idnits 2.17.00 (12 Aug 2021) /tmp/idnits24500/draft-werner-nsis-natfw-nslp-statemachine-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1.a on line 20. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1014. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 991. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 998. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1004. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: This document is an Internet-Draft and is subject to all provisions of Section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard == It seems as if not all pages are separated by form feeds - found 0 form feeds but 32 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 2 instances of lines with control characters in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 299: '...This CHECK_AA also MAY include a local...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year ** The document contains RFC2119-like boilerplate, but doesn't seem to mention RFC 2119. The boilerplate contains a reference [2], but that reference does not seem to mention RFC 2119 either. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 2004) is 6395 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'NoNR' on line 911 -- Looks like a reference, but probably isn't: 'Scope' on line 911 == Outdated reference: draft-ietf-nsis-nslp-natfw has been published as RFC 5973 ** Downref: Normative reference to an Experimental draft: draft-ietf-nsis-nslp-natfw (ref. '1') -- Possible downref: Non-RFC (?) normative reference: ref. '2' == Outdated reference: A later version (-01) exists of draft-ohba-pana-statemachine-00 == Outdated reference: draft-ietf-eap-statemachine has been published as RFC 4137 == Outdated reference: draft-ietf-nsis-threats has been published as RFC 4081 Summary: 10 errors (**), 0 flaws (~~), 7 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NSIS C. Werner 2 Internet-Draft X. Fu 3 Expires: May 2, 2005 Univ. Goettingen 4 H. Tschofenig 5 Siemens 6 C. Aoun 7 Nortel 8 November 2004 10 NSLP NAT/FW State Machine 11 draft-werner-nsis-natfw-nslp-statemachine-00.txt 13 Status of this Memo 15 This document is an Internet-Draft and is subject to all provisions 16 of section 3 of RFC 3667. By submitting this Internet-Draft, each 17 author represents that any applicable patent or other IPR claims of 18 which he or she is aware have been or will be disclosed, and any of 19 which he or she become aware will be disclosed, in accordance with 20 RFC 3668. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF), its areas, and its working groups. Note that 24 other groups may also distribute working documents as 25 Internet-Drafts. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt. 35 The list of Internet-Draft Shadow Directories can be accessed at 36 http://www.ietf.org/shadow.html. 38 This Internet-Draft will expire on May 2, 2005. 40 Copyright Notice 42 Copyright (C) The Internet Society (2004). 44 Abstract 46 This document describes the state machines for the NSIS Signaling 47 Layer Protocol for Network Address Translation/Firewall signaling 48 (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at 49 different locations of a signaling path are presented in order to 50 illustrate how NAT/FW NSLP may be implemented. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 56 3. Notational conventions used in state diagrams . . . . . . . . 5 57 4. State Machine Symbols . . . . . . . . . . . . . . . . . . . . 8 58 5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 9 59 5.1 Common Procedures . . . . . . . . . . . . . . . . . . . . 9 60 5.2 Common Variables . . . . . . . . . . . . . . . . . . . . . 11 61 5.3 Constants . . . . . . . . . . . . . . . . . . . . . . . . 12 62 6. State machine for the NAT/FW NI . . . . . . . . . . . . . . . 13 63 7. State machines for the NAT/FW NF . . . . . . . . . . . . . . . 16 64 7.1 State machine for NAT/FW Firewall NF . . . . . . . . . . . 16 65 7.2 State machine for NAT/FW NAT NF . . . . . . . . . . . . . 18 66 8. State machine for the NAT/FW NR . . . . . . . . . . . . . . . 24 67 9. Security Considerations . . . . . . . . . . . . . . . . . . . 27 68 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 28 69 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 29 70 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 71 12.1 Normative References . . . . . . . . . . . . . . . . . . . . 30 72 12.2 Informative References . . . . . . . . . . . . . . . . . . . 30 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 30 74 Intellectual Property and Copyright Statements . . . . . . . . 32 76 1. Introduction 78 This document describes the state machines for NAT/FW NSLP [1], 79 trying to show how NAT/FW NSLP can be implemented to support its 80 deployment. The state machines described in this document are 81 illustrative of how the NAT/FW NSLP protocol defined in [1] may be 82 implemented for the first NAT/FW NSLP node in the signaling path, 83 intermediate NAT/FW NSLP nodes with Firewall and/or NAT 84 functionality, and the last NAT/FW NSLP node in the signaling path. 85 Where there are differences [1] are authoritative. The state 86 machines are informative only. Implementations may achieve the same 87 results using different methods. 