summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc4097.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc4097.txt')
-rw-r--r--doc/rfc/rfc4097.txt2467
1 files changed, 2467 insertions, 0 deletions
diff --git a/doc/rfc/rfc4097.txt b/doc/rfc/rfc4097.txt
new file mode 100644
index 0000000..7f3c267
--- /dev/null
+++ b/doc/rfc/rfc4097.txt
@@ -0,0 +1,2467 @@
+
+
+
+
+
+
+Network Working Group M. Barnes, Ed.
+Request for Comments: 4097 Nortel Networks
+Category: Informational June 2005
+
+
+ Middlebox Communications (MIDCOM) Protocol Evaluation
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2005).
+
+Abstract
+
+ This document provides an evaluation of the applicability of SNMP
+ (Simple Network Management Protocol), RSIP (Realm Specific Internet
+ Protocol), Megaco, Diameter, and COPS (Common Open Policy Service) as
+ the MIDCOM (Middlebox Communications) protocol. A summary of each of
+ the proposed protocols against the MIDCOM requirements and the MIDCOM
+ framework is provided. Compliancy of each of the protocols against
+ each requirement is detailed. A conclusion summarizes how each of
+ the protocols fares in the evaluation.
+
+Table of Contents
+
+ Overview.......................................................... 2
+ Conventions Used in This Document................................. 3
+ 1. Protocol Proposals............................................ 3
+ 1.1. SNMP.................................................... 3
+ 1.2. RSIP.................................................... 5
+ 1.3. Megaco.................................................. 7
+ 1.4. Diameter................................................ 8
+ 1.5. COPS.................................................... 10
+ 2. Item Level Compliance Evaluation.............................. 11
+ 2.1. Protocol Machinery...................................... 11
+ 2.2. Protocol Semantics...................................... 20
+ 2.3. General Security Requirements........................... 27
+ 3. Conclusions................................................... 29
+ 4. Security Considerations....................................... 30
+ 5. References.................................................... 31
+ 5.1. Normative References.................................... 31
+ 5.2. Informative References.................................. 33
+ 6. Acknowledgements.............................................. 33
+
+
+
+Barnes Informational [Page 1]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ Appendix A - SNMP Overview........................................ 34
+ Appendix B - RSIP with Tunneling.................................. 35
+ Appendix C - Megaco Modeling Approach............................. 37
+ Appendix D - Diameter IPFilter Rule............................... 39
+ Contributors ..................................................... 42
+
+Overview
+
+ This document provides an evaluation of the applicability of SNMP
+ (Simple Network Management Protocol), RSIP (Realm Specific Internet
+ Protocol), Megaco, Diameter and COPS (Common Open Policy Service) as
+ the MIDCOM (Middlebox Communications) protocol. This evaluation
+ provides overviews of the protocols and general statements of
+ applicability based upon the MIDCOM framework [2] and requirements
+ [1] documents.
+
+ The process for the protocol evaluation was fairly straightforward as
+ individuals volunteered to provide an individual document evaluating
+ a specific protocol. Thus, some protocols that might be considered
+ as reasonably applicable as the MIDCOM protocol are not evaluated in
+ this document since there were no volunteers to champion the work.
+ The individual protocol documents for which there were volunteers
+ were submitted for discussion on the list with feedback being
+ incorporated into an updated document. The updated versions of these
+ documents formed the basis for the content of this WG document.
+
+ Section 1 contains a list of the proposed protocols submitted for the
+ purposes of the protocol evaluation with some background information
+ on the protocols and similarities and differences with regards to the
+ applicability to the framework [2] provided.
+
+ Section 2 provides the item level evaluation of the proposed
+ protocols against the Requirements [1].
+
+ Section 3 provides a summary of the evaluation. A table containing a
+ numerical breakdown for each of the protocols, with regards to its
+ applicability to the requirements, for the following categories is
+ provided: Fully met, Partially met through the use of extensions,
+ Partially met through other changes to the protocol, or Failing to be
+ met. This summary is not meant to provide a conclusive statement of
+ the suitability of the protocols, but rather to provide information
+ to be considered as input into the overall protocol decision process.
+
+ In order for this document to serve as a complete evaluation of the
+ protocols, some of the background information and more detailed
+ aspects of the proposals documenting enhancements and applications of
+ the protocols to comply with the MIDCOM framework and requirements
+ are included in Appendices.
+
+
+
+Barnes Informational [Page 2]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+Conventions Used in this Document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119 [4].
+
+1. Protocol Proposals
+
+ The following protocols were submitted to the MIDCOM WG for
+ consideration:
+
+ o SNMP
+ o RSIP
+ o Megaco
+ o Diameter
+ o COPS
+
+ The following provides an overview of each of the protocols and the
+ applicability of each protocol to the MIDCOM framework.
+
+1.1. SNMP
+
+ This section provides a general statement with regards to the
+ applicability of SNMP as the MIDCOM protocol. A general overview and
+ some specific details of SNMP are provided in Appendix A. This
+ evaluation of SNMP is specific to SNMPv3, which provides the security
+ required for MIDCOM usage. SNMPv1 and SNMPv2c would be inappropriate
+ for MIDCOM since they have been declared Historic, and because their
+ messages have only trivial security. Some specifics with regards to
+ existing support for NAT and Firewall Control are provided in section
+ 1.1.2. The differences between the SNMP framework and the MIDCOM
+ framework are addressed in section 1.1.3.
+
+1.1.1. SNMP General Applicability
+
+ The primary advantages of SNMPv3 are that it is a mature, well
+ understood protocol, currently deployed in various scenarios, with
+ mature toolsets available for SNMP managers and agents.
+
+ Application intelligence is captured in MIB modules, rather than in
+ the messaging protocol. MIB modules define a data model of the
+ information that can be collected and configured for a managed
+ functionality. The SNMP messaging protocol transports the data in a
+ standardized format without needing to understand the semantics of
+ the data being transferred. The endpoints of the communication
+ understand the semantics of the data.
+
+
+
+
+
+Barnes Informational [Page 3]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ Partly due to the lack of security in SNMPv1 and SNMPv2c, and partly
+ due to variations in configuration requirements across vendors, few
+ MIB modules have been developed that enable standardized
+ configuration of managed devices across vendors. Since monitoring
+ can be done using only a least-common-denominator subset of
+ information across vendors, many MIB modules have been developed to
+ provide standardized monitoring of managed devices. As a result,
+ SNMP has been used primarily for monitoring rather than for
+ configuring network nodes.
+
+ SNMPv3 builds upon the design of widely-deployed SNMPv1 and SNMPv2c
+ versions. Specifically, SNMPv3 shares the separation of data
+ modeling (MIBs) from the protocol to transfer data, so all existing
+ MIBs can be used with SNMPv3. SNMPv3 also uses the SMIv2 standard,
+ and it shares operations and transport with SNMPv2c. The major
+ difference between SNMPv3 and earlier versions is the addition of
+ strong message security and controlled access to data.
+
+ SNMPv3 uses the architecture detailed in RFC 3411 [5], where all SNMP
+ entities are capable of performing certain functions, such as the
+ generation of requests, response to requests, the generation of
+ asynchronous notifications, the receipt of notifications, and the
+ proxy-forwarding of SNMP messages. SNMP is used to read and
+ manipulate virtual databases of managed-application-specific
+ operational parameters and statistics, which are defined in MIB
+ modules.
+
+1.1.2. SNMP Existing Support for NAT and Firewall Control
+
+ For configuring NATs, a NAT MIB module [16] has been developed. The
+ NAT MIB module meets all of the MIDCOM requirements concerning NAT
+ control with the exception of grouping of policy rules (requirement
+ 2.2.3.). In order to support this, an additional grouping table in
+ the NAT MIB module is required.
+
+ Existing work for firewall control with SNMP only considered the
+ monitoring of firewalls and not the configuration. Further work is
+ required towards the development of MIBs for configuring firewalls.
+
+1.1.3. Architectural Differences between SNMP and MIDCOM
+
+ The SNMP management framework provides functions equivalent to those
+ defined by the MIDCOM framework, although there are a few
+ architectural differences.
+
+ Traditionally, SNMP entities have been called Manager and Agent.
+ Manager and agent are now recognized as entities designed to support
+ particular configurations of SNMPv3 functions. A traditional manager
+
+
+
+Barnes Informational [Page 4]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ is an entity capable of generating requests and receiving
+ notifications, and a traditional agent is an entity capable of
+ responding to requests and generating notifications. The SNMP use of
+ the term agent is different from its use in the MIDCOM framework: The
+ SNMP Manager corresponds to the MIDCOM agent and the SNMP Agent
+ corresponds to the MIDCOM PDP. The SNMP evaluation assumes that the
+ MIDCOM PDP (SNMP Agent) is physically part of the middlebox, which is
+ allowed by the MIDCOM framework as described in section 6.0 of [2].
+ Thus, for the purpose of this evaluation, the SNMP agent corresponds
+ to the Middlebox.
+
+ While this evaluation is based on the assumption that the SNMP agent
+ corresponds to the middlebox, SNMP does not force such a restriction.
+
+ Proxy means many things to many people. SNMP can be deployed using
+ intermediate entities to forward messages, or to help distribute
+ policies to the middlebox, similar to the proxy capabilities of the
+ other candidate protocols. Since proxy adds configuration and
+ deployment complexity and is not necessary to meet the specified
+ MIDCOM requirements, the use of a proxy agent or mid-level manager is
+ not considered in this evaluation. Further details on SNMP proxy
+ capabilities are provided in Appendix A.
+
+ Although the SNMP management framework does not have the concept of a
+ session, session-like associations can be established through the use
+ of managed objects. In order to implement the MIDCOM protocol based
+ on SNMP, a MIDCOM MIB module is required. All requests from the
+ MIDCOM agent to the Middlebox would be performed using write access
+ to managed objects defined in the MIDCOM MIB module. Replies to
+ requests are signaled by the Middlebox (SNMP agent), by modifying the
+ managed objects. The MIDCOM agent (SNMP manager) can receive this
+ information by reading or polling, if required, the corresponding
+ managed object.
+
+1.2. RSIP
+
+ The RSIP framework and detailed protocol are defined in RFC 3102 [17]
+ and RFC 3103 [18] respectively.
