . .   6
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   8
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   QUIC [I-D.ietf-quic-transport] is a multiplexed and secure general-
   purpose transport protocol.  It is a connection-oriented protocol,
   where the end-points take the role of either client or server.  The
   server passively listens for incoming connections; clients actively
   connect to servers.  Once the connection has been established, QUIC
   is symmetric and allows either end-point to send and receive data on
   multiplexed streams within the connection.

   The client-server design of QUIC supports connection establishment
   when client and server are in the same addressing realm, or if the
   client is behind a network address/port translator (NAT).  In this
   latter case, the outgoing connection request establishes state in the
   NAT, opening the port to allow the response from the server to reach
   the client.  QUIC provides connection migration and path validation
   mechanisms that ensure connections can survive NAT rebinding events.
   The initial version of QUIC has no support, however, for establishing
   connections with a server that is behind a NAT.  Specifically, QUIC
   does not provide any mechanism to probe connectivity and create the
   necessary NAT bindings to allow incoming connections to a server that
   is behind a NAT.

   The combination of the STUN [RFC5389] protocol and the Interactive
   Connectivity Establishment (ICE) framework [RFC8445] provides those
   mechanisms needed to establish connections in the presence of NATs,



Perkins                Expires September 12, 2019               [Page 2]

Internet-Draft              Peer-to-Peer QUIC                 March 2019


   supporting path probing and NAT binding discovery/creation.  This
   memo discusses how STUN and ICE can be used with QUIC to establish
   connections when the server (and optionally the client) are behind
   NATs.

2.  Background

   A NAT translates IP addresses and ports in IP and UDP packet headers,
   separating the addressing realm used behind the NAT from the external
   addressing realm.  The addressing realm behind the NAT will often use
   private IP addresses [RFC1918], and the external addressing realm is
   often the public Internet, but this is not mandated.  When a packet
   is sent from an endpoint behind a NAT to an external endpoint, state
   is created in the NAT allowing replies to be returned.  This is known
   as a NAT binding.  If the NAT receives a packet on an external port
   that is not subject to an active NAT binding, that packet is dropped.

   Two QUIC endpoints wish to communicate.  One or both of the endpoints
   might be behind a NAT.  If the QUIC client is behind a NAT, then the
   outgoing initial packet sent from client to server to establish the
   connection will create a NAT binding, allowing the response from the
   QUIC server to pass the NAT and reach the client.  The QUIC handshake
   proceeds as normal, and the connection is established.  However, if
   the QUIC server is behind a NAT, then the initial packet sent by the
   QUIC client will reach a port on the NAT for which there is no active
   binding and will be dropped.  The connection cannot be established in
   this case.

   ICE provides a framework for probing connectivity and creating NAT
   bindings to allow connections to be established.  It proceeds in four
   phases:

   o  Gathering candidates: The endpoints discover the set of possible
      IP addresses and ports ("transport addresses") on which they can
      be reached, known as the set of "candidates".  The candidate set
      includes transport addresses bound to directly attached network
      interfaces, translated transport addresses on the outside of a NAT
      ("server-reflexive addresses"), and transport addresses allocated
      via some form of relay ("relayed addresses".  When gathering the
      candidates, STUN is used to discover server reflexive addresses,
      and the relay protocol (e.g., TURN) is used to determine relayed
      addresses.

   o  Exchanging candidates: The endpoints exchanges their candidate
      sets.  Since the two endpoints cannot directly communicate, due to
      the presence of the NATs, this exchange has to be done indirectly
      via an external relay that is reachable by both endpoints.  In the
      multimedia conferencing systems for which ICE was defined, this



Perkins                Expires September 12, 2019               [Page 3]

Internet-Draft              Peer-to-Peer QUIC                 March 2019


      exchange takes place over the signalling channel (e.g., SIP or
      WebRTC).  This signalling is heavyweight and multimedia specific,
      and is not appropriate for QUIC, so an alternative mechanism will
      need to be defined.

   o  Connectivity checks: Once the candidate sets have been exchanged,
      the endpoint systematically probe all pairs of local and remote
      candidates, in priority order, to determine which candidate pairs
      can be used to communicate.  Each pair of candidates is probed, by
      sending a request and checking for a response, in both directions.
      This ensures that NAT bindings are established form each endpoint,
      so connectivity is found even if both endpoints are behind NATs.

   o  Connection establishment: Once the connectivity checks succeed for
      a suitable pair of candidates, the connection is established using
      those candidates in the normal manner.

