PCP WG M. Boucadair Internet-Draft France Telecom Intended status: Informational February 13, 2013 Expires: August 17, 2013 PCP Flow Examples draft-boucadair-pcp-flow-examples-00 Abstract This document provides a set of examples to illustrate PCP operations. It is a companion document to the base PCP specification. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 17, 2013. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Boucadair Expires August 17, 2013 [Page 1] Internet-Draft PCP Flow Examples February 2013 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Basic MAP Operations . . . . . . . . . . . . . . . . . . . . . 3 2.1. Suggested External Port Honored by the PCP Server . . . . 3 2.2. IPv6-enabled PCP Client . . . . . . . . . . . . . . . . . 4 2.3. Remove an Existing Mapping . . . . . . . . . . . . . . . . 5 2.4. Suggested External Port Not Honored by the PCP Server . . 6 2.5. Suggested External IP Address . . . . . . . . . . . . . . 7 2.6. Create Mapping with Distinct External IP Addresses . . . . 8 2.7. Mapping Nonce Doesn't Match . . . . . . . . . . . . . . . 11 2.8. PREFERE_FAILURE Option: Requested Port is Honored . . . . 11 2.9. PREFERE_FAILURE Option: Requested Port is not Honored . . 12 2.10. Existing Implicit Mapping . . . . . . . . . . . . . . . . 13 2.11. Create a Mapping for All Incoming Traffic of a Given Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.12. Create a Mapping for All Protocols . . . . . . . . . . . . 15 2.13. Malformed Request . . . . . . . . . . . . . . . . . . . . 16 2.14. Exceeded Port Quota . . . . . . . . . . . . . . . . . . . 16 2.15. Unsupported Protocol . . . . . . . . . . . . . . . . . . . 17 2.16. Unsolicited MAP Response . . . . . . . . . . . . . . . . . 18 2.17. Mapping Repair . . . . . . . . . . . . . . . . . . . . . . 18 3. NAT Detect Example . . . . . . . . . . . . . . . . . . . . . . 20 4. Retrieve the External IP Address . . . . . . . . . . . . . . . 21 5. THIRD_PARTY Examples . . . . . . . . . . . . . . . . . . . . . 22 5.1. THIRD_PARTY Enabled at the Server Side . . . . . . . . . . 22 5.2. THIRD_PARTY Disabled at the Server Side . . . . . . . . . 22 5.3. Malformed Request . . . . . . . . . . . . . . . . . . . . 23 6. MAP with FILTER Examples . . . . . . . . . . . . . . . . . . . 24 6.1. Basic Filter Usage . . . . . . . . . . . . . . . . . . . . 24 6.2. Remove All Filters . . . . . . . . . . . . . . . . . . . . 25 6.3. Change an Existing Filter . . . . . . . . . . . . . . . . 26 7. Assess the Reachability of the PCP Server . . . . . . . . . . 27 8. PEER Operations . . . . . . . . . . . . . . . . . . . . . . . 27 8.1. No Mapping Exists for the Internal Port Number . . . . . . 28 8.2. A Mapping Exists for the External Port Number . . . . . . 29 8.3. External IP Address Cannot be Honored . . . . . . . . . . 30 8.4. Extend the Lifetime . . . . . . . . . . . . . . . . . . . 30 8.5. Learn the Lifetime of a Mapping . . . . . . . . . . . . . 32 9. Version Negotiation . . . . . . . . . . . . . . . . . . . . . 32 10. Security Considerations . . . . . . . . . . . . . . . . . . . 33 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 33 13. Normative References . . . . . . . . . . . . . . . . . . . . . 33 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 34 Boucadair Expires August 17, 2013 [Page 2] Internet-Draft PCP Flow Examples February 2013 1. Introduction As a companion document to [I-D.ietf-pcp-base], this document provides examples to help understanding the PCP machinery and exchanged PCP messages in various usage contexts. For more details about PCP protocol specification, the reader is invited to refer to [I-D.ietf-pcp-base]. Examples included in this document make use of the IPv4 and IPv6 address blocks for documentation purposes defined in [RFC5737] and [RFC3849]. 