1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
|
Internet Engineering Task Force (IETF) Q. Sun
Request for Comments: 7753 China Telecom
Category: Standards Track M. Boucadair
ISSN: 2070-1721 France Telecom
S. Sivakumar
Cisco Systems
C. Zhou
Huawei Technologies
T. Tsou
Philips Lighting
S. Perreault
Jive Communications
February 2016
Port Control Protocol (PCP) Extension for Port-Set Allocation
Abstract
In some use cases, e.g., Lightweight 4over6, the client may require
not just one port, but a port set. This document defines an
extension to the Port Control Protocol (PCP) that allows clients to
manipulate a set of ports as a whole. This is accomplished using a
new MAP option: PORT_SET.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7753.
Sun, et al. Standards Track [Page 1]
^L
RFC 7753 PCP PORT_SET February 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Sun, et al. Standards Track [Page 2]
^L
RFC 7753 PCP PORT_SET February 2016
Table of Contents
1. Introduction ....................................................4
1.1. Applications Using Port Sets ...............................4
1.2. Lightweight 4over6 .........................................4
1.3. Firewall Control ...........................................4
1.4. Discovering Stateless Port-Set Mappings ....................5
2. The Need for PORT_SET ...........................................5
3. Terminology .....................................................6
4. The PORT_SET Option .............................................6
4.1. Client Behavior ............................................8
4.2. Server Behavior ............................................8
4.3. Absence of Capability Discovery ............................9
4.4. Port-Set Renewal and Deletion .............................10
4.4.1. Overlap Conditions .................................10
5. Examples .......................................................10
5.1. Simple Request on Network Address Translator
IPv4/IPv4 (NAT44) .........................................10
5.2. Stateless Mapping Discovery ...............................12
5.3. Resolving Overlap .........................................13
6. Operational Considerations .....................................13
6.1. Limits and Quotas .........................................13
6.2. High Availability .........................................13
6.3. Idempotence ...............................................13
6.4. What should a PCP client do when it receives fewer
ports than requested? .....................................15
7. Security Considerations ........................................15
8. IANA Considerations ............................................16
9. References .....................................................16
9.1. Normative References ......................................16
9.2. Informative References ....................................16
Acknowledgements ..................................................17
Contributors ......................................................17
Authors' Addresses ................................................18
Sun, et al. Standards Track [Page 3]
^L
RFC 7753 PCP PORT_SET February 2016
1. Introduction
This document extends the Port Control Protocol (PCP) [RFC6887] with
the ability to retrieve a set of ports using a single request. It
does so by defining a new PORT_SET option.
This section describes a few of the possible envisioned use cases.
Note that the PCP extension defined in this document is generic and
is expected to be applicable to other use cases.
1.1. Applications Using Port Sets
Some applications require not just one port, but a port set. One
example is a Session Initiation Protocol (SIP) User Agent Server
(UAS) [RFC3261] expecting to handle multiple concurrent calls,
including media termination. When the UAS receives a call, it needs
to signal media port numbers to its peer. Generating individual PCP
MAP requests for each of the media ports during call setup would
introduce unwanted latency and increased signaling load. Instead,
the server can pre-allocate a set of ports such that no PCP exchange
is needed during call setup.
1.2. Lightweight 4over6
In the Lightweight 4over6 (lw4o6) [RFC7596] architecture, shared
global addresses can be allocated to customers. This allows moving
the Network Address Translation (NAT) function, otherwise
accomplished by a Carrier-Grade NAT (CGN) [RFC6888], to the Customer
Premises Equipment (CPE). This provides more control over the NAT
function to the user, and more scalability to the Internet Service
Provider (ISP).
In the lw4o6 architecture, the PCP-controlled device corresponds to
the Lightweight Address Family Transition Router (lwAFTR), and the
PCP client corresponds to the Lightweight B4 (lwB4). The PCP client
sends a PCP MAP request containing a PORT_SET option to trigger
shared address allocation on the Lightweight AFTR (lwAFTR). The PCP
response contains the shared address information, including the port
set allocated to the Lightweight B4 (lwB4).
1.3. Firewall Control
Port sets are often used in firewall rules. For example, defining a
range for Real-time Transport Protocol (RTP) [RFC3550] traffic is
common practice. The PCP MAP request can already be used for
firewall control. The PORT_SET option brings the additional ability
to manipulate firewall rules operating on port sets instead of single
ports.