89 The messages used in the NAT/FW NSLP protocol can be summarized as 90 follows: 92 Requesting message Responding message 93 ------------------------+--------------------------- 94 CREATE |RESPONSE 95 REA |RESPONSE 96 QUERY |RESPONSE 97 RESPONSE |NONE 98 NOTIFY |NONE 99 TRIGGER |CREATE 100 ------------------------+--------------------------- 102 We describe a set of state machines for different roles of entities 103 running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented. 105 2. Terminology 107 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 108 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 109 document are to be interpreted as described in [2]. 111 3. Notational conventions used in state diagrams 113 The following state transition tables are completed mostly based on 114 the conventions specified in [3]. The complete text is described 115 below. 117 State transition tables are used to represent the operation of the 118 protocol by a number of cooperating state machines each comprising a 119 group of connected, mutually exclusive states. Only one state of 120 each machine can be active at any given time. 122 All permissible transitions from a given state to other states and 123 associated actions performed when the transitions occur are 124 represented by using triplets of (exit condition, exit action, exit 125 state). All conditions are expressions that evaluate to TRUE or 126 FALSE; if a condition evaluates to TRUE, then the condition is met. 127 A state "ANY" is a wildcard state that matches the current state in 128 each state machine. The exit conditions of a wildcard state are 129 evaluated after all other exit conditions of specific to the current 130 state are met. 132 On exit from a state, the procedures defined for the state and the 133 exit condition are executed exactly once, in the order that they 134 appear on the page. (Note that the procedures defined in [4] are 135 executed on entry to a state, which is one major difference from this 136 document.) Each procedure is deemed to be atomic; i.e., execution of 137 a procedure completes before the next sequential procedure starts to 138 execute. No procedures execute outside of a state block. The 139 procedures in only one state block execute at a time, even if the 140 conditions for execution of state blocks in different state machines 141 are satisfied, and all procedures in an executing state block 142 complete execution before the transition to and execution of any 143 other state block occurs, i.e., the execution of any state block 144 appears to be atomic with respect to the execution of any other state 145 block and the transition condition to that state from the previous 146 state is TRUE when execution commences. The order of execution of 147 state blocks in different state machines is undefined except as 148 constrained by their transition conditions. A variable that is set 149 to a particular value in a state block retains this value until a 150 subsequent state block executes a procedure that modifies the value. 152 On completion of the transition from the previous state to the 153 current state, all exit conditions for the current state (including 154 exit conditions defined for the wildcard state) are evaluated 155 continuously until one of the conditions is met. 157 Any event variable is set to TRUE when the corresponding event occurs 158 and set to FALSE immediately after completion of the action 159 associated with the current state and the event. 161 The interpretation of the special symbols and operators is reused 162 from [4] and the state diagrams are based on the conventions 163 specified in [5], Section 8.2.1. 165 The complete text is reproduced here: 167 State diagrams are used to represent the operation of the protocol 168 by a number of cooperating state machines each comprising a group 169 of connected, mutually exclusive states. Only one state of each 170 machine can be active at any given time. 172 All permissible transitions between states are represented by 173 arrows, the arrowhead denoting the direction of the possible 174 transition. Labels attached to arrows denote the condition(s) 175 that must be met in order for the transition to take place. All 176 conditions are expressions that evaluate to TRUE or FALSE; if a 177 condition evaluates to TRUE, then the condition is met. The label 178 UCT denotes an unconditional transition (i.e., UCT always 179 evaluates to TRUE). A transition that is global in nature (i.e., 180 a transition that occurs from any of the possible states if the 181 condition attached to the arrow is met) is denoted by an open 182 arrow; i.e., no specific state is identified as the origin of the 183 transition. When the condition associated with a global 184 transition is met, it supersedes all other exit conditions 185 including UCT. The special global condition BEGIN supersedes all 186 other global conditions, and once asserted remains asserted until 187 all state blocks have executed to the point that variable 188 assignments and other consequences of their execution remain 189 unchanged. 