2. Basic MAP Operations The following figure illustrates the messages which are exchanged to create a mapping in a PCP-controlled device with MAP OpCode. +------+ +------+ | PCP | | PCP | |Client| |Server| +------+ +------+ | (1) PCP MAP Request | |--------------------------------->| | (2) PCP MAP Response | |<---------------------------------| | | Figure 1: Example of creating a mapping The following sub-sections provide several examples depending on the content of the MAP request and the decision of the PCP Server. 2.1. Suggested External Port Honored by the PCP Server This example illustrates the content of exchanged PCP messages when the PCP Client does not include any PCP Option in its request. In this example, the PCP Server assigns the suggested port number. In reference to Figure 1, the content of exchanged PCP messages is as follows: Boucadair Expires August 17, 2013 [Page 3] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Figure 2: MAP request (suggested External Port Honored by the PCP Server) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Assigned External Port: 3938 Assigned External IP Address: ::ffff:192.0.2.1 Figure 3: MAP Response (suggested External Port Honored by the PCP Server) 2.2. IPv6-enabled PCP Client This example illustrates the content of exchanged PCP messages when the PCP Client is assigned with an IPv6 address but the remote server controls a NAT44 device. In reference to Figure 1, the content of exchanged PCP messages is as follows: Boucadair Expires August 17, 2013 [Page 4] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: 2001:db8:0:0:1::1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Figure 4: MAP request (suggested External Port Honored by the PCP Server) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Assigned External Port: 3938 Assigned External IP Address: ::ffff:192.0.2.1 Figure 5: MAP Response (suggested External Port Honored by the PCP Server) 2.3. Remove an Existing Mapping This example illustrates the content of exchanged PCP messages when the PCP Client request the removal of an existing mapping. Boucadair Expires August 17, 2013 [Page 5] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 0 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Assigned External IP Address: ::ffff:192.0.2.1 Figure 6: MAP request (Remove an Existing Mapping) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 0 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Assigned External Port: 3938 Assigned External IP Address: ::ffff:192.0.2.1 Figure 7: MAP Response (Remove an Existing Mapping) 2.4. Suggested External Port Not Honored by the PCP Server This example illustrates the content of exchanged PCP messages when the PCP Client does not include any PCP Option in its request. In this example, the PCP Server does not assign the suggested external port number. In reference to Figure 1, the content of exchanged PCP messages is as follows: Boucadair Expires August 17, 2013 [Page 6] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 11000 Suggested External Port: 11000 Suggested External IP Address: ::ffff:0.0.0.0 Figure 8: MAP request (Suggested External Port Not Honored by the PCP Server) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 11000 Assigned External Port: 15200 Assigned External IP Address: ::ffff:192.0.2.1 Figure 9: MAP Response (Suggested External Port Not Honored by the PCP Server) 2.5. Suggested External IP Address This example illustrates the content of exchanged PCP messages when the PCP Client does not include any PCP Option in its request. In this example, the PCP Client indicates a hinted external IP address honored by the PCP Server. In reference to Figure 1, the content of exchanged PCP messages is as follows: Boucadair Expires August 17, 2013 [Page 7] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:192.0.2.1 Figure 10: MAP request (Suggested External IP Address) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Assigned External Port: 15200 Assigned External IP Address: ::ffff:192.0.2.1 Figure 11: MAP Response (Suggested External IP Address) 2.6. Create Mapping with Distinct External IP Addresses Figure 12 shows a PCP Server with a pool of public IPv4 addresses (192.0.2/24) and two PCP Clients associated with different subscribers. The PCP