Sun, et al. Standards Track [Page 4]
^L
RFC 7753 PCP PORT_SET February 2016
1.4. Discovering Stateless Port-Set Mappings
A PCP MAP request can be used to retrieve a mapping from a stateless
device (i.e., one that does not establish any per-flow state, and
simply rewrites the address and/or port in a purely algorithmic
fashion, including no rewriting). Similarly, a PCP MAP request with
a PORT_SET request can be used to discover a port-set mapping from a
stateless device. See Section 5.2 for an example.
2. The Need for PORT_SET
Multiple PCP MAP requests can be used to manipulate a set of ports;
this has roughly the same effect as a single use of a PCP MAP request
with a PORT_SET option. However, use of the PORT_SET option is more
efficient when considering the following aspects:
Network Traffic: A single request uses fewer network resources than
multiple requests.
Latency: Even though PCP MAP requests can be sent in parallel, we
can expect the total processing time to be longer for multiple
requests than for a single one.
Server-side efficiency: Some PCP-controlled devices can allocate
port sets in a manner such that data passing through the device is
processed much more efficiently than the equivalent using
individual port allocations. For example, a CGN having a "bulk"
port allocation scheme (see [RFC6888], Section 5) often has this
property.
Server-side scalability: The number of state table entries in PCP-
controlled devices is often a limiting factor. Allocating port
sets in a single request can result in a single mapping entry
being used, therefore allowing greater scalability.
Therefore, while it is functionally possible to obtain the same
results using plain MAP, the extension proposed in this document
allows greater efficiency, scalability, and simplicity, while
lowering latency and necessary network traffic.
In addition, PORT_SET supports parity preservation. Some protocols
(e.g., RTP [RFC3550]) assign meaning to a port number's parity. When
mapping sets of ports for the purpose of using such kind of protocol,
preserving parity can be necessary.
Sun, et al. Standards Track [Page 5]
^L
RFC 7753 PCP PORT_SET February 2016
3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
4. The PORT_SET Option
Option Name: PORT_SET
Number: 130 (see Section 8)
Purpose: To map sets of ports.
Valid for Opcodes: MAP
Length: 5 bytes
May appear in: Both requests and responses
Maximum occurrences: 1
The PORT_SET option indicates that the PCP client wishes to reserve a
set of ports. The requested number of ports in that set is indicated
in the option.
The maximum occurrences of the PORT_SET option MUST be limited to 1.
The reason is that the Suggested External Port Set depends on the
data contained in the MAP Opcode header. Having two PORT_SET options
with a single MAP Opcode header would imply having two overlapping
Suggested External Port Sets.
Note that the option number is in the "optional to process" range
(128-191), meaning that a PCP MAP request with a PORT_SET option will
be interpreted by a PCP server that does not support PORT_SET as a
single-port PCP MAP request, as if the PORT_SET option was absent.
The PORT_SET option is formatted as shown in Figure 1.
Sun, et al. Standards Track [Page 6]
^L
RFC 7753 PCP PORT_SET February 2016
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Option Code=130| Reserved | Option Length=5 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Port Set Size | First Internal Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |P|
+-+-+-+-+-+-+-+-+
Figure 1: PORT_SET Option
The fields are as follows:
Port Set Size: A 16-bit unsigned integer. Number of ports
requested. MUST NOT be zero.
First Internal Port: In a request, this field MUST be set equal to
the Internal Port field in the MAP Opcode by the PCP client. In a
response, this field indicates the First Internal Port of the port
set mapped by the PCP server, which may differ from the value sent
in the request. That is to be contrasted to the Internal Port
field, which by necessity is always identical in matched requests
and responses.
Reserved: MUST be set to zero when sending; MUST be ignored when
receiving.
P (parity bit): 1 if parity preservation is requested; 0 otherwise.
See [RFC4787], Section 4.2.2.
Note that Option Code, Reserved, and Option Length are as described
in [RFC6887], Section 7.3.
The Internal Port Set is defined as being the range of Port Set Size
ports starting from the First Internal Port. The Suggested External
Port Set is defined as being the range of Port Set Size ports
starting from the Suggested External Port. Similarly, the Assigned
External Port Set is defined as being the range of Port Set Size
ports starting from the Assigned External Port. The Internal Port
Set returned in a response and the Assigned External Port Set have
the same size.