191 On entry to a state, the procedures defined for the state (if any) 192 are executed exactly once, in the order that they appear on the 193 page. Each action is deemed to be atomic; i.e., execution of a 194 procedure completes before the next sequential procedure starts to 195 execute. No procedures execute outside of a state block. The 196 procedures in only one state block execute at a time, even if the 197 conditions for execution of state blocks in different state 198 machines are satisfied, and all procedures in an executing state 199 block complete execution before the transition to and execution of 200 any other state block occurs, i.e., the execution of any state 201 block appears to be atomic with respect to the execution of any 202 other state block and the transition condition to that state from 203 the previous state is TRUE when execution commences. The order of 204 execution of state blocks in different state machines is undefined 205 except as constrained by their transition conditions. A variable 206 that is set to a particular value in a state block retains this 207 value until a subsequent state block executes a procedure that 208 modifies the value. 210 On completion of all of the procedures within a state, all exit 211 conditions for the state (including all conditions associated with 212 global transitions) are evaluated continuously until one of the 213 conditions is met. The label ELSE denotes a transition that 214 occurs if none of the other conditions for transitions from the 215 state are met (i.e., ELSE evaluates to TRUE if all other possible 216 exit conditions from the state evaluate to FALSE). Where two or 217 more exit conditions with the same level of precedence become TRUE 218 simultaneously, the choice as to which exit condition causes the 219 state transition to take place is arbitrary. 221 In addition to the above notation, there are a couple of 222 clarifications specific to this document. First, all boolean 223 variables are initialized to FALSE before the state machine execution 224 begins. Second, the following notational shorthand is specific to 225 this document: 227 = | | ... 228 Execution of a statement of this form will result in 229 having a value of exactly one of the expressions. The logic for 230 which of those expressions gets executed is outside of the state 231 machine and could be environmental, configurable, or based on 232 another state machine such as that of the method. 234 4. State Machine Symbols 236 ( ) Used to force the precedence of operators in Boolean expressions 237 and to delimit the argument(s) of actions within state boxes. 238 ; Used as a terminating delimiter for actions within state boxes. 239 Where a state box contains multiple actions, the order of 240 execution follows the normal language conventions for reading 241 text. 242 = Assignment action. The value of the expression to the right of 243 the operator is assigned to the variable to the left of the 244 operator. Where this operator is used to define multiple 245 assignments, e.g., a = b = X the action causes the value of the 246 expression following the right-most assignment operator to be 247 assigned to all of the variables that appear to the left of the 248 right-most assignment operator. 249 ! Logical NOT operator. 250 && Logical AND operator. 251 || Logical OR operator. 252 if...then... Conditional action. If the Boolean expression 253 following the if evaluates to TRUE, then the action following the 254 then is executed. 255 \{ statement 1, ... statement N \} Compound statement. Braces are 256 used to group statements that are executed together as if they 257 were a single statement. 258 != Inequality. Evaluates to TRUE if the expression to the left of 259 the operator is not equal in value to the expression to the right. 260 == Equality. Evaluates to TRUE if the expression to the left of the 261 operator is equal in value to the expression to the right. 262 > Greater than. Evaluates to TRUE if the value of the expression to 263 the left of the operator is greater than the value of the 264 expression to the right. 265 <= Less than or equal to. Evaluates to TRUE if the value of the 266 expression to the left of the operator is either less than or 267 equal to the value of the expression to the right. 268 ++ Increment the preceding integer operator by 1. 270 5. Common Rules 272 Throughout the document we use terms defined in the [1], such as NI, 273 NF, NR, NI+, NR+, CREATE, QUERY, or RESPONSE. 275 5.1 Common Procedures 277 tx_CREATE(): Transmit a CREATE message 278 tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object 279 explicitly set to 0 for session deletion 280 tx_RESP(code,type): Transmit RESPONSE message with specified code 281 (SUCCESS or ERROR) and result type (related to a specific request 282 type message: CREATE, REA or QUERY). A code or result type may be 283 omitted, typically when forwarding received RESPONSE messages. 284 tx_QUERY(): Transmit QUERY message. 285 tx_NOTIFY(): Transmit NOTIFY message. 286 rx_RESP(code, type): Evaluates to TRUE if a RESPONSE message has been 287 received with the specified code (SUCCESS or ERROR) and result 288 type (related to a specific request type message: CREATE, REA or 289 QUERY). If the code or type is omitted, any received RESPONSE 290 message which is only matching the given code or type will 291 evaluate this procedure to TRUE. 292 rx_NOTIFY(): Evaluates to TRUE if a NOTIFY message has been received. 293 rx_QUERY(): Evaluates to TRUE if a QUERY message has been received 294 rx_CREATE(): Evaluates to TRUE if a CREATE message has been received. 295 CHECK_AA(): Checks Authorization and Authentication of the received 296 message. Evaluates to TRUE if the check is successful, otherwise 297 it evaluates to FALSE. This check is performed on all received 298 messages hence it will only be shown within the state machine when 299 the check has failed. This CHECK_AA also MAY include a local 300 policy check for the received message. 