+
+1.2.1. Framework Elements in Common to MIDCOM and RSIP
+
+ The following framework elements are common to MIDCOM and RSIP listed
+ by their MIDCOM names, with the RSIP name indicated in parenthesis:
+
+ o Hosts
+ o Applications
+ o Middleboxes (RSIP gateways)
+ o Private domain (private realm)
+
+
+
+Barnes Informational [Page 5]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ o External domain (public realm)
+ o Middlebox communication protocol (RSIP)
+ o MIDCOM agent registration (host registration)
+ o MIDCOM session (RSIP session)
+ o MIDCOM Filter (local / remote address and port number(s) pairs)
+
+1.2.2. MIDCOM Framework Elements Not Supported by RSIP
+
+ The following MIDCOM framework elements are not supported by RSIP:
+
+ o Policy actions and rules. RSIP always implicitly assumes a permit
+ action. To support MIDCOM, a more general and explicit action
+ parameter would have to be defined. RSIP requests specifying
+ local / remote address and port number(s) pairs would have to be
+ extended to include an action parameter, in MIDCOM rules.
+
+ o MIDCOM agents. RSIP makes no distinction between applications and
+ agents; address assignment operations can be performed equally by
+ applications and agents.
+
+ o Policy Decision Points. RSIP assumes that middleboxes grant or
+ deny requests with reference to a policy known to them; the policy
+ could be determined jointly by the middlebox and a policy decision
+ point; such joint determination is not addressed by the RSIP
+ framework, nor is it specifically precluded.
+
+1.2.3. RSIP Framework Elements Not Supported by MIDCOM
+
+ The following elements are unique to the RSIP framework. If RSIP
+ were adopted as the basis for the MIDCOM protocol, they could be
+ added to the MIDCOM framework:
+
+ o RSIP client: that portion of the application (or agent) that talks
+ to the RSIP gateway using RSIP.
+
+ o RSIP server: that portion of an RSIP gateway that talks to
+ applications using RSIP.
+
+ o Realm Specific Address IP (RSA-IP) and Realm Specific Address and
+ Port IP (RSAP-IP): RSIP distinguishes between filters that include
+ all ports on an IP address and those that do not.
+
+ o Demultiplexing Fields: Any set of packet header or payload fields
+ that an RSIP gateway uses to route an incoming packet to an RSIP
+ host. RSIP allows a gateway to perform, and an application to
+ control, packet routing to hosts in the private domain based on
+ more than IP header fields.
+
+
+
+
+Barnes Informational [Page 6]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ o Host-to-middlebox tunnels: RSIP assumes that data communicated
+ between a private realm host and a public realm host is
+ transferred through the private realm by a tunnel between the
+ inner host and the middle box, where it is converted to and from
+ native IP based communications to the public realm host.
+
+1.2.4. Comparison of MIDCOM and RSIP Frameworks
+
+ RSIP with tunneling, has the advantage that the public realm IP
+ addresses and port numbers are known to the private realm host
+ application, thus no translation is needed for protocols such as SDP,
+ the FTP control protocol, RTSP, SMIL, etc. However, this does
+ require that an RSIP server and a tunneling protocol be implemented
+ in the middlebox and an RSIP client and the tunneling protocol be
+ implemented in the private realm host. The host modifications can
+ generally be made without modification to the host application or
+ requiring the implementation of a host application agent. This is
+ viewed as a significant advantage over NAT (Network Address
+ Translation).
+
+ Further details on the evaluation of RSIP with regards to tunneling
+ in the context of NAT support are available in Appendix B of this
+ document.
+
+1.3. Megaco
+
+1.3.1. Megaco Architectural Model
+
+ Megaco is a master-slave, transaction-oriented protocol defined in
+ RFC 3015 [20] in which Media Gateway Controllers (MGC) control the
+ operation of Media Gateways (MG). Originally designed to control IP
+ Telephony gateways, it is used between an application-unaware device
+ (the Media Gateway) and an intelligent entity (the Media Gateway
+ Controller) having application awareness.
+
+ The Megaco model includes the following key concepts:
+
+ 1. Terminations: Logical entities on the MG that act as sources or
+ sink of packet streams. A termination can be physical or
+ ephemeral and is associated with a single MGC.
+
+ 2. Context: An association between Terminations for sharing media
+ between the Terminations. Terminations can be added, subtracted
+ from a Context and can be moved from one Context to another. A
+ Context and all of its Terminations are associated with a single
+ MGC.
+
+
+
+
+
+Barnes Informational [Page 7]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ 3. Virtual Media Gateways: A physical MG can be partitioned into
+ multiple virtual MGs allowing multiple Controllers to interact
+ with disjoint sets of Contexts/Terminations within a single
+ physical device.
+
+ 4. Transactions/Messages: Each Megaco command applies to one
+ Termination within a Context and generates a unique response.
+ Commands may be replicated implicitly so that they act on all
+ Terminations of a given Context through wildcarding of Termination
+ identifiers. Multiple commands addressed to different Contexts
+ can be grouped in a Transaction structure. Similarly, multiple
+ Transactions can be concatenated into a Message.
+
+ 5. Descriptors/Properties: A Termination is described by a number of
+ characterizing parameters or Properties, which are grouped in a
+ set of Descriptors that are included in commands and responses.
+
+ 6. Events and signals: A Termination can be programmed to perform
+ certain actions or to detect certain events and notify the Agent.
+
+ 7. Packages: Packages are groups of properties, events, etc.
+ associated with a Termination. Packages are simple means of
+ extending the protocol to serve various types of devices or
+ Middleboxes.
+
+1.3.2. Comparison of the Megaco and MIDCOM Architectural Frameworks
+
+ In the MIDCOM architecture, the Middlebox plays the role of an
+ application-unaware device being controlled by the application-aware
+ Agent. In the Megaco architecture, the Media Gateway controller
+ serves a role similar to the MIDCOM Agent (MA) and the Media Gateway
+ serves a role similar to the Middlebox (MB). One major difference
+ between the Megaco model and the MIDCOM protocol requirements is that
+ MIDCOM requires that the MIDCOM Agent establish the session.
+ Whereas, the Megaco definition is that a MG (Middlebox) establishes
+ communication with an MGC (MIDCOM Agent).
+
+1.4. Diameter
+
+1.4.1. Diameter Architecture
+
+ Diameter is designed to support AAA for network access. It is meant
+ to operate through networks of Diameter nodes, which both act upon
+ and route messages toward their final destinations. Endpoints are
+ characterized as either clients, which perform network access
+ control, or servers, which handle authentication, authorization and
+ accounting requests for a particular realm. Intermediate nodes
+ perform relay, proxy, redirect, and translation services. Design
+
+
+
+Barnes Informational [Page 8]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ requirements for the protocol include robustness in the face of
+ bursty message loads and server failures, resistance to specific DOS
+ attacks and protection of message contents, and extensibility
+ including support for vendor-specific attributes and message types.
+
+ The protocol is designed as a base protocol in RFC 3588 [24] to be
+ supported by all implementations, plus extensions devoted to specific
+ applications. Messages consist of a header and an aggregation of
+ "Attribute-Value Pairs (AVPs)", each of which is a tag-length-value
+ construct. The header includes a command code, which determines the
+ processing of the message and what other AVP types must or may be
+ present. AVPs are strongly typed. Some basic and compound types are
+ provided by the base protocol specification, while others may be
+ added by application extensions. One of the types provided in the
+ base is the IPFilterRule, which may be sufficient to express the
+ Policy Rules that MIDCOM deals with.
+
+ Messaging takes the form of request-answer exchanges. Some exchanges
+ may take multiple round-trips to complete. The protocol is
+ connection-oriented at both the transport and application levels. In
+ addition, the protocol is tied closely to the idea of sessions, which
+ relate sequences of message exchanges through use of a common session
+ identifier. Each application provides its own definition of the
+ semantics of a session. Multiple sessions may be open
+ simultaneously.
+
+1.4.2. Comparison of Diameter With MIDCOM Architectural Requirements
+
+ The MIDCOM Agent does not perform the functions of a Diameter client,
+ nor does the Middlebox support the functions of a Diameter server.
+ Thus the MIDCOM application would introduce two new types of
+ endpoints into the Diameter architecture. Moreover, the MIDCOM
+ requirements do not at this time imply any type of intermediate node.
+
+ A general assessment might be that Diameter meets and exceeds MIDCOM
+ architectural requirements, however the connection orientation may be
+ too heavy for the number of relationships the Middlebox must support.
+ Certainly the focus on extensibility, request-response messaging
+ orientation, and treatment of the session, are all well-matched to
+ what MIDCOM needs. At this point, MIDCOM is focused on simple
+ point-to-point relationships, so the proxying and forwarding
+ capabilities provided by Diameter are not needed. Most of the
+ commands and AVPs defined in the base protocol are also surplus to
+ MIDCOM requirements.
+
+
+
+
+
+
+
+Barnes Informational [Page 9]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+1.5. COPS
+
+ Overall, COPS, defined in RFC 2748 [25], and COPS-PR, defined in RFC
+ 3084 [26], have similar compliancy with regards to the MIDCOM
+ protocol requirements. In this document, references to COPS are
+ generally applicable to both COPS and COPS-PR. However, COPS-PR is
+ explicitly identified to meet two of the requirements. The only
+ other major difference between COPS-PR and COPS, as applied to the
+ MIDCOM protocol, would be the description of the MIDCOM policy rule
+ attributes with COPS-PR MIDCOM PIB attributes rather than COPS MIDCOM
+ client specific objects.
+
+1.5.1. COPS Protocol Architecture
+
+ COPS is a simple query and response protocol that can be used to
+ exchange policy information between a policy server (Policy Decision
+ Point or PDP) and its clients (Policy Enforcement Points or PEPs).
+ COPS was defined to be a simple and extensible protocol. The main
+ characteristics of COPS include the following:
+
+ 1. The protocol employs a client/server model. The PEP sends
+ requests, updates, and deletions to the remote PDP and the PDP
+ returns decisions back to the PEP.
+
+ 2. The protocol uses TCP as its transport protocol for reliable
+ exchange of messages between policy clients and a server.