The Suggested External Port corresponds to the first port in the
Suggested External Port Set. Its purpose is for clients to be able
to regenerate previous mappings after state loss. When such an event
happens, clients may attempt to regenerate identical mappings by
Sun, et al. Standards Track [Page 7]
^L
RFC 7753 PCP PORT_SET February 2016
suggesting the same External Port Set as before the state loss. Note
that there is no guarantee that the allocated External Port Set will
be the one suggested by the client.
4.1. Client Behavior
To retrieve a set of ports, the PCP client adds a PORT_SET option to
its PCP MAP request. If parity preservation is required (i.e., an
even port to be mapped to an even port and an odd port to be mapped
to an odd port), the PCP client MUST set the parity bit (to 1) to ask
the PCP server to preserve the port parity.
The PCP client MUST NOT include more than one PORT_SET option in a
PCP MAP request. If several port sets are needed, the PCP client
MUST issue separate PCP MAP requests, each potentially including a
PORT_SET option. These individual PCP MAP requests MUST include
distinct Internal Ports.
If the PCP client does not know the exact number of ports it
requires, it MAY then set the Port Set Size to 0xffff, indicating
that it is willing to accept as many ports as the PCP server can
offer.
A PCP client SHOULD NOT send a PORT_SET option for single-port PCP
MAP requests (including creation, renewal, and deletion), because
that needlessly increases processing on the server.
PREFER_FAILURE MUST NOT appear in a request with a PORT_SET option.
As a reminder, PREFER_FAILURE was specifically designed for the
Universal Plug and Play (UPnP) Internet Gateway Device - Port Control
Protocol Interworking Function (IGD-PCP IWF) [RFC6970]. The reasons
for not recommending the use of PREFER_FAILURE are discussed in
Section 13.2 of [RFC6887].
When the PCP-controlled device supports delegation of multiple port
sets for a given PCP client, the PCP client MAY re-initiate a PCP
request to get another port set when it has exhausted all the ports
within the port set.
4.2. Server Behavior
In addition to regular PCP MAP request processing, the following
checks are made upon receipt of a PORT_SET option with a non-zero
Requested Lifetime:
o If multiple PORT_SET options are present in a single PCP MAP
request, a MALFORMED_OPTION error is returned.
Sun, et al. Standards Track [Page 8]
^L
RFC 7753 PCP PORT_SET February 2016
o If the Port Set Size is zero, a MALFORMED_OPTION error is
returned.
o If a PREFER_FAILURE option is present, a MALFORMED_OPTION error is
returned.
The PCP server MAY map fewer ports than the value of Port Set Size
from the request. It MUST NOT map more ports than the PCP client
asked for. Internal Ports outside the range of Port Set Size ports
starting from the Internal Port MUST NOT be mapped by the PCP server.
If the requested port set cannot be fully satisfied, the PCP server
SHOULD map as many ports as possible and SHOULD map at least one port
(which is the same behavior as if Port Set Size is set to 1).
If the PCP server ends up mapping only a single port, for any reason,
the PORT_SET option MUST NOT be present in the response. In
particular, if the PCP server receives a single-port PCP MAP request
that includes a PORT_SET option, the PORT_SET option is silently
ignored, and the request is handled as a single-port PCP MAP request.
If the port parity preservation is requested (P = 1), the PCP server
MAY preserve port parity. In that case, the External Port is set to
a value having the same parity as the First Internal Port.
If the mapping is successful, the MAP response's Assigned External
Port is set to the first port in the External Port Set, and the
PORT_SET option's Port Set Size is set to the number of ports in the
mapped port set. The First Internal Port field is set to the first
port in the Internal Port Set.
4.3. Absence of Capability Discovery
A PCP client that wishes to make use of a port set includes the
PORT_SET option. If no PORT_SET option is present in the response,
the PCP client cannot conclude that the PCP server does not support
the PORT_SET option. It may just be that the PCP server does support
PORT_SET but decided to allocate only a single port, for reasons that
are its own. If the client wishes to obtain more ports, it MAY send
additional PCP MAP requests (see Section 6.4), which the PCP server
may or may not grant according to local policy.