301 CHECK_NoNR(): Checks if the message can reach its targeted 302 destination, i.e. the NR if it exists at the targeted host. 303 CHECK_SCOPE(): Checks if the message has reached the network 304 boundaries defined by the SCOPE object. 305 Process Event(): Processes a NOTIFY messages and adapts the behaviour 306 of this node to the new condition. 307 Process Query(): Processes the received QUERY message and prepares 308 the appropriate RESPONSE message. 309 Binding.create(): Creates a public/private network translation 310 binding on a NAT device for the requesting entity. 311 Binding.clear(): Deletes a previously created a public/private 312 network translation binding on a NAT device for the requesting 313 entity. 314 Session.create(): Installs all session related states, variables, 315 bindings, policies. 317 Session.update(): Updates all session related states, variables, 318 bindings, policies based on received CREATE or TRIGGER if 319 applicable. 320 Session.clear(): Removes all session related states, variables, 321 bindings, policies. 322 PckFilter.create(): Installs a packet filter for the new session. 323 PckFilter.update(): Updates the packet filter for changes in the 324 session rules. 325 PckFilter.clear(): Removes a previously set packet filter. 326 Start.STATE_TIMER(identifier): This procedure starts a timer with a 327 certain timespan, which is up to the specific implementation. The 328 parameter 'identifier' identifies this timer uniquely. Any 329 subsequent Start_STATE_TIMER(x), Stop_STATE_TIMER(x), 330 TIMEOUT_STATE(x) refer to the same timer labeled x. This timer is 331 required to time the lifetime of state, which means that when it 332 times out, it indicates the current machine state should be left 333 or its validation has expired. This procedure starts the timer 334 'identifier'. If a timer with the same 'identifier' has 335 already been started and not yet stopped, the timer is now stopped 336 and restarted. After the timer has timed out, the procedure 337 TIMEOUT_STATE(identifier) evaluates to TRUE. The timer does not 338 restart automatically, but must be started again with a 339 Start_STATE_TIMER(identifier). Notice that there is no difference 340 to the Start_REFRESH_TIMER(identifier) procedure which has exactly 341 the same functionality. The different procedure names are only 342 supplied to underline the purpose of this specific timer. 343 Stop.STATE_TIMER(identifier): This procedure stops the timer labeled 344 'identifier'. If it has already been stopped, this procedure has 345 no effect. If the timer has already timed out, this procedure 346 removes the timeout-state from the timer 'identifier', so 347 subsequent calls to TIMEOUT_STATE(identifier) evaluate to FALSE. 348 A timeout cannot occur until the timer 'identifier' has been 349 (re-)started. 350 TIMEOUT.STATE(identifier): This procedure evaluates to TRUE if the 351 timer 'identifier' has timed out and indicates a state lifetime 352 expiration. Subsequent TIMEOUT_STATE(identifier) calls also 353 evaluate to TRUE until the timer 'identifier' has been 354 (re-)started. This procedure cannot evaluate to TRUE if the timer 355 has been stopped. 356 Start.REFRESH_TIMER(identifier): This procedure starts a timer with a 357 certain timespan, which is up to the specific implementation. The 358 parameter 'identifier' identifies this timer uniquely. Any 359 subsequent Start_REFRESH_TIMER(x), Stop_REFRESH_TIMER(x), 360 TIMEOUT_REFRESH(x) refer to the same timer labeled x. This timer 361 times a refresh interval, which means that when it times out, it 362 indicates a state refresh message is due to be sent. This 363 procedure starts the timer 'identifier'. If a timer with the same 364 'identifier' has already been started and not yet stopped, the 365 timer is now stopped and restarted. After the timer has timed 366 out, the procedure TIMEOUT_REFRESH(identifier) evaluates to TRUE. 367 The timer does not restart automatically, but must be started 368 again with a Start_REFRESH_TIMER(identifier). Notice that there 369 is no difference to the Start_STATE_TIMER(identifier) procedure 370 which has exactly the same functionality. The different procedure 371 names are only supplied to underline the purpose of this specific 372 timer. 373 Stop.REFRESH_TIMER(identifier): This procedure stops the timer 374 labeled 'identifier'. If it has already been stopped, this 375 procedure has no effect. If the timer has already timed out, this 376 procedure removes the timeout-state from the timer 'identifier', 377 so subsequent calls to TIMEOUT_REFRESH(identifier) evaluate to 378 FALSE. A timeout cannot occur until the timer 'identifier' has 379 been (re-)started. 380 TIMEOUT.REFRESH(identifier): This procedure evaluates to TRUE if the 381 timer 'identifier' has timed out and indicates a refresh interval 382 expiration. Subsequent TIMEOUT_REFRESH(identifier) calls also 383 evaluate to TRUE until the timer 'identifier' has been 384 (re-)started. This procedure cannot evaluate to TRUE if the timer 385 has been stopped. 386 tg_QUERY: External trigger to send a QUERY message (typically 387 triggered by the application). 388 tg_CREATE: External trigger to send a CREATE message (typically 389 triggered by the application). 