+
+ 3. The protocol is extensible in that it is designed to leverage
+ self-identifying objects and can support diverse client specific
+ information without requiring modification of the COPS protocol.
+
+ 4. The protocol was created for the general administration,
+ configuration, and enforcement of policies.
+
+ 5. COPS provides message level security for authentication, replay
+ protection, and message integrity. COPS can make use of existing
+ protocols for security such as IPSEC [22] or TLS [21] to
+ authenticate and secure the channel between the PEP and the PDP.
+
+ 6. The protocol is stateful in two main aspects:
+
+ (1) Request/Decision state is shared and kept synchronized in a
+ transactional manner between client and server. Requests from
+ the client PEP are installed or remembered by the remote PDP
+ until they are explicitly deleted by the PEP. At the same
+ time, Decisions from the remote PDP can be generated
+ asynchronously at any time for a currently installed request
+ state.
+
+
+
+Barnes Informational [Page 10]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ (2) State from various events (Request/Decision pairs) may be
+ inter-associated. The server may respond to new queries
+ differently because of previously installed, related
+ Request/Decision state(s).
+
+ 7. The protocol is also stateful in that it allows the server to push
+ configuration information to the client, and then allows the
+ server to remove such state from the client when it is no longer
+ applicable.
+
+1.5.2. Comparison of COPS and the MIDCOM Framework
+
+ In the MIDCOM framework, the Middlebox enforces the policy controlled
+ by an application-aware Agent. Thus, when compared to the COPS
+ architecture, the Middlebox serves as the PEP (COPS Client) and the
+ MIDCOM Agent serves as the PDP (COPS Policy Server). One major
+ difference between the COPS protocol model and the MIDCOM protocol
+ requirements is that MIDCOM requires that the MIDCOM Agent establish
+ the session. Whereas, the COPS definition is that a PEP (Middlebox)
+ establishes communication with a PDP (MIDCOM Agent).
+
+2. Item Level Compliance Evaluation
+
+ This section contains a review of the protocol's level of compliance
+ to each of the MIDCOM Requirements [1]. The following key will be
+ used to identify the level of compliancy of each of the individual
+ protocols:
+
+ T = Total Compliance. Meets the requirement fully.
+
+ P+ = Partial Compliance+. Fundamentally meets the requirement
+ through the use of extensions (e.g., packages, additional
+ parameters, etc).
+
+ P = Partial Compliance. Meets some aspect of the requirement,
+ however, the necessary changes require more than an extension
+ and/or are inconsistent with the design intent of the
+ protocol.
+
+ F = Failed Compliance. Does not meet the requirement.
+
+2.1. Protocol Machinery
+
+ This section describes the compliancy of the proposed protocols
+ against the protocol machinery requirements from section 2.1 of the
+ requirements document [1]. A short description of each of the
+ protocols is provided to substantiate the evaluation.
+
+
+
+
+Barnes Informational [Page 11]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+2.1.1. Ability to Establish Association Between Agent and Middlebox.
+
+ SNMP: T, RSIP: P+, Megaco: P, Diameter: T, COPS: P
+
+ SNMP: SNMPv3 provides mutual authentication at the user level
+ (where the user can be an application or a host if desired) via
+ shared secrets. Each authenticated principal is associated with a
+ group that has access rights that control the principals ability
+ to perform operations on specific subsets of data. Failure to
+ authenticate can generate a SNMP notification (administrator
+ configurable choice).
+
+ RSIP: RSIP allows sessions to be established between middleboxes
+ and applications and MIDCOM agents. Authorization credentials
+ would have to be added to the session establishment request to
+ allow the middlebox to authorize the session requestor.
+
+ Megaco: There is a directionality component implicit in this
+ requirement in that the MA initiates the establishment of the
+ authorized session. Megaco defines this association to be
+ established in the opposite direction, i.e., the Middlebox(MG)
+ initiates the establishment. If this restriction is not
+ considered, then Megaco makes the syntax and semantics available
+ for the endpoint to initiate the connection.
+
+ Diameter: Although this is out of scope, the Diameter specification
+ describes several ways to discover a peer. Having done so, a
+ Diameter node establishes a transport connection (TCP, TLS, or
+ SCTP) to the peer. The two peers then exchange Capability
+ Exchange Request/Answer messages to identify each other and
+ determine the Diameter applications each supports.
+
+ If the connection between two peers is lost, Diameter prescribes
+ procedures whereby it may be re-established. To ensure that loss
+ of connectivity is detected quickly, Diameter provides the
+ Device-Watchdog Request/Answer messages, to be used when traffic
+ between the two peers is low.
+
+ Diameter provides an extensive state machine to govern the
+ relationship between two peers.
+
+ COPS: COPS does not meet the directionality part of the
+ requirement. The definition of COPS allows a PEP (Middlebox) to
+ establish communication with a PDP (MIDCOM Agent). However,
+ nothing explicitly prohibits a PDP from establishing communication
+
+
+
+
+
+
+Barnes Informational [Page 12]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ with a PEP. The PEP could have local policies dictating what
+ action to take when it is contacted by an unknown PDP. These
+ actions, defined in the local policies, would ensure the proper
+ establishment of an authorized association.
+
+2.1.2. Agent Can Relate to Multiple Middleboxes
+
+ SNMP: T, RSIP: P, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: An SNMP manager can communicate simultaneously with several
+ Middleboxes.
+
+ RSIP: RSIP sessions are identified by their IP source and
+ destination addresses and their TCP / UDP port numbers. Thus each
+ RSIP client can communicate with multiple servers, and each server
+ can communicate with multiple clients. However, RSIP did not
+ explicitly include agents in its design. The architecture and
+ semantics of RSIP messages do not preclude agents, thus the RSIP
+ architecture could certainly be extended to explicitly include
+ agents; therefore RSIP is deemed partially compliant to this
+ requirement.
+
+ Megaco: Megaco allows an MA to control several Middleboxes. Each
+ message carries an identifier of the endpoint that transmitted the
+ message allowing the recipient to determine the source.
+
+ Diameter: Diameter allows connection to more than one peer (and
+ encourages this for improved reliability). Whether the Diameter
+ connection state machine is too heavy to support the number of
+ connections needed is a matter for discussion.
+
+ COPS: COPS PDPs are designed to communicate with several PEPs.
+
+2.1.3. Middlebox Can Relate to Multiple Agents
+
+ SNMP: T, RSIP: P, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: An SNMP agent can communicate with several SNMP managers
+ Simultaneously.
+
+ RSIP: Refer to 2.1.2.
+
+ Megaco: Megaco has the concept of Virtual Media Gateways (VMG),
+ allowing multiple MGCs to communicate simultaneously with the same
+ MG. Applying this model to MIDCOM would allow the same middlebox
+ (MG) to have associations with multiple MIDCOM Agents (MGCs).
+
+
+
+
+
+Barnes Informational [Page 13]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ Diameter: Diameter allows connection to more than one peer and
+ encourages this for improved reliability. Whether the Diameter
+ connection state machine is too heavy to support the number of
+ connections needed is a matter for discussion. The Middlebox and
+ Agent play symmetric roles as far as Diameter peering is
+ concerned.
+
+ COPS: The COPS-PR framework specifies that a PEP should have a
+ unique PDP in order to achieve effective policy control. The
+ COPS-PR protocol would allow the scenario whereby a PEP
+ establishes communication with multiple PDPs by creating a COPS
+ client instance per PDP.
+
+2.1.4. Deterministic Outcome When Multiple Requests are Presented to
+ the Middlebox Simultaneously
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: While the architectural design of SNMP can permit race
+ conditions to occur, there are mechanisms defined as part of the
+ SNMPv3 standard, such as view-based access control and advisory
+ locking that can be used to prevent the conditions, and MIB
+ modules may also contain special functionality, such as RMONs
+ OwnerString, to prevent conflicts. Deterministic behavior of SNMP
+ agents when being accessed by multiple managers is important for
+ several management applications and supported by SNMP.
+
+ RSIP: All RSIP requests are defined to be atomic. Near simultaneous
+ requests are executed as is they were sequential.
+
+ Megaco: Megaco supports the concept of VMGs to make these
+ interactions deterministic and to avoid resource access conflicts.
+ Each VMG has a single owner, in a MGC, and there can be no overlap
+ between the sets of Terminations belonging to multiple VMGs. The
+ Megaco protocol messages also include the identifier of the
+ sending entity, so that the MG can easily determine to whom to
+ send the response or asynchronously report certain events.
+
+ Diameter: Diameter depends partly upon the transport protocol to
+ provide flow control when the server becomes heavily loaded. It
+ also has application-layer messaging to indicate that it is too
+ busy or out of space (Diameter_TOO_BUSY and Diameter_OUT_OF_SPACE
+ result codes).
+
+ COPS: COPS has built-in support for clear state and policy
+ instances. This would allow the creation of well-behaved MIDCOM
+ state machines.
+
+
+
+
+Barnes Informational [Page 14]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+2.1.5. Known and Stable State
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: P, COPS: T
+
+ SNMP: Requests are atomic in SNMP. MIB modules can define which
+ data is persistent across reboots, so a known startup state can be
+ established. The manager can poll the agent to determine the
+ current state.
+
+ RSIP: RSIP assumes that on middlebox start-up no sessions are
+ defined, and thus no allocations have been made. In effect, all
+ resources are released upon restart after failure.
+
+ Megaco: Megaco has extensive audit capabilities to synchronize
+ states between the MG and the MGC. Megaco also provides the MGC
+ with the ability to do mass resets, as well as individual resets.
+ The MGC can always release resources in the MG. The MG can also
+ initiate the release of resources by the MGC.
+
+ Diameter: Diameter documentation does not discuss the degree of
+ atomicity of message processing, so this would have to be
+ specified in the MIDCOM extension.
+
+ COPS: The COPS protocol maintains synchronized states between
+ Middleboxes and MA hence all the states are known on both sides.
+
+2.1.6. Middlebox Status Report
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: The status of a middlebox can be reported using asynchronous
+ communications, or via polling.
+
+ RSIP: All RSIP client requests have explicit server responses.
+ Additionally, a client may explicitly request server status using
+ a QUERY request.
