idnits 2.17.00 (12 Aug 2021) /tmp/idnits23418/draft-werner-nsis-natfw-nslp-statemachine-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 21. -- Found old boilerplate from RFC 3978, Section 5.5 on line 837. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 814. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 821. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 827. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 297: '...This CHECK_AA also MAY include a local...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year ** The document contains RFC2119-like boilerplate, but doesn't seem to mention RFC 2119. The boilerplate contains a reference [2], but that reference does not seem to mention RFC 2119 either. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 6, 2006) is 5919 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: draft-ietf-nsis-nslp-natfw has been published as RFC 5973 ** Downref: Normative reference to an Experimental draft: draft-ietf-nsis-nslp-natfw (ref. '1') -- Possible downref: Non-RFC (?) normative reference: ref. '2' == Outdated reference: draft-ietf-pana-statemachine has been published as RFC 5609 == Outdated reference: draft-ietf-eap-statemachine has been published as RFC 4137 == Outdated reference: draft-ietf-nsis-threats has been published as RFC 4081 Summary: 7 errors (**), 0 flaws (~~), 6 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NSIS C. Werner 3 Internet-Draft X. Fu, Ed. 4 Expires: September 7, 2006 Univ. Goettingen 5 H. Tschofenig 6 Siemens 7 C. Aoun 8 ENST 9 N. Steinleitner 10 Univ. Goettingen 11 March 6, 2006 13 NAT/FW NSLP State Machine 14 draft-werner-nsis-natfw-nslp-statemachine-02.txt 16 Status of this Memo 18 By submitting this Internet-Draft, each author represents that any 19 applicable patent or other IPR claims of which he or she is aware 20 have been or will be disclosed, and any of which he or she becomes 21 aware will be disclosed, in accordance with Section 6 of BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as Internet- 26 Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/ietf/1id-abstracts.txt. 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html. 39 This Internet-Draft will expire on September 7, 2006. 41 Copyright Notice 43 Copyright (C) The Internet Society (2006). 45 Abstract 47 This document describes the state machines for the NSIS Signaling 48 Layer Protocol for Network Address Translation/Firewall signaling 49 (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at 50 different locations of a signaling path are presented in order to 51 illustrate how NAT/FW NSLP may be implemented. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3. Notational conventions used in state diagrams . . . . . . . . 3 58 4. State Machine Symbols . . . . . . . . . . . . . . . . . . . . 6 59 5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 7 60 5.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 7 61 5.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 9 62 5.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 9 63 6. State machine for the NAT/FW NI . . . . . . . . . . . . . . . 9 64 7. State machines for the NAT/FW NF . . . . . . . . . . . . . . . 11 65 8. State machine for the NAT/FW NR . . . . . . . . . . . . . . . 15 66 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 67 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 18 68 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 18 69 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 70 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 71 13.1. Normative References . . . . . . . . . . . . . . . . . . . 19 72 13.2. Informative References . . . . . . . . . . . . . . . . . . 19 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20 74 Intellectual Property and Copyright Statements . . . . . . . . . . 21 76 1. Introduction 78 This document describes the state machines for NAT/FW NSLP [1], 79 trying to show how NAT/FW NSLP can be implemented to support its 80 deployment. The state machines described in this document are 81 illustrative of how the NAT/FW NSLP protocol defined in [1] may be 82 implemented for the first NAT/FW NSLP node in the signaling path, 83 intermediate NAT/FW NSLP nodes with Firewall and/or NAT 84 functionality, and the last NAT/FW NSLP node in the signaling path. 85 Where there are differences [1] are authoritative. The state 86 machines are informative only. Implementations may achieve the same 87 results using different methods. 89 The messages used in the NAT/FW NSLP protocol can be summarized as 90 follows: 92 Requesting message Responding message 93 ------------------------+--------------------------- 94 CREATE |RESPONSE 95 REA |RESPONSE 96 TRACE |RESPONSE 97 RESPONSE |NONE 98 NOTIFY |NONE 99 ------------------------+--------------------------- 101 We describe a set of state machines for different roles of entities 102 running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented. 104 2. Terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [2]. 110 3. Notational conventions used in state diagrams 112 The following state transition tables are completed mostly based on 113 the conventions specified in [3]. The complete text is described 114 below. 