If port-set capability is added to or removed from a running PCP
server, the server MAY reset its Epoch time and send an ANNOUNCE
message as described in the PCP specification ([RFC6887],
Section 14.1). This causes PCP clients to retry, and those using
PORT_SET will now receive a different response.
Sun, et al. Standards Track [Page 9]
^L
RFC 7753 PCP PORT_SET February 2016
4.4. Port-Set Renewal and Deletion
Port-set mappings are renewed and deleted as a single entity. That
is, the lifetime of all port mappings in the set is set to the
Assigned Lifetime at once.
A PCP client attempting to refresh or delete a port-set mapping MUST
include the PORT_SET option in its request.
4.4.1. Overlap Conditions
Port-set PCP MAP requests can overlap with existing single-port or
port-set mappings. This can happen either by mistake or after a PCP
client becomes out of sync with server state.
If a PCP server receives a PCP MAP request, with or without a
PORT_SET option, that tries to map one or more Internal Ports or port
sets belonging to already-existing mappings, then the request is
considered to be a refresh request applying those mappings. Each of
the matching port or port-set mappings is processed independently, as
if a separate refresh request had been received. The processing is
as described in Section 15 of [RFC6887]. The PCP server sends a
Mapping Update message for each of the mappings.
5. Examples
5.1. Simple Request on Network Address Translator IPv4/IPv4 (NAT44)
An application requires a range of 100 IPv4 UDP ports to be mapped to
itself. The application running on the host has created sockets
bound to IPv4 UDP ports 50,000 to 50,099 for this purpose. It does
not care about which External Port numbers are allocated. The PCP
client sends a PCP request with the following parameters over IPv4:
o MAP Opcode
Mapping Nonce: <a random nonce>
Protocol: 17
Internal Port: 50,000
Suggested External Port: 0
Suggested External IP Address: ::ffff:0.0.0.0
Sun, et al. Standards Track [Page 10]
^L
RFC 7753 PCP PORT_SET February 2016
o PORT_SET Option
Port Set Size: 100
First Internal Port: 50,000
P: 0
The PCP server is unable to fulfill the request fully: it is
configured by local policy to only allocate 32 ports per user. Since
the PREFER_FAILURE option is absent from the request, it decides to
map UDP ports 37,056 to 37,087 on external address 192.0.2.3 to
Internal Ports 50,000 to 50,031. After setting up the mapping in the
NAT44 device it controls, it replies with the following PCP response:
o MAP Opcode
Mapping Nonce: <copied from the request>
Protocol: 17
Internal Port: 50,000
Assigned External Port: 37,056
Assigned External IP Address: ::ffff:192.0.2.3
o PORT_SET Option
Port Set Size: 32
First Internal Port: 50,000
P: 0
Upon receiving this response, the host decides that 32 ports is good
enough for its purposes. It closes sockets bound to ports 50,032 to
50,099, sets up a refresh timer, and starts using the port range it
has just been assigned.
Sun, et al. Standards Track [Page 11]
^L
RFC 7753 PCP PORT_SET February 2016
5.2. Stateless Mapping Discovery
A host wants to discover a stateless NAT44 mapping pointing to it.
To do so, it sends the following request over IPv4:
o MAP Opcode
Mapping Nonce: <a random nonce>
Protocol: 0
Internal Port: 1
Suggested External Port: 0
Suggested External IP Address: ::ffff:0.0.0.0
o PORT_SET Option
Port Set Size: 65,535
First Internal Port: 1
P: 0
The PCP server sends the following response:
o MAP Opcode
Mapping Nonce: <copied from the request>
Protocol: 0
Internal Port: 1
Assigned External Port: 26,624
Assigned External IP Address: ::ffff:192.0.2.5
o PORT_SET Option
Port Set Size: 2048
First Internal Port: 26,624
P: 0
Sun, et al. Standards Track [Page 12]
^L
RFC 7753 PCP PORT_SET February 2016
From this response, the host understands that a 2048-port stateless
mapping is pointing to itself, starting from port 26,624 on external
IP address 192.0.2.5.
5.3. Resolving Overlap
This example relates to Section 4.4.1.