+
+ Megaco: Megaco has extensive audit capabilities for the MG to
+ report status information to the MGC. It can also report some
+ status updates using the ServiceChange command.
+
+ Diameter: Diameter provides a number of response codes by means of
+ which a server can indicate error conditions reflecting status of
+ the server as a whole. The Disconnect-Peer-Request provides a
+ means in the extreme case to terminate a connection with a peer
+ gracefully, informing the other end about the reason for the
+ disconnection.
+
+
+
+
+Barnes Informational [Page 15]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ COPS: The COPS Report message is designed to indicate any
+ asynchronous conditions/events.
+
+2.1.7. Middlebox Can Generate Unsolicited Messages
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: SNMPv3 supports both confirmed and unconfirmed asynchronous
+ notifications.
+
+ RSIP: An RSIP server will send an unsolicited DE_REGISTER_RESPONSE
+ to force an RSIP host to relinquish all of its bindings and
+ terminate its relationship with the RSIP gateway. An RSIP server
+ can send an asynchronous ERROR_RESPONSE to indicate less severe
+ conditions.
+
+ Megaco: Megaco supports the asynchronous notification of events
+ using the Notify command.
+
+ Diameter: The Diameter protocol permits either peer in a connection
+ to originate transactions. Thus the protocol supports Middlebox-
+ originated messages.
+
+ COPS: The COPS Report message is designed to indicate any
+ asynchronous conditions/events.
+
+2.1.8. Mutual Authentication
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: SNMPv3 meets this requirement. SNMPv3 supports user
+ authentication and explicitly supports symmetric secret key
+ encryption between MIDCOM agent (SNMP manager) and Middlebox (SNMP
+ agent), thus supporting mutual authentication. The default
+ authentication and encryption methods are specified in RFC 3414
+ [11] (MD5, SHA-1, and DES). Different users at the same
+ management application (MIDCOM agent) can authenticate themselves
+ with different authentication and encryption methods, and
+ additional methods can be added to SNMPv3 entities as needed.
+
+ RSIP: This requirement can be met by operating RSIP over IPSec as
+ described in RFC 3104 [19]. The RSIP framework recommends all
+ communication between an RSIP host and gateway be authenticated.
+ Authentication, in the form of a message hash appended to the end
+ of each RSIP protocol packet, can serve to authenticate the RSIP
+ host and gateway to one another, provide message integrity, and
+
+
+
+
+
+Barnes Informational [Page 16]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ avoid replay attacks with an anti-replay counter. However, the
+ message hash and replay counter parameters would need to be
+ defined for the RSIP protocol.
+
+ Megaco: Megaco provides for the use of IPSec [22] for all security
+ mechanisms including mutual authentication, integrity check and
+ encryption. Use of IKE is recommended with support of RSA
+ signatures and public key encryption.
+
+ Diameter: The Diameter base protocol assumes that messages are
+ secured by using either IPSec or TLS [21]. Diameter requires that
+ when using the latter, peers must mutually authenticate
+ themselves.
+
+ COPS: COPS has built-in message level security for authentication,
+ replay protection, and message integrity. COPS can also use TLS
+ or IPSec.
+
+2.1.9. Termination of session by either party
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: Each SNMPv3 message is authenticated and authorized, so each
+ message could be considered to have its own session, which
+ automatically terminates after processing. Processing may be
+ stopped for a number of reasons, such as security, and a response
+ is sent.
+
+ Either peer may stop operating, and be unavailable for further
+ operations. The authentication and/or authorization parameters of
+ a principal may be changed between operations if desired, to
+ prevent further authentication or authorization for security
+ reasons.
+
+ Additionally, managed objects can be defined for realizing
+ sessions that persist beyond processing of a single message. The
+ MIB module would need to specify the responsibility for cleanup of
+ the objects following normal/abnormal termination.
+
+ RSIP: An RSIP client may terminate a session with a
+ DE_REGISTER_REQUEST. An RSIP server may terminate a session with
+ an unsolicited DE_REGISTER_RESPONSE, and then respond to
+ subsequent requests on the session with a REGISTER_FIRST error.
+
+ Megaco: The Megaco protocol allows both peers to terminate the
+ association with proper reason code.
+
+
+
+
+
+Barnes Informational [Page 17]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ Diameter: Either peer in a connection may issue a Disconnect-Peer-
+ Request to end the connection gracefully.
+
+ COPS: COPS allows both the PEP and PDP to terminate a session.
+
+2.1.10. Indication of Success or Failure
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: Each operation request has a corresponding response message
+ that contains an error status to indicate success or failure. For
+ complex requests that the middlebox cannot complete immediately,
+ the corresponding MIB module may be designed to also provide
+ asynchronous notifications of the success or failure of the
+ complete transaction, and/or may provide pollable objects that
+ indicate the success or failure of the complete transaction. For
+ example, see ifAdminStatus and ifOperStatus in RFC 2863 [28].
+
+ RSIP: All RSIP requests result in a paired RSIP response if the
+ request was successful or an ERROR_RESPONSE if the request was not
+ successful.
+
+ Megaco: Megaco defines a special descriptor called an Error
+ descriptor that contains the error code and an optional
+ explanatory string.
+
+ Diameter: Every Diameter request is matched by a response, and this
+ response contains a result code as well as other information.
+
+ COPS: The COPS Report message directly fulfills this requirement.
+
+2.1.11. Version Interworking
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: SNMP has a separation of the protocol to carry data, and the
+ data that defines additional management functionality. Additional
+ functionality can be added easily through MIBs. Capability
+ exchange in SNMP is usually uni-directional. Managers can query
+ the middlebox (SNMP agent) to determine which MIBs are supported.
+ In addition, multiple message versions can be supported
+ simultaneously, and are identified by a version number in the
+ message header.
+
+ RSIP: Each RSIP message contains a version parameter.
+
+ Megaco: Version interworking and negotiation are supported both for
+ the protocol and any extension Packages.
+
+
+
+Barnes Informational [Page 18]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ Diameter: The Capabilities Exchange Request/Answer allows two peers
+ to determine information about what each supports, including
+ protocol version and specific applications.
+
+ COPS: The COPS protocol can carry a MIDCOM version number and
+ capability negotiation between the COPS client and the COPS
+ server. This capability negotiation mechanism allows the COPS
+ client and server to communicate the supported
+ features/capabilities. This would allow seamless version
+ interworking.
+
+2.1.12. Deterministic Behaviour in the Presence of Overlapping
+ Rules
+
+ SNMP: T, RSIP: T, Megaco: P, Diameter: T, COPS: T
+
+ SNMP: Rulesets would be defined in MIBs. The priority of rulesets,
+ and the resolution of conflict, can be defined in the MIB module
+ definition. The SNMPConf policy MIB defines mechanisms to achieve
+ deterministic behavior in the presence of overlapping rule sets.
+
+ RSIP: All requests for allocation of IP addresses, or ports or both
+ resulting in rule overlap are rejected by an RSIP server with a
+ LOCAL_ADDR_INUSE error.
+
+ Megaco: This is met with the help of a model that separates Megaco
+ protocol elements from the overlapping Policy rules (see Appendix
+ C). However, new behavior for the Megaco protocol elements needs
+ to be specified as part of a new MIDCOM specific Package.
+
+ Diameter: The IPFilterRule type specification, which would probably
+ be used as the type of a Policy Rule AVP, comes with an extensive
+ semantic description providing a deterministic outcome, which the
+ individual Agent cannot know unless it knows all of the Policy
+ Rules installed on the Middlebox. Rules for the appropriate
+ direction are evaluated in order, with the first matched rule
+ terminating the evaluation. Each packet is evaluated once. If no
+ rule matches, the packet is dropped if the last rule evaluated was
+ a permit, and passed if the last rule was a deny. The
+ IPFilterRule format and further details on its applicability to
+ this requirement are provided in Appendix D.
+
+ COPS: The COPS protocol provides transactional-based communication
+ between the PEP and PDP, hence the behavior is totally
+ deterministic provided the middlebox state machine is designed
+ correctly. The COPS protocol features encourage and support good
+ state machine design.
+
+
+
+
+Barnes Informational [Page 19]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+2.2. Protocol Semantics
+
+ This section contains the individual protocols as evaluated against
+ the protocol semantic requirements from section 2.2 of the
+ requirements document [1]. A short description of each of the
+ protocols is provided to substantiate the evaluation.
+
+2.2.1. Extensibility
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: Extensibility is a basic feature of the SNMP management
+ Framework.
+
+ RSIP: All RSIP messages consist of three mandatory fields (protocol
+ version, message type, and message length) and a sequence of
+ parameterType / length / value 3-tuples. New messages may be
+ defined by defining new values for the message type field. New
+ parameter types may be defined, and existing messages may be
+ extended, by defining new parameterType values. If new messages,
+ parameters, or both are added in a non-backward compatible way, a
+ new value of the protocol version field may be defined. This may
+ be desirable even of the additions are backward compatible.
+
+ Megaco: Megaco is easily extensible through new Packages, which
+ allow definition of new attributes and behavior of a Termination.
+
+ Diameter: Diameter provides a great deal of flexibility for
+ extensions, including allowance for vendor-defined commands and
+ AVPs and the ability to flag each AVP as must-understand or
+ ignorable if not understood.
+
+ COPS: The COPS protocol is extensible, since it was designed to
+ separate the Protocol from the Policy Control Information.
+
+2.2.2. Support of Multiple Middlebox Types
+
+ SNMP: T, RSIP: P+, Megaco: T, Diameter: P+, COPS: T
+
+ SNMP: SNMP explicitly supports managing different device types with
+ different capabilities. First the managed object called
+ sysObjectID from basic MIB-II [3] identifies the type of box. For
+ boxes with variable capabilities, SNMP can check the availability
+ of corresponding MIBs.
+
+
+
+
+
+
+
+Barnes Informational [Page 20]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ RSIP: All types of middleboxes are supported so long as the ruleset
+ action is permit. Other actions would require the definition of a
+ new RSIP message parameter with values for permit and the other
+ desired actions.