Clients each make a port mapping request to the PCP Server which creates the mapping from its 192.0.2/24 pool. Boucadair Expires August 17, 2013 [Page 8] Internet-Draft PCP Flow Examples February 2013 +--------+ +------+ +--------+ | PCP | | PCP | | PCP | |Client 1| |Server| |Client 2| +--------+ +------+ +--------+ | (1) PCP MAP Request | | |---------------------------->| | | (2) PCP MAP Response | | |<----------------------------| (a) PCP MAP Request | | |<---------------------------| | | (b) PCP MAP Response | | |--------------------------->| | | | Figure 12: Example of creating mappings with distinct external IP addresses In this example, the PCP Clients were mapped to different public addresses as illustrated in the content of the PCP messages listed below. The content of PCP messages exchanged between PCP Client 1 and the PCP Server is as follows: Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: TCP (6) Internal Port: 15333 Suggested External Port: 15333 Suggested External IP Address: ::ffff:0.0.0.0 Figure 13: MAP request (PCP Client 1) Boucadair Expires August 17, 2013 [Page 9] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: TCP (6) Internal Port: 15333 Assigned External Port: 12000 Assigned External IP Address: ::ffff:192.0.2.1 Figure 14: MAP Response (PCP Client 1) The content of PCP messages exchanged between PCP Client 2 and the PCP Server is as follows: Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.2 MAP Request: Mapping Nonce: 59869 Protocol: UDP (17) Internal Port: 12000 Suggested External Port: 12000 Suggested External IP Address: ::ffff:0.0.0.0 Figure 15: MAP request (PCP Client 2) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 59869 Protocol: UDP (17) Internal Port: 12000 Assigned External Port: 6000 Assigned External IP Address: ::ffff:192.0.2.2 Figure 16: MAP Response (PCP Client 2) Boucadair Expires August 17, 2013 [Page 10] Internet-Draft PCP Flow Examples February 2013 2.7. Mapping Nonce Doesn't Match This example illustrates the content of exchanged PCP messages when the PCP Client does not include any PCP Option in its request. In this example, the PCP Client indicates a distinct Mapping Nonce than the one stored by the PCP Server. In reference to Figure 1, the content of exchanged PCP messages is as follows: Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 45687 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:192.0.2.1 Figure 17: MAP request (Mapping Nonce Doesn't Match) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: NOT_AUTHORIZED (0x02) Lifetime: 35550 sec Epoch Time: 1300 Figure 18: MAP Response (Mapping Nonce Doesn't Match) 2.8. PREFERE_FAILURE Option: Requested Port is Honored This flow shows an example of the content of PCP messages that will be exchanged to create a mapping in a PCP-controlled device. In this example, the PCP Client indicates a requested external UDP port number and also a PREFERE_FAILURE Option. In this example, we suppose the requested port can be honored by the PCP Server. In reference to Figure 1, the content of exchanged PCP messages is as follows: Boucadair Expires August 17, 2013 [Page 11] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 1234 Suggested External Port: 12536 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: PREFER_FAILURE (0x02) Option Length: 0 bytes Data: (NULL) Figure 19: MAP request ( PREFERE_FAILURE Option: Requested Port is Honored) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 36000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 1234 Assigned External Port: 12536 Assigned External IP Address: ::ffff:192.0.2.1 Figure 20: MAP Response ( PREFERE_FAILURE Option: Requested Port is Honored) 2.9. PREFERE_FAILURE Option: Requested Port is not Honored This flow shows an example of the content of PCP messages that will be exchanged to create a mapping in a PCP-controlled device. In this example, the PCP Client indicates a requested external UDP port number and also a PREFERE_FAILURE Option. In this example, we suppose the requested port cannot be honored