390 tg_NOTIFY: External trigger to notify the entity of a new event to be 391 processed (typically triggered by the application) 392 tg_TRIGGER: External trigger to send a TRIGGER message to a NF 393 (typically triggered by the application) 394 tg_TEARDOWN: External trigger to delete a previously created session 395 (typically triggered by the application) 396 tg_REA: External trigger to send a REA message towards an 397 opportunistic address (typically triggered by the application) 399 5.2 Common Variables 401 IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the 402 network edge, otherwise it evaluates to FALSE. 403 IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE- 404 or REA-) message has been received on the public side of the 405 network. 406 CREATE(LIFETIME?): Gets the value of the LIFETIME object in the 407 CREATE message. 408 CREATE(TRIGGER?): Evaluates to TRUE if the received CREATE message 409 indicates a CREATE trigger. 411 CREATE(POLICY?): Gets the policy for the CREATE message. 412 CREATE(SOURCE?): Retrieves the sender of the CREATE message. 413 CREATE(NoNR?): Evaluates to TRUE if the CREATE message has an active 414 NoNR-flag. 415 CREATE(Scope?): Evaluates to TRUE if the CREATE message has an active 416 Scope-flag. 417 Retry_Counter(CREATE): Denotes the current number of retries of 418 CREATE message which has been re-transmitted due to previous 419 RESPONSE_ERROR message. If the number of Retry_Counter(CREATE) 420 equals the value of MAXRETRY(CREATE), the current session creation 421 attempt is aborted and the application is being notified. 422 Retry_Counter(QUERY): Denotes the current number of retries of QUERY 423 message which has been re-transmitted due to previous 424 RESPONSE_ERROR message. If the number of Retry_Counter(QUERY) 425 equals the value of MAXRETRY(QUERY), the current QUERY attempt is 426 aborted and the application is being notified. 427 Retry_Counter(REA): Denotes the current number of retries of REA 428 message which has been re-transmitted due to previous 429 RESPONSE_ERROR message. If the number of Retry_Counter(REA) 430 equals the value of MAXRETRY(REA), the current REA initiation 431 attempt is aborted and the application is being notified. 433 5.3 Constants 435 Max_Retry(CREATE): Contains the maximum number of retransmission 436 attempts of a CREATE message after it is aborted and the 437 application is being notified. 438 Max_Retry(QUERY): Contains the maximum number of retransmission 439 attempts of a QUERY message after it is aborted and the 440 application is being notified. 441 Max_Retry(REA): Contains the maximum number of retransmission 442 attempts of a REA message after it is aborted and the application 443 is being notified. 445 6. State machine for the NAT/FW NI 447 This section presents the state machines for the NSIS initator which 448 is capable of NSLP NAT/FW signaling 450 ------------------- 451 State: Initialize 452 ------------------- 454 Condition Action State 455 ------------------------+-------------------------+------------ 456 UCT |retry_Counter(Create)=0; |IDLE 457 |retry_Counter(Query)=0; | 458 ------------------------+-------------------------+------------ 460 ------------------- 461 State: IDLE 462 ------------------- 464 Condition Action State 465 ------------------------+-------------------------+------------ 466 tg_CREATE |Start.STATE_TIMER(Resp); |PENDING 467 |retry_Counter(Create)=0; | 468 |tx_CREATE; | 469 ------------------------+-------------------------+------------ 470 ------------------- 471 State: PENDING 472 ------------------- 474 Condition Action State 475 ------------------------+-------------------------+------------ 476 rx_RESP(SUCCESS,Create) |Stop.STATE_TIMER(Resp); |ESTABLISHED 477 |Session.create(); | 478 |Start.REFRESH_TIMER(Cre);| 479 |retry_Counter(Create)=0; | 480 | | 481 TIMEOUT.STATE(Resp) |Stop.STATE_TIMER(Resp); |PENDING 482 |retry_Counter(Create)++; | 483 |if (retry_Counter(Create)| 484 |<=Max_Retry(Create)) | 485 |{Start.STATE_TIMER(Resp);| 486 |tx_CREATE;} | 487 | | 488 (Retry_Counter(Create) |Send info to appl.; |IDLE 489 > Max_Retry(Create)) || |Stop.STATE_TIMER(Resp); | 490 tg_TEARDOWN || | | 491 rx_RESP(ERROR,Create) | | 492 ------------------------+-------------------------+------------ 494 ------------------- 495 State: ESTABLISHED 496 ------------------- 498 Condition Action State 499 ------------------------+-------------------------+------------ 500 rx_RESP(SUCCESS,Query) |Stop.STATE_TIMER(Query); |ESTABLISHED 501 && CHECK_AA |Send info to appl.; | 502 | | 503 tg_QUERY |tx_QUERY; |ESTABLISHED 504 |Start.STATE_TIMER(Query);| 505 |retry_Counter(Query)=0; | 506 | | 507 rx_RESP(SUCCESS,Create) |Start.REFRESH_TIMER(Cre);|ESTABLISHED 508 |Stop.STATE_TIMER(Resp); | 509 |retry_counter(Create)=0; | 510 | | 511 TIMEOUT.REFRESH(Cre) |Start.STATE_TIMER(Resp); |ESTABLISHED 512 |tx_CREATE; | 513 | | 514 TIMEOUT.STATE(Resp) |Stop.STATE_TIMER(Resp); |ESTABLISHED 515 |retry_Counter(Create)++; | 516 |if (retry_Counter(Create)| 517 | <= Max_Retry(Create)) { | 518 |Start.STATE_TIMER(Resp); | 519 |tx_CREATE;} | 520 | | 521 rx_NOTIFY && CHECK_AA |Process Event(); |ESTABLISHED 522 | | 523 rx_RESP(ERROR,Query) || |Stop.STATE_TIMER(Query); |ESTABLISHED 524 TIMEOUT.STATE(Query) |retry_Counter(Query)++; | 525 |if (retry_Counter(Query) | 526 | <= Max_Retry(Query)) { | 527 |Start.STATE_TIMER(Query);| 528 |tx_QUERY;} else { | 529 |send info to appl.