+
+ Megaco: Megaco can support multiple Middlebox types on the same
+ interface either by designing the properties representing the
+ Policy Rules to provide this support, or by using multiple
+ terminations in the same session, each representing one type of
+ action. In the latter case, the Megaco Context can be used as a
+ convenient means of managing the related terminations as a group.
+ However, the inherent idea of flow between terminations of a
+ context is irrelevant and would have to be discarded.
+
+ Diameter: Any necessary additional AVPs or values must be specified
+ as part of the MIDCOM application extension (see <2.2.8> below).
+
+ COPS: COPS allows a PDP to provide filters and actions to multiple
+ PEP functions through a single COPS session.
+
+2.2.3. Ruleset Groups
+
+ SNMP: T, RSIP: P+, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: This requirement can be realized via the SNMP management
+ framework by an appropriate definition of a MIB module. The
+ SNMPConf WG has already defined an SNMP Policy MIB that permits
+ the definitions of policy rulesets and grouping of rulesets.
+
+ RSIP: RSIP currently only allows one IP address, or address and
+ port range, to be assigned to a bind-ID. RSIP could implement
+ rulesets as required by adding an optional bind-ID parameter to
+ the ASSIGN_REQUESTs to extend an existing ruleset rather than
+ creating a new one. Similarly, the FREE_REQUESTs would have to be
+ extended by adding optional, local and remote, address and port
+ parameters.
+
+ Megaco: The Megaco context can be used to group terminations to be
+ managed together. For example, all of the terminations, each
+ representing an instantiation of a Policy Rule, can be deleted in
+ one command by doing a wildcarded Subtract from the context.
+ However, the inherent idea of media flows between terminations of
+ a context would be irrelevant in this application of the protocol.
+
+ Diameter: Diameter allows message syntax definitions where multiple
+ instances of the same AVP (for example, a Policy Rule AVP whose
+ syntax and low-level semantics are defined by the IPFilterRule
+ type definition) may be present. If a tighter grouping is
+
+
+
+Barnes Informational [Page 21]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ required, the set of Diameter base types includes the Grouped
+ type. MIDCOM can choose how to make use of these capabilities to
+ meet the ruleset group requirement when defining its application
+ extension to the Diameter protocol.
+
+ COPS: The COPS-PR Handle State may be used to associate the set of
+ closely related policy objects. As the Middlebox learns
+ additional requirements, the Middlebox adds these resource
+ requirements under the same handle ID, which constitutes the
+ required aggregation.
+
+2.2.4. Lifetime Extension
+
+ SNMP: P+, RSIP: T, Megaco: T, Diameter: T, COPS: P+
+
+ SNMP: This requirement can be realized via the SNMP management
+ framework by an appropriate definition of a MIB module. The
+ SNMPConf WG has developed a Policy MIB module that includes a
+ pmPolicySchedule object with a modifiable lifetime.
+
+ RSIP: A client may request an explicit lease time when a request is
+ made to assign one or more IP addresses, ports or both. The
+ server may grant the requested lease time, or assign one if none
+ was requested. Subsequently, the lease time may be extended if a
+ client's EXTEND_REQUEST is granted by the server.
+
+ Megaco: The MG can report the imminent expiry of a policy rule to
+ the MGC, which can then extend or delete the corresponding
+ Termination.
+
+ Diameter: The Diameter concept of a session includes the session
+ lifetime, grace period, and lifetime extension. It may make sense
+ to associate the Diameter session with the lifetime of a MIDCOM
+ Policy Rule, in which case support for lifetime extension comes
+ ready-made.
+
+ COPS: COPS allows a PDP to send unsolicited decisions to the PEP.
+ However, the unsolicited events will be relevant to the COPS
+ MIDCOM specific client or the MIDCOM specific PIB which needs to
+ be defined. This would allow the PDP to extend the lifetime of an
+ existing ruleset.
+
+
+
+
+
+
+
+
+
+
+Barnes Informational [Page 22]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+2.2.5. Handling of Mandatory/Optional Nature of Unknown Attributes
+
+ SNMP: T, RSIP: T, Megaco: P+, Diameter: P+, COPS: T
+
+ SNMP: Unknown attributes in a read operation are flagged as
+ exceptions in the Response message, but the rest of the read
+ succeeds. In a write operation (a SET request), all attributes
+ are validated before the write is performed. If there are unknown
+ attributes, the request fails and no writes are done. Unknown
+ attributes are flagged as exceptions in the Response message, and
+ the error status is reported.
+
+ RSIP: All options of all requests are fully specified. Not
+ understood parameters must be reported by an ERROR_RESPONSE with
+ an EXTRA_PARM error value, with the entire request otherwise
+ ignored.
+
+ Megaco: Megaco entities provide Error codes in response messages.
+ If a command marked "Optional" in a transaction fails, the
+ remaining commands will continue. However, the specified
+ requirement deals with rules of processing properties that need
+ definition in new Package.
+
+ Diameter: Indication of the mandatory or optional status of AVPs is
+ fully supported, provided it is enabled in the AVP definition. No
+ guidance is imposed regarding the return of diagnostic information
+ for optional AVPs.
+
+ COPS: COPS provides for the exchange of capabilities and
+ limitations between the PEP and PDP to ensure well-known outcomes
+ are understood for scenarios with unknown attributes. There is
+ also clear error handling for situations when the request is
+ rejected.
+
+2.2.6. Actionable Failure Reasons
+
+ SNMP: T, RSIP: P+, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: The SNMPv3 protocol returns error codes and exception codes
+ in Response messages, to permit the requestor to modify their
+ request. Errors and exceptions indicate the attribute that caused
+ the error, and an error code identifies the nature of the error
+ encountered.
+
+ If desired, a MIB can be designed to provide additional data about
+ error conditions either via asynchronous notifications or polled
+ objects.
+
+
+
+
+Barnes Informational [Page 23]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ RSIP: RSIP defines a fairly large number of very specific error
+ values. It is anticipated that additional error values will also
+ have to be defined along with the new messages and parameters
+ required for MIDCOM.
+
+ Megaco: The MG can provide Error codes in response messages
+ allowing the MGC to modify its behavior. Megaco uses transaction
+ identifiers for correlation between a response and a command. If
+ the same transaction id is received more than once, the receiving
+ entity silently discards the message, thus providing some
+ protection against replay attacks.
+
+ Diameter: Diameter provides an extensive set of failure reasons in
+ the base protocol.
+
+ COPS: COPS uses an error object to identify a particular COPS
+ protocol error. The error sub-code field may contain additional
+ detailed COPS client (MIDCOM Middlebox) specific error codes.
+
+2.2.7. Multiple Agents Operating on the Same Ruleset.
+
+ SNMP: T, RSIP: P, Megaco: P, Diameter: T, COPS: P
+
+ SNMP: The SNMP framework supports multiple managers working on the
+ same managed objects. The View-based Access Control Model (VACM,
+ RFC 3415 [14]) even offers means to customize the access rights of
+ different managers in a fine-grained way.
+
+ RSIP: RSIP neither explicitly permits nor precludes an operation on
+ a binding by a host that had not originally create the binding.
+ However, to support this requirement, the RSIP semantics must be
+ extended to explicitly permit any authorized host to request
+ operations on a binding; this does not require a change to the
+ protocol.
+
+ Megaco: If the Megaco state machine on the Middle Box is decoupled
+ from the Middle Box policy rule management, this requirement can
+ be met with local policies on the Middle Box. However, this
+ violates the spirit of the Megaco protocol, thus Megaco is
+ considered partially compliant to this requirement.
+
+ Diameter: The Diameter protocol, as currently defined, would allow
+ multiple agents to operate on the same ruleset.
+
+ COPS: It is possible to use COPS to operate the same resource with
+ multiple agents. An underlying resource management function,
+ separate from the COPS state machine, on the Middlebox will handle
+ the arbitration when resource conflicts happen.
+
+
+
+Barnes Informational [Page 24]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+2.2.8. Transport of Filtering Rules
+
+ SNMP: P+, RSIP: P+, Megaco: P+, Diameter: P+, COPS: P+
+
+ SNMP: This requirement can be met by an appropriate definition of a
+ MIDCOM MIB module. SMI, the language used for defining MIB
+ modules, is flexible enough to allow the implementation of a MIB
+ module to meet the semantics of this requirement.
+
+ RSIP: To support this requirement, a new optional enumeration
+ parameter, transportProtocol, can be added to the RSIP
+ ASSIGN_REQUESTs. When the parameter is included, the binding
+ created applies only to the use of the bound addresses and ports,
+ by the specific transportProtocol. When the parameter is not
+ included, the binding applies to the use of all the bound
+ addresses and ports, by any transport protocol, thus maintaining
+ backward compatibility with the current definition of RSIP.
+
+ Megaco: Megaco protocol can meet this requirement by defining a new
+ property for the transport of filtering rules.
+
+ Diameter: While Diameter defines the promising IPFilterRule data
+ type (see 2.1.12 above), there is no existing message, which would
+ convey this to a Middlebox along with other required MIDCOM
+ attributes. A new MIDCOM application extension of Diameter would
+ have to be defined.
+
+ COPS: The COPS protocol can meet this requirement by using a COPS
+ MIDCOM specific client or a MIDCOM specific PIB.
+
+2.2.9. Mapped Port Parity
+
+ SNMP: P+, RSIP: P+, Megaco: P+, Diameter: P+, COPS: P+
+
+ SNMP: This requirement can be met by an appropriate definition of a
+ MIDCOM MIB module.
+
+ RSIP: To support this requirement, a new optional boolean
+ parameter, portOddity, can be added to the RSIP ASSIGN_REQUESTs.
+ If the parameter is TRUE, the remote port number of the binding
+ created would have the same oddity as the local port. If the
+ parameter is not specified, or is FALSE, the remote port's oddity
+ is independent of the local port's oddity, thus maintaining
+ backward compatibility with the current definition of RSIP.
+
+ Megaco: Megaco can be easily extended using a MIDCOM specific
+ Package to support this feature.
+
+
+
+
+Barnes Informational [Page 25]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ Diameter: This capability is not part of the current IPFilterRule
+ type definition. Rather than modify the IPFilterRule type, MIDCOM
+ could group it with other AVPs which add the missing information.