   The ICE framework was designed to support multimedia conferencing,
   and defines the signalling to exchange candidates in a way that is
   specific to those systems.  The technique is generic however, and can
   be adapted to support NAT traversal and connection establishment for
   QUIC.

3.  QUIC Connection Establishment in the Presence of NATs

3.1.  Gathering Candidates

   Candidates are gathered as in Section 5 of [RFC8445].  The Initiating
   Agent is the QUIC client.  The Responding Agent is the QUIC server.
   RTP and RTCP are not used, and candidates are gathered for a single
   QUIC component instead.  A QUIC server that "knows" that it is not
   behind a NAT MAY use the lite mechanism described in Section 5.2 of
   [RFC8445].

   Editor's note: clarifications are likely needed since the candidate
   gathering in [RFC8445] is written assuming RTP and RTCP candidates,
   but the approach looks suitable for QUIC without significant change.

3.2.  Exchanging Candidates

   Section 5.3 of [RFC8445] describes the information to be communicated
   during the exchange of candidates.  This can be used unchanged, but
   the protocol used to exchange the candidates needs to be defined for
   the ICE usage for QUIC.

   The key design decision to make is what is the signalling protocol to
   be used with ICE when establishing QUIC connections?  The multimedia
   conferencing uses of ICE naturally use an SDP offer/answer exchange



Perkins                Expires September 12, 2019               [Page 4]

Internet-Draft              Peer-to-Peer QUIC                 March 2019


   [I-D.ietf-mmusic-ice-sip-sdp] to convey this information, but asking
   QUIC endpoints to implement SDP is not acceptable.  An alternative is
   needed.

   There are two approaches.  Firstly, the candidate exchange can be
   performed out-of-band from the point of view of QUIC, by some higher
   level signalling protocol.  This assumes that the application that
   uses QUIC will perform the necessary signalling.  The application
   will extract the set of local candidates from the QUIC stack and pass
   them to the peer, then later pass in the set of remote candidates
   received from the peer to the QUIC stack to trigger the systematic
   probing of candidate addresses.  This requires no QUIC-specific
   protocol standardisation, other than to specify when the exchange
   happens, since the signalling protocol is application specific and
   the interface between the QUIC stack and that signalling protocol is
   implementation specific.  Standards are likely needed to define the
   signalling for specific applications that use QUIC in this way.

   Alternatively, the candidate exchange can be embedded into QUIC to
   provide a general way for an indirect QUIC connection, made via a
   middlebox relay of some sort, to signal candidates to the endpoints,
   allowing them to bootstrap a direct peer-to-peer QUIC connection.
   This is a significant change to the QUIC security model, since it
   introduces a trusted middlebox that can relay candidate information,
   so exposing that communication is taking place.  However, such a
   trusted device is necessary to bootstrap any direct peer-to-peer
   connection in the presence of NATs, since it is not possible to
   establish a direct connection without the help of a relay.  Adding
   the candidate exchange mechanism to QUIC allows the provision of
   generic NAT traversal bootstrapping, allowing for reusable libraries
   and common mechanisms, but potentially risks missing out on
   application integration that could provide useful peer identity
   guarantees and end-to-end security mechanisms for the signalling.

   The right approach is likely to define a common abstract interface
   between QUIC and the candidate exchange signalling, specifying what
   information is to be exchanged and when.  Then, also define a common
   signalling protocol that MAY be used if there is no more suitable
   application specific mechanism.

3.3.  Connectivity Checks

   The assumption is that connectivity checks proceed using STUN, as is
   described in Section 7 of [RFC8445].  This has the benefit of working
   with existing STUN servers, reusing existing specifications, and of
   allowing code reuse.  It also continues to exercise the ability of
   middleboxes to pass STUN traffic, which is necessary for WebRTC NAT
   traversal and to support other peer to peer applications.  It further



Perkins                Expires September 12, 2019               [Page 5]

Internet-Draft              Peer-to-Peer QUIC                 March 2019


   ossifies STUN as the commonly used protocol for connectivity checks
   in the Internet.