} | 530 | | 531 (retry_Counter(Create) |Send info to appl.; |IDLE 532 > Max_Rety(Create)) || |Session.clear(); | 533 rx_RESP(ERROR,Create) |Stop.REFRESH_TIMER(Cre); | 534 | | 535 tg_TEARDOWN |tx_CREATE(LIFETIME=0); |IDLE 536 |Session.clear(); | 537 |Stop.REFRESH_TIMER(Cre); | 538 |Stop.STATE_TIMER(Resp); | 539 ------------------------+-------------------------+------------ 541 7. State machines for the NAT/FW NF 543 This section describes the state machines for intermediate nodes 544 within the signaling path capable of processing NAT/FW NSLP messages. 545 These nodes typically implement firewall and/or network address 546 translation (NAT) functionality. To keep it simple, the state 547 machines are separated in two independent state machines for nodes 548 with firewall and nodes with NAT functionality. 550 7.1 State machine for NAT/FW Firewall NF 552 ------------------- 553 State: Initialize 554 ------------------- 556 Condition Action State 557 ------------------------+-------------------------+------------ 558 UCT | - |IDLE 559 ------------------------+-------------------------+------------ 561 ------------------- 562 State: IDLE 563 ------------------- 565 Condition Action State 566 ------------------------+-------------------------+------------ 567 rx_REA && !(CHECK_AA) |tx_RESP(ERROR,Rea); |IDLE 568 | | 569 rx_RESP(Rea) |tx_RESP(Rea); |IDLE 570 | | 571 rx_REA && IS_EDGE |tx_RESP(ERROR,Rea); (*) |IDLE 572 | | 573 rx_REA && !(IS_EDGE) |tx_REA; |IDLE 574 | | 575 rx_CREATE && CHECK_AA |Start.STATE_TIMER(Resp); |PENDING 576 |tx_CREATE; | 577 | | 578 rx_CREATE && !(CHECK_AA)|tx_RESP(ERROR,Create); |IDLE 579 ------------------------+-------------------------+------------ 580 * REA Error message "No NAT here" 581 ------------------- 582 State: PENDING 583 ------------------- 585 Condition Action State 586 ------------------------+-------------------------+------------ 587 rx_RESP(SUCCESS,Create) |Stop_STATE_TIMER(Resp); |ESTABLISHED 588 |Session.create(); | 589 |PckFilter.create(); | 590 |Start.STATE_TIMER(Cre); | 591 | | 592 rx_RESP(ERROR,Create) |Stop.STATE_TIMER(Resp); |IDLE 593 || TIMEOUT.STATE(Resp) | | 594 ------------------------+-------------------------+------------ 595 ------------------- 596 State: ESTABLISHED 597 ------------------- 599 Condition Action State 600 ------------------------+-------------------------+------------ 601 rx_CREATE && !(CHECK_AA)|tx_RESP(ERROR,Create); |ESTABLISHED 602 | | 603 rx_TRIGGER && CHECK_AA |tx_TRIGGER; |ESTABLISHED 604 && !IS_EDGE | | 605 | | 606 rx_RESP(SUCCESS,Create) |Start.STATE_TIMER(Cre); |ESTABLISHED 607 |tx_RESP(SUCCESS,Create); | 608 | | 609 rx_QUERY && CHECK_AA |Process Query(); |ESTABLISHED 610 |tx_QUERY; | 611 | | 612 rx_CREATE && CHECK_AA |tx_CREATE; |ESTABLISHED 613 && CREATE(LIFETIME?)>0 | | 614 | | 615 rx_RESP(,Query) && |tx_RESP(,Query); |ESTABLISHED 616 CHECK_AA | | 617 | | 618 tg_NOTIFY |tx_NOTIFY; |ESTABLISHED 619 | | 620 rx_NOTIFY && CHECK_AA |Process Event(); |ESTABLISHED 621 |tx_NOTIFY; | 622 | | 623 TIMEOUT.STATE(Cre) || |Session.clear(); |IDLE 624 tg_TEARDOWN |PckFilter.clear(); | 625 | | 626 rx_CREATE && CHECK_AA |tx_CREATE(LIFETIME=0); |IDLE 627 && CREATE(LIFETIME?)==0 |Session.clear(); | 628 |PckFilter.clear(); | 629 |Stop.STATE_TIMER(Cre); | 630 ------------------------+-------------------------+------------ 632 7.2 State machine for NAT/FW NAT NF 634 ------------------- 635 State: Initialize 636 ------------------- 638 Condition Action State 639 ------------------------+-------------------------+------------ 640 UCT |Retry_Counter(Create)=0; |IDLE 642 ------------------------+-------------------------+------------ 644 ------------------- 645 State: IDLE 646 ------------------- 648 Condition Action State 649 ------------------------+-------------------------+------------ 650 rx_CREATE && |tx_RESP(ERROR,Rea); (*1)|IDLE 651 IS_PUBLICSIDE | | 652 | | 653 rx_REA && CHECK_AA && |tx_RESP(ERROR,Rea); (*2)|IDLE 654 && IS_PUBLICSIDE | | 655 | | 656 rx_REA && CHECK_AA && |Binding.create(); |NonEDGE REA 657 !IS_EDGE |tx_REA; | 658 |Start_STATE_TIMER(Rea); | 659 | | 660 rx_REA && CHECK_AA && |Binding.create(); |REA 661 IS_EDGE && |Start.STATE_TIMER(Rea); | 662 !IS_PUBLICSIDE |tx_RESP(SUCCESS,Rea); | 663 |retry_Counter(Create)=0; | 664 |Start.STATE_TIMER(Resp); | 665 |tx_CREATE; | 666 | | 667 rx_CREATE && CHECK_AA |Binding.create(); |PENDING 668 && !IS_PUBLICSIDE |Start.STATE_TIMER(Resp); | 669 |tx_CREATE; | 670 ------------------------+-------------------------+------------ 671 *1 Error message is "No reservation made" 672 *2 Error message is "REA received on public side" 673 ------------------- 674 State: NonEDGE REA 675 ------------------- 677 Condition Action State 678 ------------------------+-------------------------+------------ 679 rx_RESP(,Query) && |tx_RESP(,Query); |NonEDGE REA 680 CHECK_AA | | 681 | | 682 rx_QUERY && CHECK_AA |Process Query(); |NonEDGE REA 683 |tx_QUERY; | 684 | | 685 tx_TRIGGER && CHECK_AA |PckFilter.update(); |NonEDGE REA 686 |Start.STATE_TIMER(Rea); | 687 |tx_TRIGGER; | 688 | | 689 rx_CREATE && CHECK_AA |Stop.STATE_TIMER(Rea); |PENDING 690 |Start.STATE_TIMER(Resp); | 691 |tx_CREATE; | 692 | | 693 TIMEOUT.STATE(Rea) || |Binding.clear(); |IDLE 694 rx_RESPONSE(ERROR,Rea) |PckFilter.clear(); | 695 ------------------------+-------------------------+------------ 696 ------------------- 697 State: REA 698 ------------------- 700 Condition Action State 701 ------------------------+-------------------------+------------ 702 TIMEOUT.STATE(Rea) || |Binding.clear(); |IDLE 703 rx_RESP(ERROR,Create) | | 704 | | 705 rx_RESP(SUCCESS,Create) |Stop.STATE_TIMER(Resp); |REA 706 | | 707 rx_CREATE && |Start.STATE_TIMER(Resp); |NI-PENDING 708 CREATE(SOURCE?)