+
+ COPS: The COPS protocol has all the flexibility to meet this
+ requirement by using a COPS MIDCOM specific client or a MIDCOM
+ specific PIB.
+
+2.2.10. Consecutive Range of Port Numbers
+
+ SNMP: P+, RSIP: T, Megaco: P+, Diameter: P+, COPS: P+
+
+ SNMP: This requirement can be met by an appropriate definition of a
+ MIDCOM MIB module. SMI, the language used for defining MIB
+ modules, is flexible enough to allow the implementation of a MIB
+ module to meet the semantics of this requirement.
+
+ RSIP: The ports parameter of the RSIP ASSIGN_REQUESTs specifically
+ allows multiple, consecutive port numbers to be specified.
+
+ Megaco: Megaco can be easily extended using a MIDCOM specific
+ Package to support this feature.
+
+ Diameter: This capability is not part of the current IPFilterRule
+ type definition. Rather than modify the IPFilterRule type, MIDCOM
+ could group it with other AVPs which add the missing information.
+
+ COPS: The COPS protocol has all the flexibility to meet this
+ requirement by using a COPS MIDCOM specific client or a MIDCOM
+ specific PIB.
+
+2.2.11. More Precise Rulesets Contradicting Overlapping Rulesets
+
+ SNMP: P+, RSIP: P+, Megaco: P+, Diameter: T, COPS: P+
+
+ SNMP: This requirement can be met by an appropriate definition of a
+ MIDCOM MIB module.
+
+ RSIP: To support this requirement, a new optional boolean
+ parameter, overlapOK, can be added to the RSIP ASSIGN_REQUESTs.
+ If the parameter is TRUE, the binding may overlap with an existing
+ binding. If the parameter is unspecified, or is FALSE, the
+ binding will not overlap with an existing binding, thus
+ maintaining backward compatibility with the current definition of
+ RSIP.
+
+
+
+
+
+
+Barnes Informational [Page 26]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ Megaco: This requirement would be met if the policy in the
+ Middlebox allows contradictory, overlapping policy rules to be
+ installed.
+
+ Diameter: Allowed by the IPFilterRule semantics described in
+ Appendix D.
+
+ COPS: The COPS protocol has all the flexibility to meet this
+ requirement by using a COPS MIDCOM specific client or a MIDCOM
+ specific PIB.
+
+2.3. General Security Requirements
+
+ This section contains the individual protocols as evaluated against
+ the General Security requirements from section 2.3 of the
+ requirements document [1]. A short description of each of the
+ protocols is provided to substantiate the evaluation.
+
+2.3.1. Message Authentication, Confidentiality and Integrity
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: SNMPv3 includes the User-based Security Model (USM,
+ RFC 3414 [11]), which defines three standardized methods for
+ providing authentication, confidentiality, and integrity.
+ Additionally, USM has specific built-in mechanisms for preventing
+ replay attacks including unique protocol engine IDs, timers and
+ counters per engine and time windows for the validity of messages.
+
+ RSIP: This requirement can be met by operating RSIP over IPSec. The
+ RSIP framework recommends all communication between an RSIP host
+ and gateway be authenticated. Authentication, in the form of a
+ message hash appended to the end of each RSIP protocol packet, can
+ serve to authenticate the RSIP host and gateway to one another,
+ provide message integrity, and avoid replay attacks with an anti-
+ replay counter. However, the message hash and replay counter
+ parameters would need to be defined for the RSIP protocol.
+
+ Megaco: Megaco provides for these functions with the combined usage
+ of IPSEC [22] or TLS [21].
+
+ Diameter: Diameter relies on either IPSEC or TLS for these
+ functions.
+
+ COPS: COPS has built-in message level security for authentication,
+ replay protection, and message integrity. COPS can also use TLS
+ or IPSec, thus reusing existing security mechanisms that have
+ interoperated in the markets.
+
+
+
+Barnes Informational [Page 27]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+2.3.2. Optional Confidentiality Protection
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: SNMPv3 includes the User-based Security Model, which defines
+ three standardized methods for providing authentication,
+ confidentiality, and integrity, and is open to add further
+ methods. The method to use can be optionally chosen.
+
+ RSIP: Refer to 2.3.1.
+
+ Megaco: Refer to 2.3.1
+
+ Diameter: Implementation support of IPSEC ESP (RFC 2406 [23]) in
+ Diameter applications is not optional. Deployment of either IPSEC
+ or TLS is optional.
+
+ COPS: Refer to 2.3.1.
+
+2.3.3. Operate Across Untrusted Domains
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: The User-based Security Model of SNMPv3 defines three
+ standardized methods for providing authentication,
+ confidentiality, and integrity, and it is open to add further
+ methods. These methods operate securely across untrusted domains.
+
+ RSIP: Refer to 2.3.1.
+
+ Megaco: Refer to 2.3.1.
+
+ Diameter: The Diameter specification [24] recommends the use of
+ TLS [21] across untrusted domains.
+
+ COPS: Refer to 2.3.1
+
+2.3.4. Mitigates Replay Attacks on Control Messages
+
+ SNMP: T, RSIP: T, Megaco: T, Diameter: T, COPS: T
+
+ SNMP: The User-based Security Model for SNMPv3 has specific built-
+ in mechanisms for preventing replay attacks including unique
+ protocol engine IDs, timers and counters per engine and time
+ windows for the validity of messages.
+
+ RSIP: Refer to 2.3.1
+
+
+
+
+Barnes Informational [Page 28]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ Megaco: Megaco commands and responses include matching transaction
+ identifiers. The recipient receiving the same transaction id
+ multiple times would discard the message, thus providing some
+ protection against replay attacks. If even stronger protection
+ against replay attack is needed, Megaco provides for the use of
+ IPSec or TLS.
+
+ Diameter: Diameter requires that implementations support the replay
+ protection mechanisms of IPSEC.
+
+ COPS: Refer to 2.3.1
+
+3. Conclusions
+
+ The overall statistics with regards to the number of Fully Compliant,
+ Partially Compliant (P+ and P) and Failing Compliancy requirements
+ for each of the protocols is summarized in table 1.
+
+ T P+ P F
+ -----------------------------------------------------------------
+ SNMP 22 5 0 0
+ RSIP 17 7 3 0
+ Megaco 19 5 3 0
+ Diameter 21 5 1 0
+ COPS 20 5 2 0
+
+ Table 1: Totals across all Requirements
+
+ In considering the P+ category of compliancy, an important aspect is
+ the mechanism for support of extensibility. The extension mechanism
+ provided by SNMP and COPS-PR using MIBs and PIBs respectively,
+ provides extensions with no impact to the protocol. Diameter
+ extensions require protocol changes, thus has a higher impact,
+ although the extensions can be handled by other Diameter entities
+ without being understood. Megaco's extension mechanisms of packages
+ also requires protocol changes that must be understand by both
+ sending and receiving entities, also being considered higher impact.
+ The RSIP extension mechanism has the largest impact on the existing
+ protocol and is based upon defining the necessary new parameters.
+
+ The SNMP management framework meets all the specified MIDCOM protocol
+ requirements with the appropriate design of a MIDCOM MIB module.
+ SNMP is a proven technology with stable and proven development tools,
+ already has extensions defined to support NAT configuration and
+ policy-based management. SNMPv3 is a full standard, is more mature
+ and has undergone more validation than the other protocols in
+
+
+
+
+
+Barnes Informational [Page 29]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ the evaluation, and has been deployed to manage large-scale real-
+ world networks (e.g., DOCSIS cable modem networks). The
+ applicability of SNMP to the MIDCOM framework has a restriction in
+ that it assumes the MIDCOM PDP is part of the Middlebox.
+
+ RSIP fully meets many of the MIDCOM requirements. However, it does
+ require additions and extensions to meet several of the requirements.
+ RSIP would also require several framework elements to be added to the
+ MIDCOM framework as identified in section 1.2.3. In addition, the
+ tunneling required for RSIP as described in section 1.2.4, results in
+ RSIP not being acceptable by the WG as the MIDCOM protocol.
+
+ Megaco fully meets most of the key requirements for the MIDCOM
+ Protocol. Additional extensions in the form of a new Termination /
+ Package definition would be required for MIDCOM to meet several of
+ the requirements. In order to meet the remaining requirements,
+ modeling the underlying Middlebox resources (e.g., filters, policy
+ rules) as separate elements from the Megaco entities might allow the
+ usage of the protocol as-is, satisfying some of the resource access
+ control requirements.
+
+ The Diameter evaluation indicated a good overall fit. Some partially
+ met requirements were identified that could be addressed by a new
+ application extension. However, the Diameter architecture may be too
+ heavy for the MIDCOM application and clearly much of the Diameter
+ base is not needed. In addition, Diameter is the only protocol, at
+ the time of this evaluation, for which the RFCs had not yet been
+ published. Other than these reservations, the protocol is a good fit
+ to MIDCOM requirements.
+
+ The COPS evaluation indicates that the protocol meets the majority of
+ the MIDCOM protocol requirements by using the protocol's native
+ extension techniques, with COPS-PR being explicitly required to meet
+ requirements 2.1.3 and 2.2.3. In order to fully satisfy one
+ partially met requirement, 2.1.1, the COPS model would need to allow
+ a PDP to establish communication with a PEP. While not explicitly
+ prohibited by the COPS model, this would require additions, in the
+ form of local policy, to ensure the proper establishment of an
+ authorized association.
+
+4. Security Considerations
+
+ Security considerations for the MIDCOM protocol are covered by the
+ comparison against the specific Security requirements in the MIDCOM
+ requirements document [1] and are specifically addressed by section
+ 2.1.8 and section 2.3.
+
+
+
+
+
+Barnes Informational [Page 30]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+5. References
+
+5.1. Normative References
+
+ [1] Swale, R., Mart, P., Sijben, P., Brim, S., and M. Shore,
+ "Middlebox Communications (MIDCOM) Protocol Requirements", RFC
+ 3304, August 2002.
+
+ [2] Srisuresh, P., Kuthan, J., Rosenberg, J., Molitor, A., and A.
+ Rayhan, "Middlebox Communications Architecture and Framework",
+ RFC 3303, August 2002.
