Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIDCOM Protocol Semantics 55th IETF

Published byReynard Powers Modified over 6 years ago

Similar presentations

Presentation on theme: "MIDCOM Protocol Semantics 55th IETF"— Presentation transcript:

1 MIDCOM Protocol Semantics 55th IETF
Martin Stiemerling, Juergen Quittek, Tom Taylor

2 Outline Semantics overview Status Issues: Why PRR transaction?
PRR behaviour Group transactions Address and port wildcarding Return values in PER Split PER Queing model for incoming messages Capability exchange on Session Establishment Other open issues

3 Semantics overview Same transaction set for all middlebox types
Agent doesn‘t need to know middlebox type Agent assumption: Twice NAT with packet filter (worst case) First come first serve Atomic transactions Keep it simple, stupid

4 Status Stable defintions: To be discussed/under construction
Session control Policy rule control To be discussed/under construction Group control Prototype implementation done: Implement complete semantics Based on SIMCO protocol (draft-stiemerling-midcom-simco-02.txt) Currently based on ASCII encoding Upcoming version based on XML encoding

5 Why PRR? – The Problem PER used for policy rule establishment
Need address/port mapping before complete 5-tuple is known to MIDCOM agent No PER possible in this case But may have only destination‘s parameters (IP address, port number, protocol type) Example SIP signalling (see next slide)

6 INVITE UA A Need external Listening on: mapping for IP_INT,P_INT
SIP Telephone UA A Proxy Middlebox Softphone UA B INVITE UA A Listening on: IP_INT,P_INT Need external mapping for IP_INT,P_INT External mapping IP_MB,P_MAP INVITE UA A Listening on: IP_MB,P_MAP 200 OK...

7 PRR behaviour Traditional NAT Twice NAT – two choices:
Allocate only external mapped address/port Twice NAT – two choices: Allocated only external mapped address/port Allocated external and internal mapped address/port Any case known where both mapped adresses/ports are need during PRR times?

8 Group transactions Currently: New proposal
Groups are created explictly New proposal Groups are created implicitly by PRR or PER Impact on group transactions GE and AGD can be dropped GLC, GL and GS are kept Default group can be dropped No group lifetime Group state machine can be dropped

9 Wildcarding Several middlebox scenarios: Different protocols
Packet filter Traditional NAT Twice NAT NAPT Different protocols IP TCP/UDP Several combinations result in different wildcarding requirements

10 Return values in PER What to return in PER inside and/or outside address/port not allocated E.g. Packet filter middlebox Traditional NAT (only outside address/port) First choice: Return empty/NONE marker Middlebox type no longer transparent to agent! Second choice: Return external and/or internal endpoint addresses/ports

11 Split PER Currently PER for state transistions: Split into two
RESERVED->ENABLED PRID UNUSED->ENABLED Split into two PER1 (RES->ENA) PER2 (UN->ENA) PER1 and PER2 need different parameters

12 Message Queing Is it required to add a first come first server message processing in section „Atomicity“?

13 Capability Exchange on SE
Proposed capabilities: Type of middlebox Wildcard support IP version Supported optional transactions Policy rule persistency Maximum policy rule lifetime Name of the default group All needed? Any other required?

14 Other open issues Seperate IP protocol version and transport protocol type in PER/PRR? Currently IP4/IP6/UDP4/UDP6/TCP4/TCP6 Need to support ICMP, IGMP, RSVP, ... Encryption method In SE transaction Should SE failure reply convey supported methods Futher elaborated security considerations Any other issues?

Download ppt "MIDCOM Protocol Semantics 55th IETF"

Similar presentations

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals

Voice over IP Fundamentals
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Skype Connected to a SIP PBX

Skype Connected to a SIP PBX
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
RTP Relay Support in Intelligent Gateway Author: Pieere Pi

RTP Relay Support in Intelligent Gateway Author: Pieere Pi
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.

9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.
NAT Traversal Speaker: Chin-Chang Chang Date:2007.4.9.

NAT Traversal Speaker: Chin-Chang Chang Date:
NSIS NATFW NSLP: A Network Firewall Control Protocol draft-ietf-nsis-nslp-natfw-08.txt IETF NSIS Working Group January 2006 M. Stiemerling, H. Tschofenig,

NSIS NATFW NSLP: A Network Firewall Control Protocol draft-ietf-nsis-nslp-natfw-08.txt IETF NSIS Working Group January 2006 M. Stiemerling, H. Tschofenig,
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 4 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 4 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.

Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.
NSIS Path-coupled Signaling for NAT/Firewall Traversal Martin Stiemerling, Miquel Martin (NEC) Hannes Tschofenig (Siemens AG) Cedric Aoun (Nortel)

NSIS Path-coupled Signaling for NAT/Firewall Traversal Martin Stiemerling, Miquel Martin (NEC) Hannes Tschofenig (Siemens AG) Cedric Aoun (Nortel)
Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Similar presentations

Ads by Google