Suppose Internal Port 100 is mapped to External Port 100 and port set
101-199 is mapped to External Port Set 201-299. The PCP server
receives a PCP MAP request with Internal Port = 100, External Port =
0, and a PORT_SET option with Port Set Size = 100. The request's
Mapping Nonce is equal to those of the existing single-port and port-
set mappings. This request is therefore treated as two refresh
requests, the first one applying to the single-port mapping and the
second one applying to the port-set mapping. The PCP server updates
the lifetimes of both mappings as usual and then sends two responses:
the first one contains Internal Port = 100, External Port = 100, and
no PORT_SET option, while the second one contains Internal Port =
101, External Port = 201, and a PORT_SET option with Port Set Size =
99.
6. Operational Considerations
6.1. Limits and Quotas
It is up to the PCP server to determine the port-set quota, if any,
for each PCP client.
If the PCP server is configured to allocate multiple port-set
allocations for one subscriber, the same Assigned External IP Address
SHOULD be assigned to the subscriber in multiple port-set responses.
To optimize the number of mapping entries maintained by the PCP
server, it is RECOMMENDED to configure the PCP server to assign the
maximum allowed Port Set Size in a single response. This policy
SHOULD be configurable.
6.2. High Availability
The failover mechanism in MAP (Section 14 of [RFC6887]) can also be
applied to port sets.
6.3. Idempotence
A core, desirable property of PCP is idempotence. In a nutshell,
requests produce the same results whether they are executed once or
multiple times. This property is preserved with the PORT_SET option,
Sun, et al. Standards Track [Page 13]
^L
RFC 7753 PCP PORT_SET February 2016
with the following caveat: the order in which the PCP server receives
requests with overlapping Internal Port Sets will affect the mappings
being created and the responses received.
For example, suppose these two requests are sent by a PCP client:
Request A: Internal Port Set 1-10
Request B: Internal Port Set 5-14
The PCP server's actions will depend on which request is received
first. Suppose that A is received before B:
Upon reception of A: Internal Ports 1-10 are mapped. A success
response containing the following fields is sent:
Internal Port: 1
First Internal Port: 1
Port Set Size: 10
Upon reception of B: The request matches mapping A. The request is
interpreted as a refresh request for mapping A, and a response
containing the following fields is sent:
Internal Port: 5
First Internal Port: 1
Port Set Size: 10
If the order of reception is reversed (B before A), the created
mapping will be different, and the First Internal Port in both
responses would then be 5.
To avoid surprises, PCP clients MUST ensure that port-set mapping
requests do not inadvertently overlap. For example, a host's
operating system could include a central PCP client process through
which port-set mapping requests would be arbitrated. Alternatively,
individual PCP clients running on the same host would be required to
acquire the Internal Ports from the operating system (e.g., a call to
the bind() function from the BSD API) before trying to map them with
PCP.
Sun, et al. Standards Track [Page 14]
^L
RFC 7753 PCP PORT_SET February 2016
6.4. What should a PCP client do when it receives fewer ports than
requested?
Suppose a PCP client asks for 16 ports and receives 8. What should
it do? Should it consider this a final answer? Should it try a
second request, asking for 8 more ports? Should it fall back to 8
individual PCP MAP requests? This document leaves the answers to be
implementation specific but describes issues to be considered when
answering them.
First, the PCP server has decided to allocate 8 ports for some
reason. It may be that allocation sizes have been limited by the PCP
server's administrator. It may be that the PCP client has reached a
quota. It may be that these 8 ports were the last contiguous ones
available. Depending on the reason, asking for more ports may or may
not be likely to actually yield more ports. However, the PCP client
has no way of knowing.
Second, not all PCP clients asking for N ports actually need all N
ports to function correctly. For example, a DNS resolver could ask
for N ports to be used for source-port randomization. If fewer than
N ports are received, the DNS resolver will still work correctly, but
source-port randomization will be slightly less efficient, having
fewer bits to play with. In that case, it would not make much sense
to ask for more ports.
Finally, asking for more ports could be considered abuse. External
Ports are a resource that is to be shared among multiple PCP clients.
A PCP client trying to obtain more than its fair share could trigger
countermeasures according to local policy.
In conclusion, it is expected that, for most applications, asking for
more ports would not yield benefits justifying the additional costs.
7. Security Considerations
The security considerations discussed in [RFC6887] apply to this
extension.