==NI && |tx_CREATE; | 709 CHECK_AA | | 710 | | 711 TIMEOUT.STATE(Resp) |Stop.STATE_TIMER(Resp); |REA 712 |retry_Counter(Create)++; | 713 |if (retry_Counter(Create)| 714 | <= Max_Retry(Create)) { | 715 |tx_CREATE; | 716 |Start.STATE_TIMER(Resp);}| 717 | | 718 rx_TRIGGER && CHECK_AA |Start.STATE_TIMER(Rea); |REA 719 |Start.STATE_TIMER(Resp); | 720 |retry_Counter(Create)=0; | 721 |PckFilter.update(); | 722 |tx_CREATE; | 723 | | 724 tg_NOTIFY |tx_NOTIFY; |REA 725 | | 726 rx_QUERY && CHECK_AA |tx_RESPONSE(,Query); |REA 727 ------------------------+-------------------------+------------ 729 ------------------- 730 State: PENDING 731 ------------------- 733 Condition Action State 734 ------------------------+-------------------------+------------ 735 rx_RESP(SUCCESS,Create) |Stop.STATE_TIMER(Resp); |ESTABLISHED 736 |Start.STATE_TIMER(Cre); | 737 |Session.create(); | 738 |PckFilter.create(); | 739 |tx_RESP(SUCCESS,Create); | 740 | | 741 rx_RESP(ERROR,Create) |Binding.remove(); |IDLE 742 || TIMEOUT.STATE(Resp) | | 743 ------------------------+-------------------------+------------ 745 ------------------- 746 State: NI-PENDING 747 ------------------- 749 Condition Action State 750 ------------------------+-------------------------+------------ 751 rx_RESP(SUCCESS,Create) |Stop.STATE_TIMER(Resp); |ESTABLISHED 752 |Session.clear(); | 753 |Session.create(); | 754 |PckFilter.create(); | 755 |Start.STATE_TIMER(Cre); | 756 |tx_RESP(SUCCESS,Create); | 757 | | 758 rx_RESP(ERROR,Create) | - |REA 759 || TIMEOUT.STATE(Resp) | | 760 ------------------------+-------------------------+------------ 761 ------------------- 762 State: ESTABLISHED 763 ------------------- 765 Condition Action State 766 ------------------------+-------------------------+------------ 767 rx_CREATE && !(CHECK_AA)|tx_RESP(ERROR,Create); |ESTABLISHED 768 | | 769 rx_QUERY && CHECK_AA |Process Query(); |ESTABLISHED 770 |tx_QUERY; | 771 | | 772 TIMEOUT.STATE(Cre) || |Session.clear(); |IDLE 773 tg_TEARDOWN |send info to appl.; | 774 | | 775 | | 776 rx_CREATE && CHECK_AA |tx_CREATE(LIFETIME=0); |IDLE 777 && CREATE(LIFETIME?)==0 |Session.clear(); | 778 |PckFilter.clear(); | 779 | | 780 rx_TRIGGER && !IS_EDGE |PckFilter.update(); |ESTABLISHED 781 && CHECK_AA |tx_TRIGGER; | 782 | | 783 rx_RESP(,Query) && |tx_RESP(,Query); |ESTABLISHED 784 CHECK_AA | | 785 | | 786 rx_NOTIFY && CHECK_AA |Process Event(); |ESTABLISHED 787 |tx_NOTIFY; | 788 | | 789 tg_NOTIFY |tx_NOTIFY; |ESTABLISHED 790 | | 791 rx_CREATE && CHECK_AA |PckFilter.update(); |ESTABLISHED 792 && CREATE(LIFETIME?)>0 |tx_CREATE; | 793 | | 794 rx_RESP(SUCCESS,Create) |Start.STATE_TIMER(Cre); |ESTABLISHED 795 |tx_RESP(SUCCESS,Create); | 796 | | 797 rx_RESP(ERROR,Create) |tx_RESP(ERROR,Create); |ESTABLISHED 798 ------------------------+-------------------------+------------ 800 8. State machine for the NAT/FW NR 802 This section presents the state machines for the NSIS responder which 803 is capable of NSLP NAT/FW signaling 805 ------------------- 806 State: Initialize 807 ------------------- 809 Condition Action State 810 ------------------------+-------------------------+------------ 811 UCT (*) |Retry_Counter(REA)=0; |IDLE 812 ------------------------+-------------------------+------------ 813 * Triggered by application when forking process 815 ------------------- 816 State: IDLE 817 ------------------- 819 Condition Action State 820 ------------------------+-------------------------+------------ 821 rx_CREATE && CHECK_AA |tx_RESP(SUCCESS,Create); |ESTABLISHED 822 |Start.STATE_TIMER(Cre); | 823 |Session.start(); | 824 |PckFilter.create(); | 825 |Send info to appl. | 826 | | 827 tg_REA |tx_REA; |REA PENDING 828 |retry_Counter(REA)=0; | 829 |Start.STATE_Timer(Resp); | 830 | | 831 rx_CREATE && !(CHECK_AA)|tx_RESP(ERROR,Create); |IDLE 832 ------------------------+-------------------------+------------ 833 ------------------- 834 State: REA PENDING 835 ------------------- 837 Condition Action State 838 ------------------------+-------------------------+------------ 839 rx_RESP(SUCCESS,Rea) |Stop.STATE_TIMER(Resp); |TRIG PENDING 840 |Start.STATE_TIMER(Cre); | 841 | | 842 TIMEOUT.STATE(Resp) |retry_Counter(REA)++; |REA PENDING 843 |if (retry_Counter(REA) | 844 | <= Max_Retry(REA)) { | 845 |Start.STATE_TIMER(Resp); | 846 |tx_REA;} | 847 | | 848 (retry_Counter(REA) > |Send info to appl.; |IDLE 849 Max_Retry(REA)) || | | 850 rx_RESP(ERROR,Rea) | | 851 ------------------------+-------------------------+------------ 853 ------------------- 854 State: TRIG PENDING 855 ------------------- 857 Condition Action State 858 ------------------------+-------------------------+------------ 859 TIMEOUT.STATE(Cre) |Send info to appl.; |IDLE 860 | | 861 rx_CREATE && CHECK_AA |tx_RESP(SUCCESS,Create); |ESTABLISHED 862 |Session.create(); | 863 |PckFilter.create(); | 864 |Send info to appl.; | 865 |Start.STATE_TIMER(Cre); | 866 |Start.REFRESH_TIMER(Trg);| 867 ------------------------+-------------------------+------------ 868 ------------------- 869 State: ESTABLISHED 870 ------------------- 872 Condition Action State 873 ------------------------+-------------------------+------------ 874 (rx_CREATE && |Session.session(); |IDLE 875 CREATE(LIFETIME?)