diff options
Diffstat (limited to 'doc/rfc/rfc6028.txt')
-rw-r--r-- | doc/rfc/rfc6028.txt | 563 |
1 files changed, 563 insertions, 0 deletions
diff --git a/doc/rfc/rfc6028.txt b/doc/rfc/rfc6028.txt new file mode 100644 index 0000000..6437255 --- /dev/null +++ b/doc/rfc/rfc6028.txt @@ -0,0 +1,563 @@ + + + + + + +Internet Engineering Task Force (IETF) G. Camarillo +Request for Comments: 6028 A. Keranen +Category: Experimental Ericsson +ISSN: 2070-1721 October 2010 + + + Host Identity Protocol (HIP) Multi-Hop Routing Extension + +Abstract + + This document specifies two extensions to the Host Identity Protocol + (HIP) to implement multi-hop routing. The first extension allows + implementing source routing in HIP. That is, a node sending a HIP + packet can define a set of nodes that the HIP packet should traverse. + The second extension allows a HIP packet to carry and record the list + of nodes that forwarded it. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for examination, experimental implementation, and + evaluation. + + This document defines an Experimental Protocol for the Internet + community. This document is a product of the Internet Engineering + Task Force (IETF). It represents the consensus of the IETF + community. It has received public review and has been approved for + publication by the Internet Engineering Steering Group (IESG). Not + all documents approved by the IESG are a candidate for any level of + Internet Standard; see Section 2 of RFC 5741. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc6028. + + + + + + + + + + + + + + + + + +Camarillo & Keranen Experimental [Page 1] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + +Copyright Notice + + Copyright (c) 2010 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + +Table of Contents + + 1. Introduction ....................................................2 + 2. Terminology .....................................................3 + 2.1. Requirements Language ......................................3 + 2.2. Definitions ................................................3 + 3. Protocol Definitions ............................................3 + 3.1. Creating and Processing Via Lists ..........................4 + 3.2. Creating Destination Lists .................................4 + 3.3. Processing Destination Lists ...............................5 + 3.4. Fragmentation Considerations ...............................5 + 4. Packet Formats ..................................................5 + 4.1. Source and Destination Route List Parameters ...............6 + 5. IANA Considerations .............................................7 + 6. Security Considerations .........................................8 + 6.1. Forged Destination and Via Lists ...........................8 + 6.2. Forwarding Loops ...........................................8 + 7. Acknowledgments .................................................9 + 8. References ......................................................9 + 8.1. Normative References .......................................9 + 8.2. Informative References .....................................9 + +1. Introduction + + When the Host Identity Protocol (HIP) [RFC5201] is used in certain + contexts, nodes need the ability to perform source routing. That is, + a node needs the ability to send a HIP signaling packet that will + traverse a set of nodes before reaching its destination. Such + features are needed, e.g., in the HIP-Based Overlay Networking + Environment (HIP BONE) [HIP-BONE] or if two nodes wish to keep a + third, or more, HIP nodes on the signaling path. This document + defines an extension that provides HIP with this functionality. + + + + +Camarillo & Keranen Experimental [Page 2] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + + Additionally, when HIP signaling packets are routed through multiple + nodes, some of these nodes (e.g., the destination host) need the + ability to know the nodes that a particular packet traversed. This + document defines another extension that provides HIP with this + functionality. + + These two extensions enable multi-hop routing in HIP. Before these + extensions were specified, there were standardized ways for + supporting only a single intermediate node (e.g., a rendezvous server + [RFC5204]) between the source of a HIP packet and its destination. + +2. Terminology + +2.1. Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [RFC2119]. + +2.2. Definitions + + The following terms used in this document are similar to those + defined by REsource LOcation And Discovery (RELOAD) [P2PSIP-BASE] but + are used here in the context of HIP. + + Destination list: A list of Host Identity Tags (HITs) of the nodes + that a HIP packet should traverse. + + Via list: A list of HITs of the nodes that a HIP packet has + traversed. + + Symmetric routing: A response to a message is routed back using the + same set of intermediary nodes as the original message used, + except in reversed order. Also known as symmetric recursive + routing. + +3. Protocol Definitions + + The multi-hop routing extensions may be used in different contexts, + and whether a new HIP signaling packet should, for example, include a + Via list or have different options enabled can depend on the + particular use case, local policies, and different protocols using + the extension. This section defines how the new parameters are + handled, but when to use these extensions, or how to configure them, + is out of scope for this document. + + + + + + +Camarillo & Keranen Experimental [Page 3] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + +3.1. Creating and Processing Via Lists + + When a node sending a HIP packet needs to record the nodes that are + on the path that the HIP packet traverses, it includes an empty + ROUTE_VIA parameter in the packet. + + A node that receives a packet with a ROUTE_VIA parameter SHOULD add + its own HIT to the end of the ROUTE_VIA parameter, unless it is the + final recipient of the packet. If the node uses a different HIT on + the HIP association it used for receiving the packet than for sending + it forward, it SHOULD also add the receiving HIT to the route list + before the sending HIT. + + If the node is the final recipient of the packet, and the received + packet generates a response HIP packet, the node checks the SYMMETRIC + flag from the ROUTE_VIA parameter. If the SYMMETRIC flag is set, the + node MUST create a ROUTE_DST parameter from the ROUTE_VIA parameter, + as described in Section 3.2, and include it in the response packet. + Also, if an intermediary node generates a new HIP packet (e.g., an + error NOTIFY packet) due to a HIP packet that had a ROUTE_VIA + parameter with the SYMMETRIC flag set, and the new packet is intended + for the sender of the original HIP packet, the node SHOULD construct + and add a ROUTE_DST parameter into the new packet as in the previous + case. + +3.2. Creating Destination Lists + + A node that needs to define the other nodes that should be on the + path a HIP packet traverses adds a ROUTE_DST parameter to the HIP + packet. The node may either decide the path independently, or it may + create the path based on a ROUTE_VIA parameter. Only the originator + of a signed HIP packet can add a ROUTE_DST parameter to the HIP + packet, and none of the nodes on the path can modify it, since the + parameter is covered by the signature. + + When a node creates a ROUTE_DST parameter due to receiving a packet + with a ROUTE_VIA parameter, it copies all the HITs in the ROUTE_VIA + parameter to the ROUTE_DST parameter, but in reversed order. This + results in the HIP response packet being forwarded using the same + path as the packet for which the response was generated. If exactly + the same set of nodes should be traversed by the response packet, the + MUST_FOLLOW flag (see Table 1) also SHOULD be set in the ROUTE_VIA + parameter (and eventually copied to the ROUTE_DST parameter) to + prevent the response packet from possibly skipping some nodes on the + list. + + + + + + +Camarillo & Keranen Experimental [Page 4] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + +3.3. Processing Destination Lists + + When a node receives a HIP packet that contains a ROUTE_DST + parameter, it first looks up its own HIT from the route list. If the + node's own HIT is not in the list and the node is not the receiver of + the packet, the packet was incorrectly forwarded and MUST be dropped. + If the node's HIT is in the list more than once, the list is invalid + and the packet MUST be dropped to avoid forwarding loops. The next + hop for the packet is the HIT after the node's own HIT in the list. + If the node's HIT was the last HIT in the list, the next hop is the + receiver's HIT in the HIP header. + + If the MUST_FOLLOW flag in the ROUTE_DST parameter is not set, the + node SHOULD check whether it has a valid locator for one of the nodes + later in the list, or for the receiver of the packet, and it MAY + select such a node as the next hop. If the MUST_FOLLOW flag is set, + the node MUST NOT skip any nodes in the list. + + If the node has a valid locator for the next hop, it MUST forward the + HIP packet to the next-hop node. If the node cannot determine a + valid locator for the next-hop node, it SHOULD drop the packet and + SHOULD send back a NOTIFY error packet with type UNKNOWN_NEXT_HOP + (value 90). The Notification Data field for the error notifications + SHOULD contain the HIP header of the rejected packet and the + ROUTE_DST parameter. + +3.4. Fragmentation Considerations + + Via and Destination lists with multiple HITs can substantially + increase the size of the HIP packets, and thus fragmentation issues + (see Section 5.1.3 of [RFC5201]) should be taken into consideration + when these extensions are used. Via lists in particular should be + used with care, since the final size of the packet is not known + unless the maximum possible amount of hops is known beforehand. Both + parameters do still have a maximum size based on the maximum number + of allowed HITs (see Section 4.1). + +4. Packet Formats + + This memo defines two new HIP parameters that are used for recording + a route via multiple nodes (ROUTE_VIA) and for defining a route that + a packet should traverse by the sender of the packet (ROUTE_DST). + + + + + + + + + +Camarillo & Keranen Experimental [Page 5] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + + The ROUTE_DST parameter is integrity protected with the signature + (where present) but ROUTE_VIA is not, so that intermediary nodes can + add their own HITs to the list. Both ROUTE_DST and ROUTE_VIA are + critical parameters (as defined in Section 5.2.1 of [RFC5201]), since + the packet will not be properly routed unless all nodes on the path + recognize the parameters. + +4.1. Source and Destination Route List Parameters + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Type | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Flags | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + | HIT #1 | + | | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . . . + . . . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + | HIT #n | + | | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Type ROUTE_DST: 4601 + ROUTE_VIA: 64017 + Length length in octets, excluding Type and Length + (i.e., number-of-HITs * 16 + 4) + Flags bit flags that can be used for requesting special + handling of the parameter + Reserved reserved for future use + HIT Host Identity Tag of one of the nodes on the path + + Figure 1. Format of the ROUTE_VIA and ROUTE_DST Parameters + + Figure 1 shows the format of both ROUTE_VIA and ROUTE_DST parameters. + The ROUTE_DST parameter, if present, MUST have at least one HIT, but + the ROUTE_VIA parameter can also have zero HITs. The ROUTE_DST and + ROUTE_VIA parameters SHALL NOT contain more than 32 HITs. The Flags + + + + + + +Camarillo & Keranen Experimental [Page 6] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + + field is used for requesting special handling for Via and Destination + lists. The flags defined in this document are shown in Table 1. The + Reserved field can be used by future extensions; it MUST be zero when + sending and ignored when receiving this parameter. + + +-----+-------------+-----------------------------------------------+ + | Pos | Name | Purpose | + +-----+-------------+-----------------------------------------------+ + | 0 | SYMMETRIC | The response packet MUST be sent with a | + | | | ROUTE_DST list made from the ROUTE_VIA list | + | | | containing this flag, i.e., using symmetric | + | | | routing. | + | 1 | MUST_FOLLOW | All the nodes in a ROUTE_DST list MUST be | + | | | traversed, i.e., even if a node would have a | + | | | valid locator for a node beyond the next hop, | + | | | it MUST NOT forward the packet there but to | + | | | the next-hop node. | + +-----+-------------+-----------------------------------------------+ + + Table 1. Bit Flags in ROUTE_VIA and ROUTE_DST Parameters + + The "Pos" column in Table 1 shows the bit position of the flag (as in + Figure 1) in the Flags field, "Name" gives the name of the flag used + in this document, and "Purpose" gives a brief description of the + meaning of that flag. + + The flags apply to both ROUTE_VIA and ROUTE_DST parameters, and when + a ROUTE_DST parameter is added to a packet because of a ROUTE_VIA + parameter, the same flags MUST be copied to the ROUTE_DST parameter. + +5. IANA Considerations + + This section is to be interpreted according to [RFC5226]. + + This document updates the IANA Registry for HIP Parameter Types + [RFC5201] by assigning new HIP Parameter Type values for the new HIP + Parameters: ROUTE_VIA and ROUTE_DST (defined in Section 4). This + document also defines a new Notify Packet Type [RFC5201], + UNKNOWN_NEXT_HOP, in Section 3.3. + + The ROUTE_DST and ROUTE_VIA parameters utilize bit flags, for which + IANA has created and now maintains a new sub-registry entitled "HIP + Via Flags" under the "Host Identity Protocol (HIP) Parameters" + registry. Initial values for the registry are given in Table 1; + future assignments are to be made through IETF Review or IESG + Approval [RFC5226]. Assignments consist of the bit position and the + name of the flag. + + + + +Camarillo & Keranen Experimental [Page 7] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + +6. Security Considerations + + The standard HIP mechanisms (e.g., using signatures, puzzles, and the + ENCRYPTED parameter [RFC5201]) provide protection against + eavesdropping; replay; message insertion, deletion, and modification; + and man-in-the-middle attacks. Yet, the extensions described in this + document allow nodes to route HIP messages via other nodes and hence + possibly try to mount Denial-of-Service (DoS) attacks against them. + The following sections describe possible attacks and means to + mitigate them. + +6.1. Forged Destination and Via Lists + + The Destination list is protected by the HIP signature so that the + receiver of the message can check that the list was indeed created by + the sender of the message and not modified on the path. Also, the + nodes forwarding the message MAY check the signature of the forwarded + packets if they have the Host Identity (HI) of the sender (e.g., from + an I2 or R1 message [RFC5201]) and drop packets whose signature check + fails. With forwarding nodes checking the signature and allowing + messages to be forwarded only from nodes for which there is an active + HIP association, it is also possible to reliably identify attacking + nodes. + + The limited amount of HITs allowed in a Destination list limits the + impact of attacks using a forged Destination list, and the attacker + also needs to know a set of HIP nodes that are able to route the + message hop-by-hop for the attack to be effective. + + A forged Via list results in a similar attack as with the Destination + list and with similar limitations. However, in this attack the + Destination list generated from the Via list is validly signed by the + responding node. To limit the effect of this kind of attack, a + responding node may further decrease the maximum acceptable number of + nodes in the Via lists or allow only certain HITs in the lists. + However, using these mechanisms requires either good knowledge of the + overlay network (i.e., maximum realistic amount of hops) or knowing + the HITs of all potential nodes forwarding the messages. + +6.2. Forwarding Loops + + A malicious node could craft a destination route list that contains + the same HIT more than once and thus create a forwarding loop. The + check described in Section 3.3 should break such loops, but nodes MAY + in addition utilize the OVERLAY_TTL [HIP-BONE] parameter for + additional protection against forwarding loops. + + + + + +Camarillo & Keranen Experimental [Page 8] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + +7. Acknowledgments + + Tom Henderson provided valuable comments and improvement suggestions + for this document. + +8. References + +8.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., Ed., and T. + Henderson, "Host Identity Protocol", RFC 5201, April + 2008. + +8.2. Informative References + + [RFC5204] Laganier, J. and L. Eggert, "Host Identity Protocol + (HIP) Rendezvous Extension", RFC 5204, April 2008. + + [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing + an IANA Considerations Section in RFCs", BCP 26, RFC + 5226, May 2008. + + [HIP-BONE] Camarillo, G., Nikander, P., Hautakorpi, J., Keranen, + A., and A. Johnston, "HIP BONE: Host Identity Protocol + (HIP) Based Overlay Networking Environment", Work in + Progress, June 2010. + + [P2PSIP-BASE] Jennings, C., Lowekamp, B., Ed., Rescorla, E., Baset, + S., and H. Schulzrinne, "REsource LOcation And + Discovery (RELOAD) Base Protocol", Work in Progress, + March 2010. + + + + + + + + + + + + + + + + + +Camarillo & Keranen Experimental [Page 9] + +RFC 6028 HIP Multi-Hop Routing Extension October 2010 + + +Authors' Addresses + + Gonzalo Camarillo + Ericsson + Hirsalantie 11 + 02420 Jorvas + Finland + + EMail: Gonzalo.Camarillo@ericsson.com + + + Ari Keranen + Ericsson + Hirsalantie 11 + 02420 Jorvas + Finland + + EMail: Ari.Keranen@ericsson.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Camarillo & Keranen Experimental [Page 10] + |