As described in Section 4.4.1, a single PCP request using the
PORT_SET option may result in multiple responses. For this to
happen, it is necessary that the request contain the nonce associated
with multiple mappings on the server. Therefore, an on-path attacker
could use an eavesdropped nonce to mount an amplification attack.
Use of PCP authentication ([RFC6887], Section 18) eliminates this
attack vector.
Sun, et al. Standards Track [Page 15]
^L
RFC 7753 PCP PORT_SET February 2016
In order to prevent a PCP client from controlling all ports bound to
a shared IP address, port quotas should be configured on the PCP
server (Section 17.2 of [RFC6887]).
8. IANA Considerations
IANA has allocated value 130 in the "PCP Options" registry at
<http://www.iana.org/assignments/pcp-parameters> for the new PCP
option defined in Section 4.
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and
P. Selkirk, "Port Control Protocol (PCP)", RFC 6887,
DOI 10.17487/RFC6887, April 2013,
<http://www.rfc-editor.org/info/rfc6887>.
9.2. Informative References
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002,
<http://www.rfc-editor.org/info/rfc3261>.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550,
July 2003, <http://www.rfc-editor.org/info/rfc3550>.
[RFC4787] Audet, F., Ed. and C. Jennings, "Network Address
Translation (NAT) Behavioral Requirements for Unicast
UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January
2007, <http://www.rfc-editor.org/info/rfc4787>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <http://www.rfc-editor.org/info/rfc6888>.
Sun, et al. Standards Track [Page 16]
^L
RFC 7753 PCP PORT_SET February 2016
[RFC6970] Boucadair, M., Penno, R., and D. Wing, "Universal Plug and
Play (UPnP) Internet Gateway Device - Port Control
Protocol Interworking Function (IGD-PCP IWF)", RFC 6970,
DOI 10.17487/RFC6970, July 2013,
<http://www.rfc-editor.org/info/rfc6970>.
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I.
Farrer, "Lightweight 4over6: An Extension to the Dual-
Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596,
July 2015, <http://www.rfc-editor.org/info/rfc7596>.
Acknowledgements
The authors would like to express sincere appreciation to Alain
Durand, Cong Liu, Dan Wing, Dave Thaler, Peter Koch, Reinaldo Penno,
Sam Hartman, Stuart Cheshire, Ted Lemon, Yoshihiro Ohba, Meral
Shirazipour, Jouni Korhonen, and Ben Campbell for their useful
comments and suggestions.
Contributors
The following individuals contributed to this document:
Yunqing Chen
China Telecom
Room 502, No.118, Xizhimennei Street
Beijing 100035
China
Chongfeng Xie
China Telecom
Room 502, No.118, Xizhimennei Street
Beijing 100035
China
Yong Cui
Tsinghua University
Beijing 100084
China
Phone: +86-10-62603059
Email: yong@csnet1.cs.tsinghua.edu.cn
Sun, et al. Standards Track [Page 17]
^L
RFC 7753 PCP PORT_SET February 2016
Qi Sun
Tsinghua University
Beijing 100084
China
Phone: +86-10-62785822
Email: sunqibupt@gmail.com
Gabor Bajko
Mediatek Inc.
Email: gabor.bajko@mediatek.com
Xiaohong Deng
France Telecom
Email: xiaohong.deng@orange-ftgroup.com
Authors' Addresses
Qiong Sun
China Telecom
China
Phone: 86 10 58552936
Email: sunqiong@ctbri.com.cn
Mohamed Boucadair
France Telecom
Rennes 35000
France
Email: mohamed.boucadair@orange.com
Senthil Sivakumar
Cisco Systems
7100-8 Kit Creek Road
Research Triangle Park, NC 27709
United States
Phone: +1 919 392 5158
Email: ssenthil@cisco.com
Sun, et al. Standards Track [Page 18]
^L
RFC 7753 PCP PORT_SET February 2016
Cathy Zhou
Huawei Technologies
Bantian, Longgang District
Shenzhen 518129
China
Email: cathy.zhou@huawei.com
Tina Tsou
Philips Lighting
3 Burlington Woods Dr #4t
Burlington, MA 01803
United States
Phone: +1 617-423-9999
Email: tina.tsou@philips.com
Simon Perreault
Jive Communications
Quebec, QC
Canada
Email: sperreault@jive.com
Sun, et al. Standards Track [Page 19]
^L
|