   Alternatively, a QUIC-specific connectivity check protocol could be
   developed.  This would fulfil the same role STUN plays in [RFC8445],
   but could use a syntax that is closer to that of other QUIC packets,
   and could perhaps better integrate with the QUIC security mechanisms.
   It is the belief of the author that the benefits of such a new syntax
   for a STUN-like service do not outweigh the complexity of developing
   the new mechanism, and that it is beneficial to have a single, widely
   used, connectivity checking standard.  It is, however, possible to
   define a new connectivity check protocol, and such a protocol could
   avoid some of the complexity and backwards compatibility features
   included in STUN.

3.4.  Connection Establishment

   The connectivity checks determine that it is possible to send STUN
   packets in UDP on an particular 5-tuple.  Once the connectivity
   checks have concluded, and a candidate pair has been selected, the
   QUIC endpoints will attempt to establish a QUIC connection on the
   chosen path.

   To ensure the NAT ports are open, it is necessary that traffic flows
   in both directions.  It might be that it is sufficient to pick a peer
   to act as the server (e.g., highest numbered IP address becomes the
   server), or it might be necessary to perform a simultaneous open of
   the QUIC connection (in a similar manner to TCP simultaneous open).
   This will depend on the extent to which middleboxes attempt to detect
   and control QUIC connection establishment.  Simultaneous open seems
   most robust, but at the expense of complexity.

4.  Demultiplexing QUIC and STUN

   STUN and QUIC packets can be demultiplexed based on the value of the
   first octet, as described in [I-D.aboba-avtcore-quic-multiplexing].
   This provides a mechanism for middleboxes to distinguish peer to peer
   and regular QUIC flows on the wire.  This is beneficial in that it
   further establishes STUN as the connectivity check mechanism for the
   Internet, supporting its use in protocols such as WebRTC.  It is
   problematic, in that it provides a mechanism that can be used to
   detect and prevent peer to peer uses of QUIC.

5.  Security Considerations

   To be completed.  Key initial topics include: 1) changes to the QUIC
   security model, since any attempt to provide relayed connectivity
   checks for NAT traversal requires some degree of trust in the relay



Perkins                Expires September 12, 2019               [Page 6]

Internet-Draft              Peer-to-Peer QUIC                 March 2019


   server; 2) information leaks via STUN, if used for connectivity
   checks, even if just leaking that a peer-to-peer connection
   establishment is ongoing (the latter can likely be inferred from the
   range of IP addresses used, but there might be other information
   leaks); and 3) security properties of the signalling protocol used to
   communicate with the relay server.

6.  IANA Considerations

   No IANA actions needed.  Yet.

7.  Acknowledgements

   This work was supported by the UK Engineering and Physical Sciences
   Research Council under grant EP/R04144X/1.

8.  References

8.1.  Normative References

   [I-D.aboba-avtcore-quic-multiplexing]
              Aboba, B., Thatcher, P., and C. Perkins, "QUIC
              Multiplexing", draft-aboba-avtcore-quic-multiplexing-03
              (work in progress), January 2019.

   [I-D.ietf-quic-transport]
              Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
              and Secure Transport", draft-ietf-quic-transport-18 (work
              in progress), January 2019.

   [RFC1918]  Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
              and E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
              <https://www.rfc-editor.org/info/rfc1918>.

   [RFC5389]  Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
              "Session Traversal Utilities for NAT (STUN)", RFC 5389,
              DOI 10.17487/RFC5389, October 2008, <https://www.rfc-
              editor.org/info/rfc5389>.

   [RFC8445]  Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive
              Connectivity Establishment (ICE): A Protocol for Network
              Address Translator (NAT) Traversal", RFC 8445,
              DOI 10.17487/RFC8445, July 2018, <https://www.rfc-
              editor.org/info/rfc8445>.






Perkins                Expires September 12, 2019               [Page 7]

Internet-Draft              Peer-to-Peer QUIC                 March 2019


8.2.  Informative References

   [I-D.ietf-mmusic-ice-sip-sdp]
              Petit-Huguenin, M., Nandakumar, S., and A. Keranen,
              "Session Description Protocol (SDP) Offer/Answer
              procedures for Interactive Connectivity Establishment
              (ICE)", draft-ietf-mmusic-ice-sip-sdp-24 (work in
              progress), November 2018.

Author's Address

   Colin Perkins
   University of Glasgow
   School of Computing Science
   Glasgow  G12 8QQ
   United Kingdom

   Email: csp@csperkins.org

































Perkins                Expires September 12, 2019               [Page 8]