==0 && |PckFilter.clear(); | 876 CHECK_AA) || |Send info to appl.; | 877 TIMEOUT.STATE(Cre) || | | 878 tg_TEARDOWN | | 879 | | 880 TIMEOUT.REFRESH(Trg) |tx_TRIGGER; |ESTABLISHED 881 |Start.REFRESH_TIMER(Trg);| 882 | | 883 rx_QUERY && CHECK_AA |Process Query(); |ESTABLISHED 884 |tx_RESP(,Query); | 885 | | 886 rx_CREATE && |if (CREATE(SOURCE?)!=NF){|ESTABLISHED 887 CREATE(LIFETIME?)>0 && |Stop.REFRESH_TIMER(Trg);}| 888 CHECK_AA |tx_RESP(SUCCESS,Create); | 889 |Start.STATE_TIMER(Cre); | 890 | | 891 rx_CREATE && !(CHECK_AA)|tx_RESP(ERROR,Create); |ESTABLISHED 892 | | 893 rx_NOTIFY && CHECK_AA |Process Event(); |ESTABLISHED 894 | | 895 tg_NOTIFY |tx_NOTIFY; |ESTABLISHED 896 ------------------------+-------------------------+------------ 898 9. Security Considerations 900 This document does not raise new security considerations. Any 901 security concerns with the NAT/FW NSLP are likely reflected in 902 security related NSIS work already (such as [1] or [6]). 904 For the time being, the state machines described in this document do 905 not consider the security aspect of NAT/FW NSLP protocol itself. A 906 future version of this document will add security relevant states and 907 state transitions. 909 10. Open Issues 911 CREATE[NoNR] and CREATE[Scope] message triggers are currently not 912 implemented in the state machines and all other open issues in [1] 913 will be added in future versions of this document. 915 11. Acknowledgments 917 The authors would like to thank Tseno Tsenov for his valuable 918 comments and discussions. 920 12. References 922 12.1 Normative References 924 [1] Stiemerling, M., "A NAT/Firewall NSIS Signaling Layer Protocol 925 (NSLP)", draft-ietf-nsis-nslp-natfw-04 (work in progress), 926 October 2004. 928 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 929 Levels", March 1997. 931 12.2 Informative References 933 [3] Ohba, Y., "State Machines for Protocol for Carrying 934 Authentication for Network Access (PANA)", 935 draft-ohba-pana-statemachine-00 (work in progress), July 2004. 937 [4] Vollbrecht, J., Eronen, P., Petroni, N. and Y. Ohba, "State 938 Machines for Extensible Authentication Protocol (EAP) Peer and 939 Authenticator", draft-ietf-eap-statemachine-05 (work in 940 progress), September 2004. 942 [5] Institute of Electrical and Electronics Engineers, "DRAFT 943 Standard for Local and Metropolitan Area Networks: Port-Based 944 Network Access Control (Revision)", IEEE 802-1X-REV/D9, January 945 2004. 947 [6] Tschofenig, H. and D. Kroeselberg, "Security Threats for NSIS", 948 draft-ietf-nsis-threats-06 (work in progress), October 2004. 950 Authors' Addresses 952 Constantin Werner 953 University of Goettingen 954 Telematics Group 955 Lotzestr. 16-18 956 Goettingen 37083 957 Germany 959 EMail: werner@cs.uni-goettingen.de 960 Xiaoming Fu 961 University of Goettingen 962 Telematics Group 963 Lotzestr. 16-18 964 Goettingen 37083 965 Germany 967 EMail: fu@cs.uni-goettingen.de 969 Hannes Tschofenig 970 Siemens 971 Otto-Hahn-Ring 6 972 Munich, Bayern 81739 973 Germany 975 EMail: Hannes.Tschofenig@siemens.com 977 Cedric Aoun 978 Nortel Networks/ENST Paris 980 EMail: cedric.aoun@nortelnetworks.com 982 Intellectual Property Statement 984 The IETF takes no position regarding the validity or scope of any 985 Intellectual Property Rights or other rights that might be claimed to 986 pertain to the implementation or use of the technology described in 987 this document or the extent to which any license under such rights 988 might or might not be available; nor does it represent that it has 989 made any independent effort to identify any such rights. Information 990 on the procedures with respect to rights in RFC documents can be 991 found in BCP 78 and BCP 79. 993 Copies of IPR disclosures made to the IETF Secretariat and any 994 assurances of licenses to be made available, or the result of an 995 attempt made to obtain a general license or permission for the use of 996 such proprietary rights by implementers or users of this 997 specification can be obtained from the IETF on-line IPR repository at 998 http://www.ietf.org/ipr. 1000 The IETF invites any interested party to bring to its attention any 1001 copyrights, patents or patent applications, or other proprietary 1002 rights that may cover technology that may be required to implement 1003 this standard. Please address the information to the IETF at 1004 ietf-ipr@ietf.org. 1006 Disclaimer of Validity 1008 This document and the information contained herein are provided on an 1009 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1010 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1011 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1012 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1013 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1014 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1016 Copyright Statement 1018 Copyright (C) The Internet Society (2004). This document is subject 1019 to the rights, licenses and restrictions contained in BCP 78, and 1020 except as set forth therein, the authors retain all their rights. 1022 Acknowledgment 1024 Funding for the RFC Editor function is currently provided by the 1025 Internet Society.