+
+ [3] Rose, M. and K. McCloghrie, "Management Information Base for
+ Network Management of TCP/IP-based internets: MIB-II", STD 17,
+ RFC 1213, March 1991.
+
+ [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [5] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for
+ Describing SNMP Management Frameworks", STD 62, RFC 3411,
+ December 2002.
+
+ [6] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of
+ Management Information Version 2 (SMIv2)", STD 58, RFC 2578,
+ April 1999.
+
+ [7] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual
+ Conventions for SMIv2", STD 58, RFC 2579, April 1999.
+
+ [8] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance
+ Statements for SMIv2", STD 58, RFC 2580, April 1999.
+
+ [9] Presuhn, R. (Ed.), "Transport Mappings for the Simple Network
+ Management Protocol (SNMP)", STD 62, RFC 3417, December 2002.
+
+ [10] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message
+ Processing and Dispatching for the Simple Network Management
+ Protocol (SNMP)", STD 62, RFC 3412, December 2002.
+
+ [11] Blumenthal, U. and B. Wijnen, "User-based Security Model(USM)
+ for version 3 of the Simple Network Management Protocol
+ (SNMPv3)", STD 62, RFC 3414, December 2002.
+
+ [12] Presuhn, R. (Ed.), "Version 2 of the Protocol Operations for the
+ Simple Network Management Protocol (SNMP)", STD 62, RFC 3416,
+ December 2002.
+
+
+
+
+Barnes Informational [Page 31]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ [13] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", STD
+ 62, RFC 3413, December 2002.
+
+ [14] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access
+ Control Model (VACM) for the Simple Network Management Protocol
+ (SNMP)", STD 62, RFC 3415, December 2002.
+
+ [15] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction
+ to Version 3 of the Internet-Standard Network Management
+ Framework", RFC 3410, December 2002.
+
+ [16] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and C.
+ Wang, "Definitions of Managed Objects for Network Address
+ Translators (NAT)", RFC 4008, March 2005.
+
+ [17] Borella, M., Lo, J., Grabelsky, D., and G. Montenegro, "Realm
+ Specific IP: Framework", RFC 3102, October 2001.
+
+ [18] Borella, M., Grabelsky, D., Lo, J., and K. Taniguchi, "Realm
+ Specific IP: Protocol Specification", RFC 3103, October 2001.
+
+ [19] Montenegro, G. and M. Borella, "RSIP Support for End-to-end
+ Ipsec", RFC 3104, October 2001.
+
+ [20] Cuervo, F., Greene, N., Rayhan, A., Huitema, C., Rosen, B., and
+ J. Segers, "Megaco Protocol Version 1.0", RFC 3015, October
+ 2001.
+
+ [21] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC
+ 2246, January 1999.
+
+ [22] Kent, S. and R. Atkinson, "Security Architecture for the
+ Internet Protocol", RFC 2401, November 1998.
+
+ [23] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload",
+ RFC 2406, November 1998.
+
+ [24] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko,
+ "Diameter Base Protocol", RFC 3588, September 2003.
+
+ [25] Durham, D. (Ed.), Boyle, J., Cohen, R., Herzog, S., Rajan, R.,
+ and A. Sastry, "The COPS (Common Open Policy Service) Protocol",
+ RFC 2748, January 2000.
+
+ [26] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie, K.,
+ Herzog, S., Reichmeyer, F., Yavatkar, R., and A. Smith, "COPS
+ Usage for Policy Provisioning", RFC 3084, March 2001.
+
+
+
+
+Barnes Informational [Page 32]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+5.2. Informative References
+
+ [27] Raz, D., Schoenwalder, J., and B. Sugla, "An SNMP Application
+ Level Gateway for Payload Address Translation", RFC 2962,
+ October 2000.
+
+ [28] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB",
+ RFC 2863, June 2000.
+
+6. Acknowledgements
+
+ The editor would like to acknowledge the constructive feedback
+ provided by Joel M. Halpern on the individual protocol evaluation
+ contributions. In addition, a thanks to Elwyn Davies, Christopher
+ Martin, Bob Penfield, Scott Brim and Martin Stiemerling for
+ contributing to the mailing list discussion on the document content.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Barnes Informational [Page 33]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+Appendix A - SNMP Overview
+
+ The SNMP Management Framework presently consists of five major
+ components:
+
+ o An overall architecture, described in RFC 3411 [5]. A more
+ detailed introduction and applicability statements for the SNMP
+ Management Framework can be found in RFC 3410 [15].
+
+ o Mechanisms for describing and naming objects and events for the
+ purpose of management. The current version of this Structure of
+ Management Information (SMI) is called SMIv2 and described in RFC
+ 2578 [6], RFC 2579 [7] and RFC 2580 [8].
+
+ o Message protocols for transferring management information. The
+ current version of the message protocol is called SNMPv3 and
+ described in RFC 3412 [10], RFC 3414 [11] and RFC 3417 [9].
+
+ o Protocol operations for accessing management information. The
+ current version of the protocol operations and associated PDU
+ formats is described in RFC 3416 [12].
+
+ o A set of fundamental applications described in RFC 3413 [13] and
+ the view-based access control mechanism described in RFC 3415
+ [14].
+
+ Managed objects are accessed via a virtual information store, termed
+ the Management Information Base or MIB. Objects in the MIB are
+ defined using the mechanisms defined in the SMI.
+
+A.1 SNMPv3 Proxy Forwarding
+
+ SNMPv3 proxy forwarding (RFC 3413 [13]) provides a standardized
+ mechanism to configure an intermediate node to forward SNMP messages.
+ A command generating entity sends requests to a proxy forwarding
+ entity that forwards the request to a third entity.
+
+ One SNMP entity may serve both functions as the SNMP agent to monitor
+ and configure the node on which it is resident, and as an
+ intermediate node in a proxy relationship to permit monitoring and
+ configuration of additional entities.
+
+ Each entity is identified by a unique engineID value, specifically to
+ support proxy between addressing domains and/or trust domains. An
+ SNMPv3 message contains two engineIDs- one to identify the database
+ to be used for message security, and one to identify the source (or
+ target) of the contained data. Message security is applied between
+ the originator and the proxy, and then between the proxy and the
+
+
+
+Barnes Informational [Page 34]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ end-target. The PDU contains the engineID of the node whose data is
+ contained in the message, which passes end-to-end, unchanged by the
+ proxy.
+
+ SNMPv3 proxy was designed to provide a standard SNMP approach to
+ inserting an intermediate node in the middle of communications for a
+ variety of scenarios. SNMPv3 proxy can support crossing addressing
+ domains, such as IPv4 and IPv6, crossing SNMP version domains, such
+ as SNMPv3 and SNMPv1, crossing security mechanism domains, such as
+ DES and AES, and for providing a single point of management contact
+ for a subset of the network, such as managing a private network
+ through a NAT device or a VPN endpoint.
+
+A.2 Proxies Versus Application Level Gateways
+
+ Proxies are generally preferred to Application Level Gateways for
+ SNMP. ALGs typically modify the headers and content of messages.
+ SNMP is a protocol designed for troubleshooting network (mis-)
+ configurations. Because an operator needs to understand the actual
+ configuration, the translation of addresses within SNMP data causes
+ confusion, hiding the actual configuration of a managed device from
+ the operator. ALGs also introduce security vulnerabilities, and
+ other complexities related to modifying SNMP data.
+
+ SNMP Proxies can modify message headers without modifying the
+ contained data. This avoids the issues associated with translating
+ the payload data, while permitting application level translation of
+ addresses.
+
+ The issues of ALGs versus proxies for SNMP Payload Address
+ Translation are discussed at length in RFC 2962 [27].
+
+Appendix B - RSIP with Tunneling
+
+ NAT requires ALGs (Application Layer Gateways) in middleboxes without
+ MIDCOM, and application modifications or agents for middleboxes with
+ MIDCOM.
+
+ Support for NAT without tunneling could easily be added to the RSIP
+ control protocol. NAT would be defined as a new, null tunnel type.
+ Support for the NAT null tunnels could be implemented in hosts, or in
+ applications or application agents.
+
+ If support for NAT null tunnels were implemented in hosts, no
+ modifications to applications would be required, and no application
+ agents or ALGs would be required. This has obvious advantages. In
+ addition to the NAT null tunnel, the host would have to implement an
+ RSIP / MIDCOM client (or a STUN client) and the middlebox would have
+
+
+
+Barnes Informational [Page 35]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ to implement an RSIP / MIDCOM server, or a STUN server would have to
+ be available _beyond_ the middlebox. Note that the STUN client /
+ server approach may not work with all types of middleboxes.
+
+ If support for NAT null tunnels were NOT implemented in hosts, then
+ applications would have to be modified, or application agents or ALGs
+ would have to be implemented. This has the advantage over tunnels
+ (whether null or not) of not requiring modification to hosts, but
+ would require the modification of host applications or the
+ implementation of application agents, both of which would include an
+ RSIP / MIDCOM client, and the implementation of an RSIP/MIDCOM server
+ in the middlebox. Again, in some situations, STUN could be used
+ instead of RSIP / MIDCOM.
+
+ Tunneled or not, an RSIP / MIDCOM server is needed in the middlebox.
+ Tunneled, the host needs to be modified, but not the application.
+ Untunneled, an agent must be added or the application must be
+ modified, but there would be no host modifications. The
+ advantages/disadvantages of tunneling would need to be evaluated in
+ considering RSIP.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Barnes Informational [Page 36]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+Appendix C - Megaco Modeling Approach
+
+ To model the Middlebox functions such as firewall, NAT etc., a new
+ Middlebox Termination type needs to be defined within Megaco. If
+ policy-rule overlap or modification by multiple Agents is NOT
+ required, then a policy rule is equivalent to a Termination (see
+ Figure 1). The various components of a Policy rule such as filter,
+ action, life-time, creator etc. are described as various properties
+ of a Termination. Use of the Virtual Media Gateway (VMG) concept
+ allows for conflict-free interaction of multiple MA's with the same
+ MB.