by the PCP Server. In reference to Figure 1, the content of exchanged PCP messages is as follows: Boucadair Expires August 17, 2013 [Page 12] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 1234 Suggested External Port: 1234 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: PREFER_FAILURE (0x02) Option Length: 0 bytes Data: (NULL) Figure 21: MAP request (PREFERE_FAILURE Option: Requested Port is not Honored) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: CANNOT_PROVIDE_EXTERNAL (0x11) Lifetime: 1560 sec Epoch Time: 1300 Figure 22: MAP Response (PREFERE_FAILURE Option: Requested Port is not Honored) 2.10. Existing Implicit Mapping This example illustrates the content of exchanged PCP messages when the PCP Client requests a mapping which matches an existing implicit dynamic mapping (see Figure 23). In this example, the PCP-Controlled device assigns 10000 as external port number when translating the packet from the client having with source port set to 1234. Boucadair Expires August 17, 2013 [Page 13] Internet-Draft PCP Flow Examples February 2013 +------+ +------+ | PCP | | PCP | |Client| |Server| +------+ +------+ | (a) TCP SYN(src:1234) | |--------------------------------->| | (1) PCP MAP Request | |--------------------------------->| | (2) PCP MAP Response | |<---------------------------------| | | Figure 23: Example of creating a mapping In reference to Figure 1, the content of exchanged PCP messages is as follows: Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: TCP (0x06) Internal Port: 1234 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Figure 24: MAP request (Existing Implicit Mapping) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: TCP (0x06) Internal Port: 1234 Assigned External Port: 10000 Assigned External IP Address: ::ffff:192.0.2.1 Figure 25: MAP Response (Existing Implicit Mapping) Boucadair Expires August 17, 2013 [Page 14] Internet-Draft PCP Flow Examples February 2013 2.11. Create a Mapping for All Incoming Traffic of a Given Protocol This example illustrates the content of the PCP MAP request to create a mapping for all incoming traffic of a given protocol (UDP is used in this example). Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 0 Suggested External Port: 0 Suggested External IP Address: ::ffff:0.0.0.0 Figure 26: MAP request (Create a mapping for all incoming traffic of a given protocol) The PCP Server may honor the request or reject it by sending UNSUPP_PROTOCOL (0x09) error. 2.12. Create a Mapping for All Protocols This example illustrates the content of the PCP MAP request to create a mapping for the traffic of all protocols. Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: ANY (0) Internal Port: 0 Suggested External Port: 0 Suggested External IP Address: ::ffff:0.0.0.0 Figure 27: MAP request (Create a mapping for all protocols) The PCP Server may honor the request or reject it by sending UNSUPP_PROTOCOL (0x09) error. Boucadair Expires August 17, 2013 [Page 15] Internet-Draft PCP Flow Examples February 2013 2.13. Malformed Request This flow shows an example of the content of PCP messages that will be exchanged when a malformed request is received by the PCP Server. In this example, the Protocol field is set to null. Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 45698 Protocol: ANY (0) Internal Port: 5698 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: PREFER_FAILURE (0x02) Option Length: 0 bytes Data: (NULL) Figure 28: MAP request (Malformed Request) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: MALFORMED_REQUEST (0x02) Lifetime: 0 sec Epoch Time: 1300 Figure 29: MAP Response (Malformed Request) 2.14. Exceeded Port Quota This flow shows an example of the content of PCP messages that will be exchanged when a per-user quota is reached. A short lifetime is returned so that the client may retry and see if the request can be honored because another state has been removed. Boucadair Expires August 17, 2013 [Page 16] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 45698 Protocol: UDP (17) Internal Port: 8695 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: PREFER_FAILURE (0x02) Option Length: 0 bytes Data: (NULL) Figure 30: MAP request (Exceeded Port Quota) Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: USER_EX_QUOTA (10) Lifetime: 300 sec Epoch Time: 1300 Figure 31: MAP Response (Exceeded Port Quota) 2.15. Unsupported Protocol This flow shows an example of the content of PCP messages that will be exchanged when the requested port is not supported by the PCP Server. In this example, SCTP is indicated as the requested protocol. Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 45698 Protocol: SCTP (132) Internal Port: 8695 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Figure 32: MAP request (Unsupported Protocol) Boucadair Expires August 17, 2013 [Page 17] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: UNSUPP_PROTOCOL (9) Lifetime: 0 sec Epoch Time: 1300 Figure 33: MAP Response (Unsupported Protocol) 2.16. Unsolicited MAP Response Suppose the client has instructed a UDP mapping for port 3938 (assigned external port is 15000 and assigned external IPv4 address is: 192.0.2.1). Upon a change of a state: e.g., change of the external IP Address, the PCP Server issues an unsolicited MAP response. The content of the MAP response sent by the PCP Server is shown below. The PCP Client is now aware of the new assigned external IP address. Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: TCP (0x06) Internal Port: 1234 Assigned External Port: 10000 Assigned External IP Address: ::ffff:192.0.2.2 Figure 34: Unsolicited MAP Response 2.17. Mapping Repair An example of mapping repair is shown in Figure 35. Boucadair Expires August 17, 2013 [Page 18] Internet-Draft PCP Flow Examples February 2013 +------+ +------+ | PCP | | PCP | |Client| |Server| +------+ +------+ | (1) PCP ANNOUNCE | |<----------------------------| | (2) PCP MAP REQUEST | |---------------------------->| | (3) PCP MAP RESPONSE | |<----------------------------| | | Figure 35: Flow Example of a PING/PONG exchange: Check the availability of the PCP Server Version: 2 R bit: Response (1) Opcode: ANNOUNCE (0x00) Result Code: 0 Lifetime: 0 sec Epoch Time: 0 Figure 36: Unsolicited ANNOUNCE Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 11000 Assigned External Port: 15200 Assigned External IP Address: ::ffff:192.0.2.1 Figure 37: MAP request Boucadair Expires August 17, 2013 [Page 19] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 10 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 11000 Assigned External Port: 15200 Assigned External IP Address: ::ffff:192.0.2.1 Figure 38: MAP Response 3. NAT Detect Example Let us suppose a PCP-unaware NAT is located between the PCP Server and the PCP Client. An example of PCP MAP request issued by the PCP Client is shown below. Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 11000 Assigned External Port: 15200 Assigned External IP Address: ::ffff:0.0.0.0 Figure 39: MAP request (NAT Detect) This message will be translated by the PCP-unaware NAT. The source IP address if the resulting message will be another address than 198.51.100.1. Upon receipt of this message, the PCP Server compares the source IP address and the content of PCP Client's IP Address field. Because the two addresses are not equal, the PCP Server concludes there is PCP-unaware device in the path. As a result, the PCP Server will issue the following error message: Boucadair Expires August 17, 2013 [Page 20] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: ADDRESS_MISMATCH (12) Lifetime: 0 sec Epoch Time: 36000 Figure 40: MAP Response (NAT Detect) 4. Retrieve the External IP Address In order to retrieve the IP address used on the external side of the PCP-controlled device, the PCP Client sends a short-lived mapping (e.g., Discard service (TCP/9 or UDP/9) or other port). The returned IP address can be displayed by any application requiring such information. Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 5 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 9 Suggested External Port: 9 Suggested External IP Address: ::ffff:0.0.0.0 Figure 41: MAP request Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 60 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 9 Suggested External Port: 9 Assigned External IP Address: ::ffff:192.0.2.1 Figure 42: MAP Response Boucadair Expires August 17, 2013 [Page 21] Internet-Draft PCP Flow Examples February 2013 5. THIRD_PARTY Examples 5.1. THIRD_PARTY Enabled at the Server Side The following messages are exchanged when the THIRD_PARTY option is enabled in the PCP Server side. In this example the PCP Client creates a mapping for the host assigned with 198.51.100.2. Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 16584 Protocol: UDP (17) Internal Port: 8080 Suggested External Port: 8080 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: THIRD_PARTY (0x01) Option Length: 16 bytes Data: ::ffff:198.51.100.2 Figure 43: MAP request with THIRD_PARTY Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 16584 Protocol: UDP (17) Internal Port: 8080 Assigned External Port: 15000 Assigned External IP Address: ::ffff:161.105.194.14 Option Code: THIRD_PARTY (0x01) Option Length: 16 bytes Data: ::ffff:198.51.100.2 Figure 44: MAP Response with THIRD_PARTY 5.2. THIRD_PARTY Disabled at the Server Side The following messages are exchanged when the THIRD_PARTY option is disabled in the PCP Server side. In this example the PCP Client tries to create a mapping for the host assigned with 198.51.100.2. Boucadair Expires August 17, 2013 [Page 22] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 16584 Protocol: UDP (17) Internal Port: 8080 Suggested External Port: 8080 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: THIRD_PARTY (0x01) Option Length: 16 bytes Data: ::ffff:198.51.100.2 Figure 45: MAP request with THIRD_PARTY Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: UNSUPP_OPTION (0x05) Lifetime: 0 sec Epoch Time: 1562 Figure 46: MAP Response with THIRD_PARTY 5.3. Malformed Request In this example the PCP Client inserts a THIRD_PARTY option which include the IP address of the PCP Client. Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 16584 Protocol: UDP (17) Internal Port: 8080 Suggested External Port: 8080 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: THIRD_PARTY (0x01) Option Length: 16 bytes Data: ::ffff:198.51.100.1 Figure 47: MAP request with THIRD_PARTY Boucadair Expires August 17, 2013 [Page 23] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: MALFORMED_REQUEST (0x03) Lifetime: 0 sec Epoch Time: 1562 Figure 48: MAP Response with THIRD_PARTY 6. MAP with FILTER Examples 6.1. Basic Filter Usage This example illustrates the content of exchanged PCP messages when the PCP Client wants to receive traffic only from 192.0.2.200:5968. In reference to Figure 1, the content of exchanged PCP messages is as follows: Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: FILTER (0x03) Option Length: 20 bytes Data: Prefix Length: 128 Remote Peer Port: 5968 Remote Peer IP Address: ::ffff:192.0.2.200 Figure 49: MAP request Boucadair Expires August 17, 2013 [Page 24] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Assigned External Port: 3938 Assigned External IP Address: ::ffff:192.0.2.1 Option Code: FILTER (0x03) Option Length: 20 bytes Data: Prefix Length: 128 Remote Peer Port: 5968 Remote Peer IP Address: ::ffff:192.0.2.200 Figure 50: MAP Response 6.2. Remove All Filters This example illustrates the content of exchanged PCP messages when the PCP Client wants to remove all filters. In reference to Figure 1, the content of exchanged PCP messages is as follows: Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: FILTER (0x03) Option Length: 20 bytes Data: Prefix Length: 0 Remote Peer Port: 0 Remote Peer IP Address: ::ffff:0:0 Figure 51: MAP request Boucadair Expires August 17, 2013 [Page 25] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 MAP Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Assigned External Port: 3938 Assigned External IP Address: ::ffff:192.0.2.1 Option Code: FILTER (0x03) Option Length: 20 bytes Data: Prefix Length: 0 Remote Peer Port: 0 Remote Peer IP Address: ::ffff:0:0 Figure 52: MAP Response 6.3. Change an Existing Filter This example illustrates the content of exchanged PCP messages when the PCP Client wants to change an existing filter. In reference to Figure 1, the content of exchanged PCP messages is as follows: Version: 2 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Option Code: FILTER (0x03) Option Length: 20 bytes Data: Prefix Length: 0 Remote Peer Port: 0 Remote Peer IP Address: ::ffff:0:0 Option Code: FILTER (0x03) Option Length: 20 bytes Data: Prefix Length: 128 Remote Peer Port: 5968 Remote Peer IP Address: ::ffff:192.0.2.201 Figure 53: MAP request Boucadair Expires August 17, 2013 [Page 26] Internet-Draft PCP Flow Examples February 2013 7. Assess the Reachability of the PCP Server In this example, the PCP Client issues a PCP ANNOUNCE request to an IP address of a PCP Server. Once received by the PCP Server, since it is configured to reply to such request, it sends back a PCP ANNOUNCE response. This procedure can be used to retrieve the Epoch time. +------+ +------+ | PCP | | PCP | |Client| |Server| +------+ +------+ | (1) PCP ANNOUNCE REQUEST | |---------------------------->| | (2) PCP ANNOUNCE RESPONSE | |<----------------------------| | | Figure 54: Flow Example of a PING/PONG exchange: Check the availability of the PCP Server Version: 2 R bit: Request (0) Opcode: ANNOUNCE (0x00) Requested Lifetime: 0 sec PCP Client's IP Address: ::ffff:198.51.100.1 Figure 55: ANNOUNCE Request Version: 2 R bit: Response (1) Opcode: ANNOUNCE (0x00) Result Code: 0 Lifetime: 0 sec Epoch Time: 3600 Figure 56: ANNOUNCE Response 8. PEER Operations The following figure illustrates the messages which are exchanged when PEER OpCode is used: Boucadair Expires August 17, 2013 [Page 27] Internet-Draft PCP Flow Examples February 2013 +------+ +------+ | PCP | | PCP | |Client| |Server| +------+ +------+ | (1) PCP PEER Request | |--------------------------------->| | (2) PCP PEER Response | |<---------------------------------| | | Figure 57: Typical Example of PEER usage 8.1. No Mapping Exists for the Internal Port Number In reference to Figure 57, the content of exchanged PEER messages when no mapping is maintained by the PCP Server for the indicated external port number: Version: 2 R bit: Request (0) Opcode: PEER (0x02) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 PEER Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Remote Peer Port: 12456 Remote IP Address: ::ffff:198.51.100.2 Figure 58: PEER request Boucadair Expires August 17, 2013 [Page 28] Internet-Draft PCP Flow Examples February 2013 Version: 2 R bit: Response (1) Opcode: PEER (0x02) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 PEER Response: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Assigned External Port: 3938 Assigned External IP Address: ::ffff:192.0.2.1 Remote Peer Port: 12456 Remote IP Address: ::ffff:198.51.100.2 Figure 59: PEER Response 8.2. A Mapping Exists for the External Port Number In reference to Figure 57, the content of exchanged PEER messages when a mapping is maintained by the PCP Server for the indicated external port number: Version: 2 R bit: Request (0) Opcode: PEER (0x02) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 PEER Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Remote Peer Port: 12456 Remote IP Address: ::ffff:198.51.100.2 Figure 60: PEER request Version: 2 R bit: Response (1) Opcode: PEER (0x02) Result Code: CANNOT_PROVIDE_EXTERNAL Lifetime: 0 sec Epoch Time: 36000 Figure 61: PEER Response Boucadair Expires August 17, 2013 [Page 29] Internet-Draft PCP Flow Examples February 2013 8.3. External IP Address Cannot be Honored In reference to Figure 57, the content of exchanged PEER messages when the suggested external IP address does not match an existing mapping is shown below: Version: 2 R bit: Request (0) Opcode: PEER (0x02) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 PEER Request: Mapping Nonce: 15685 Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:192.0.2.5 Remote Peer Port: 12456 Remote IP Address: ::ffff:198.51.100.2 Figure 62: PEER request Version: 2 R bit: Response (1) Opcode: PEER (0x02) Result Code: CANNOT_PROVIDE_EXTERNAL Lifetime: 0 sec Epoch Time: 36000 Figure 63: PEER Response 8.4. Extend the Lifetime In reference to Figure 64, the content of exchanged PEER messages to extend the lifetime of a mapping. Boucadair Expires August 17, 2013 [Page 30] Internet-Draft PCP Flow Examples February 2013 +------+ +------+ | PCP | | PCP | |Client| |Server| +------+ +------+ | (a) TCP SYN(src:3938) | |--------------------------------->| | (1) PCP PEER Request | |--------------------------------->| | (2) PCP PEER Response | |<---------------------------------| | | Figure 64: Example of creating a mapping Version: 2 R bit: Request (0) Opcode: PEER (0x02) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 PEER Request: Mapping Nonce: 15685 Protocol: TCP (6) Internal Port: 3938 Suggested External Port: 0 Suggested External IP Address: ::ffff:0.0.0.0 Remote Peer Port: 12456 Remote IP Address: ::ffff:198.51.100.2 Figure 65: PEER request Version: 2 R bit: Response (1) Opcode: PEER (0x02) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 PEER Response: Mapping Nonce: 15685 Protocol: TCP (6) Internal Port: 3938 Assigned External Port: 11000 Assigned External IP Address: ::ffff:192.0.2.1 Remote Peer Port: 12456 Remote IP Address: ::ffff:198.51.100.2 Figure 66: PEER Response Boucadair Expires August 17, 2013 [Page 31] Internet-Draft PCP Flow Examples February 2013 8.5. Learn the Lifetime of a Mapping In reference to Figure 64, the content of exchanged PEER messages to learn the lifetime of a mapping is shown below: Version: 2 R bit: Request (0) Opcode: PEER (0x02) Requested Lifetime: 5 sec PCP Client's IP Address: ::ffff:198.51.100.1 PEER Request: Mapping Nonce: 15685 Protocol: TCP (6) Internal Port: 3938 Suggested External Port: 0 Suggested External IP Address: ::ffff:0.0.0.0 Remote Peer Port: 12456 Remote IP Address: ::ffff:198.51.100.2 Figure 67: PEER request Version: 2 R bit: Response (1) Opcode: PEER (0x02) Result Code: 0 Lifetime: 20000 sec Epoch Time: 1250 PEER Response: Mapping Nonce: 15685 Protocol: TCP (6) Internal Port: 3938 Assigned External Port: 11000 Assigned External IP Address: ::ffff:192.0.2.1 Remote Peer Port: 12456 Remote IP Address: ::ffff:198.51.100.2 Figure 68: PEER Response 9. Version Negotiation Suppose the PCP Client supports PCP version 1 while the PCP Server supports PCP version 2. The following exchange will be observed: Boucadair Expires August 17, 2013 [Page 32] Internet-Draft PCP Flow Examples February 2013 Version: 1 R bit: Request (0) Opcode: MAP (0x01) Requested Lifetime: 36000 sec PCP Client's IP Address: ::ffff:198.51.100.1 MAP Request: Protocol: UDP (17) Internal Port: 3938 Suggested External Port: 3938 Suggested External IP Address: ::ffff:0.0.0.0 Figure 69: MAP Request with Version 1 Version: 2 R bit: Response (1) Opcode: MAP (0x01) Result Code: UNSUPP_VERSION (1) Lifetime: 0 sec Epoch Time: 3600 Figure 70: MAP Response (Unsupported Version) 10. Security Considerations This document does not define any protocol nor architecture. PCP security considerations are discussed in [I-D.ietf-pcp-base]. 11. IANA Considerations This document has no IANA actions. 12. Acknowledgements Many thanks to C. Jacquenet for his review. 13. Normative References [I-D.ietf-pcp-base] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", draft-ietf-pcp-base-29 (work in progress), November 2012. [RFC3849] Huston, G., Lord, A., and P. Smith, "IPv6 Address Prefix Reserved for Documentation", RFC 3849, July 2004. Boucadair Expires August 17, 2013 [Page 33] Internet-Draft PCP Flow Examples February 2013 [RFC5737] Arkko, J., Cotton, M., and L. Vegoda, "IPv4 Address Blocks Reserved for Documentation", RFC 5737, January 2010. Author's Address Mohamed Boucadair France Telecom Rennes, 35000 France Email: mohamed.boucadair@orange.com Boucadair Expires August 17, 2013 [Page 34]