+
+ +-------+ +-------+
+ | MA-1 | | MA-2 |
+ | | | |
+ +-------+ |IF2 +-------+
+ | | |
+ +-------------|---------|----------|-----------+
+ | +---------+ | +-------------+ |
+ IF1 |VMG1 | +--+ | | | +--+ +--+ |VMG2 |IF3
+ ----------| |Tx|-------+ +---|Ty|--|Tz|----------------
+ | | +--+ | | | +--+ +--+ | |
+ | ....| | | +-------------+ |
+ | +---------+ | |
+ | +---------------------------------
+ | Middlebox | IF4
+ +----------------------------------------------+
+
+ Tx: Termination x = Policy rule x
+ Ty: Termination y = Policy rule y
+ Tz: Termination z = Policy rule z
+ MA: MIDCOM Agent
+ IF: Interface
+
+ Figure 1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Barnes Informational [Page 37]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ If it is required to allow multiple agents manipulate the same
+ Middlebox resource (e.g., a Policy rule or a filter), the latter
+ needs to be kept separate from the Termination (the Policy rule is
+ manipulated by the MA by manipulating the properties of the
+ associated Termination). For example, if overlapping policy rule
+ manipulation is required, then a Termination shall be associated with
+ a single policy rule, but a policy rule may be associated with more
+ than one Termination. Thus, a Termination can share a policy rule
+ with another Termination, or have a policy rule partially overlapping
+ with that of another Termination. This model allows two MAs,
+ controlling two distinct Terminations (see Figure 2), manipulate the
+ same or overlapping policy rules. In Figure 2, policy rules 1 and 2
+ are overlapping and they are shared by MA-1 and MA-2.
+
+ +-------+ +-------+
+ | MA-1 | | MA-2 |
+ | | | |
+ +-------+ |IF2 +-------+
+ | | | MB
+ +-------------|---------|----------|-----------+
+ | +-----------+ | +-------------+ |
+ IF1 |VMG1 | +--+ | | | +--+ +--+ |VMG2 |IF3
+ ------------------|Ty|----+ +---|Tx|--|Tz|----------------
+ | | +--+ | | | +--+ +--+ | |
+ | .... | | | | +--/------\---+ |
+ | +-------|---+ | / \ |
+ | | +----/----------\------------------
+ | +------+----+------+ +------+ |IF4
+ | |Policy1 Policy2 | |Policy| |
+ | | | | | | 3 | |
+ | +----+------+------+ +------+ |
+ +----------------------------------------------+
+
+ Tx: Termination x
+ Ty: Termination y
+ Tz: Termination z
+ MA: MIDCOM Agent
+ IF: Interface
+ MB: Middlebox
+
+ Figure 2.
+
+ This requires that the Agent and the Middlebox adhere to the
+ following principles:
+
+ (1) Only one Termination has read/write access to a filter at any
+ time.
+
+
+
+
+Barnes Informational [Page 38]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ (2) When the policy rule is being modified by a new agent (i.e., not
+ the one that created the policy) the Middlebox makes a policy
+ decision and decides whether to accept the requested modification
+ or not. In the case the modification is accepted the initial
+ MIDCOM agent may be notified.
+
+Appendix D - Diameter IPFilter Rule
+
+ The IPFilterRule format is derived from the OctetString AVP Base
+ Format. It uses the UTF-8 encoding and has the same requirements as
+ the UTF8String. Packets may be filtered based on the following
+ information that is associated with it:
+
+ Direction (in or out)
+ Source and destination IP address (possibly masked)
+ Protocol
+ Source and destination port (lists or ranges)
+ TCP flags
+ IP fragment flag
+ IP options
+ ICMP types
+
+ Rules for the appropriate direction are evaluated in order, with the
+ first matched rule terminating the evaluation. Each packet is
+ evaluated once. If no rule matches, the packet is dropped if the
+ last rule evaluated was a permit, and passed if the last rule was a
+ deny.
+
+ IPFilterRule filters MUST follow the format:
+
+ action dir proto from src to dst [options]
+
+ action permit - Allow packets that match the rule.
+ deny - Drop packets that match the rule.
+
+ dir "in" is from the terminal, "out" is to the
+ terminal.
+
+ proto An IP protocol specified by number. The "ip"
+ keyword means any protocol will match.
+
+ src and dst <address/mask> [ports]
+
+
+
+
+
+
+
+
+
+Barnes Informational [Page 39]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ The <address/mask> may be specified as:
+
+ ipno An IPv4 or IPv6 number in dotted-
+ quad or canonical IPv6 form. Only
+ this exact IP number will match the
+ rule.
+
+ ipno/bits An IP number as above with a mask
+ width of the form 1.2.3.4/24. In
+ this case, all IP numbers from
+ 1.2.3.0 to 1.2.3.255 will match.
+ The bit width MUST be valid for the
+ IP version and the IP number MUST
+ NOT have bits set beyond the mask.
+
+ For a match to occur, the same IP
+ version must be present in the
+ packet that was used in describing
+ the IP address. To test for a
+ particular IP version, the bits part
+ can be set to zero. The keyword
+ "any" is 0.0.0.0/0 or the IPv6
+ equivalent. The keyword "assigned"
+ is the address or set of addresses
+ assigned to the terminal. For IPv4,
+ a typical first rule is often
+ "deny in ip! assigned"
+
+ The sense of the match can be inverted by
+ preceding an address with the not modifier (!),
+ causing all other addresses to be matched
+ instead. This does not affect the selection of
+ port numbers.
+
+ With the TCP, UDP and SCTP protocols, optional
+ ports may be specified as:
+
+ {port|port-port}[,ports[,...]]
+
+ The '-' notation specifies a range of ports
+ (including boundaries).
+
+ Fragmented packets that have a non-zero offset
+ (i.e., not the first fragment) will never match
+ a rule that has one or more port
+ specifications. See the frag option for
+ details on matching fragmented packets.
+
+
+
+
+Barnes Informational [Page 40]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ options:
+
+ frag Match if the packet is a fragment and this is not
+ the first fragment of the datagram. frag may not
+ be used in conjunction with either tcpflags or
+ TCP/UDP port specifications.
+
+ ipoptions spec
+ Match if the IP header contains the comma
+ separated list of options specified in spec. The
+ supported IP options are:
+
+ ssrr (strict source route), lsrr (loose source
+ route), rr (record packet route) and ts
+ (timestamp). The absence of a particular option
+ may be denoted with a '!'.
+
+ tcpoptions spec
+ Match if the TCP header contains the comma
+ separated list of options specified in spec. The
+ supported TCP options are:
+
+ mss (maximum segment size), window (tcp window
+ advertisement), sack (selective ack), ts (rfc1323
+ timestamp) and cc (rfc1644 t/tcp connection
+ count). The absence of a particular option may
+ be denoted with a '!'.
+
+ established
+ TCP packets only. Match packets that have the RST
+ or ACK bits set.
+
+ setup TCP packets only. Match packets that have the SYN
+ bit set but no ACK bit.
+
+ tcpflags spec
+ TCP packets only. Match if the TCP header
+ contains the comma separated list of flags
+ specified in spec. The supported TCP flags are:
+
+ fin, syn, rst, psh, ack and urg. The absence of a
+ particular flag may be denoted with a '!'. A rule
+ that contains a tcpflags specification can never
+ match a fragmented packet that has a non-zero
+ offset. See the frag option for details on
+ matching fragmented packets.
+
+
+
+
+
+Barnes Informational [Page 41]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ icmptypes types
+ ICMP packets only. Match if the ICMP type is in
+ the list types. The list may be specified as any
+ combination of ranges or individual types
+ separated by commas. Both the numeric values and
+ the symbolic values listed below can be used. The
+ supported ICMP types are:
+
+ echo reply (0), destination unreachable (3),
+ source quench (4), redirect (5), echo request
+ (8), router advertisement (9), router
+ solicitation (10), time-to-live exceeded (11), IP
+ header bad (12), timestamp request (13),
+ timestamp reply (14), information request (15),
+ information reply (16), address mask request (17)
+ and address mask reply (18).
+
+ There is one kind of packet that the access device MUST always
+ discard, that is an IP fragment with a fragment offset of one. This
+ is a valid packet, but it only has one use, to try to circumvent
+ firewalls.
+
+ An access device that is unable to interpret or apply a deny rule
+ MUST terminate the session. An access device that is unable to
+ interpret or apply a permit rule MAY apply a more restrictive rule.
+ An access device MAY apply deny rules of its own before the supplied
+ rules, for example to protect the access device owner's
+ infrastructure.
+
+ The rule syntax is a modified subset of ipfw(8) from FreeBSD, and the
+ ipfw.c code may provide a useful base for implementations.
+
+Contributors
+
+ The following identifies the key contributors who provided the
+ primary content for this document in the form of individual documents
+ for each protocol:
+
+ RSIP:
+
+ Jim Renkel
+
+ SNMP:
+
+ Juergen Quittek
+ NEC Europe Ltd.
+ EMail: quittek@ccrle.nec.de
+
+
+
+
+Barnes Informational [Page 42]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+ David Harrington
+ Co-chair SNMPv3 WG
+ EMail: dbh@enterasys.com
+
+ Megaco:
+
+ Sanjoy Sen
+
+ Cedric Aoun
+ Nortel
+ EMail: cedric.aoun@nortel.com
+
+ Tom Taylor
+ Nortel
+ EMail: taylor@nortel.com
+
+ Diameter:
+
+ Tom Taylor
+ Nortel
+ EMail: taylor@nortel.com
+
+ COPS:
+
+ Cedric Aoun
+ Nortel
+ EMail: cedric.aoun@nortel.com
+
+ Kwok-Ho Chan
+ Nortel
+ EMail: khchan@nortel.com
+
+ Louis-Nicolas Hamer
+
+ Reinaldo Penno
+ EMail: rpenno@juniper.net
+
+ Sanjoy Sen
+
+Author's Address
+
+ Mary Barnes
+ Nortel
+ 2201 Lakeside Blvd.
+ Richardson, TX USA
+
+ Phone: 1-972-684-5432
+ EMail: mary.barnes@nortel.com
+
+
+
+Barnes Informational [Page 43]
+
+RFC 4097 MIDCOM Protocol Evaluation June 2005
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at ietf-
+ ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet
+ gement
+
+
+
+
+
+
+Barnes Informational [Page 44]
+