116 State transition tables are used to represent the operation of the 117 protocol by a number of cooperating state machines each comprising a 118 group of connected, mutually exclusive states. Only one state of 119 each machine can be active at any given time. 121 All permissible transitions from a given state to other states and 122 associated actions performed when the transitions occur are 123 represented by using triplets of (exit condition, exit action, exit 124 state). All conditions are expressions that evaluate to TRUE or 125 FALSE; if a condition evaluates to TRUE, then the condition is met. 126 A state "ANY" is a wildcard state that matches the current state in 127 each state machine. The exit conditions of a wildcard state are 128 evaluated after all other exit conditions of specific to the current 129 state are met. 131 On exit from a state, the procedures defined for the state and the 132 exit condition are executed exactly once, in the order that they 133 appear on the page. (Note that the procedures defined in [4] are 134 executed on entry to a state, which is one major difference from this 135 document.) Each procedure is deemed to be atomic; i.e., execution of 136 a procedure completes before the next sequential procedure starts to 137 execute. No procedures execute outside of a state block. The 138 procedures in only one state block execute at a time, even if the 139 conditions for execution of state blocks in different state machines 140 are satisfied, and all procedures in an executing state block 141 complete execution before the transition to and execution of any 142 other state block occurs, i.e., the execution of any state block 143 appears to be atomic with respect to the execution of any other state 144 block and the transition condition to that state from the previous 145 state is TRUE when execution commences. The order of execution of 146 state blocks in different state machines is undefined except as 147 constrained by their transition conditions. A variable that is set 148 to a particular value in a state block retains this value until a 149 subsequent state block executes a procedure that modifies the value. 151 On completion of the transition from the previous state to the 152 current state, all exit conditions for the current state (including 153 exit conditions defined for the wildcard state) are evaluated 154 continuously until one of the conditions is met. 156 Any event variable is set to TRUE when the corresponding event occurs 157 and set to FALSE immediately after completion of the action 158 associated with the current state and the event. 160 The interpretation of the special symbols and operators is reused 161 from [4] and the state diagrams are based on the conventions 162 specified in [5], Section 8.2.1. 164 The complete text is reproduced here: 166 State diagrams are used to represent the operation of the protocol 167 by a number of cooperating state machines each comprising a group 168 of connected, mutually exclusive states. Only one state of each 169 machine can be active at any given time. 171 All permissible transitions between states are represented by 172 arrows, the arrowhead denoting the direction of the possible 173 transition. Labels attached to arrows denote the condition(s) 174 that must be met in order for the transition to take place. All 175 conditions are expressions that evaluate to TRUE or FALSE; if a 176 condition evaluates to TRUE, then the condition is met. The label 177 UCT denotes an unconditional transition (i.e., UCT always 178 evaluates to TRUE). A transition that is global in nature (i.e., 179 a transition that occurs from any of the possible states if the 180 condition attached to the arrow is met) is denoted by an open 181 arrow; i.e., no specific state is identified as the origin of the 182 transition. When the condition associated with a global 183 transition is met, it supersedes all other exit conditions 184 including UCT. The special global condition BEGIN supersedes all 185 other global conditions, and once asserted remains asserted until 186 all state blocks have executed to the point that variable 187 assignments and other consequences of their execution remain 188 unchanged. 190 On entry to a state, the procedures defined for the state (if any) 191 are executed exactly once, in the order that they appear on the 192 page. Each action is deemed to be atomic; i.e., execution of a 193 procedure completes before the next sequential procedure starts to 194 execute. No procedures execute outside of a state block. The 195 procedures in only one state block execute at a time, even if the 196 conditions for execution of state blocks in different state 197 machines are satisfied, and all procedures in an executing state 198 block complete execution before the transition to and execution of 199 any other state block occurs, i.e., the execution of any state 200 block appears to be atomic with respect to the execution of any 201 other state block and the transition condition to that state from 202 the previous state is TRUE when execution commences. The order of 203 execution of state blocks in different state machines is undefined 204 except as constrained by their transition conditions. A variable 205 that is set to a particular value in a state block retains this 206 value until a subsequent state block executes a procedure that 207 modifies the value. 209 On completion of all of the procedures within a state, all exit 210 conditions for the state (including all conditions associated with 211 global transitions) are evaluated continuously until one of the 212 conditions is met. The label ELSE denotes a transition that 213 occurs if none of the other conditions for transitions from the 214 state are met (i.e., ELSE evaluates to TRUE if all other possible 215 exit conditions from the state evaluate to FALSE). Where two or 216 more exit conditions with the same level of precedence become TRUE 217 simultaneously, the choice as to which exit condition causes the 218 state transition to take place is arbitrary. 220 In addition to the above notation, there are a couple of 221 clarifications specific to this document. First, all boolean 222 variables are initialized to FALSE before the state machine execution 223 begins. Second, the following notational shorthand is specific to 224 this document: 226 = | | ... 227 Execution of a statement of this form will result in 228 having a value of exactly one of the expressions. The logic for 229 which of those expressions gets executed is outside of the state 230 machine and could be environmental, configurable, or based on 231 another state machine such as that of the method. 233 4. State Machine Symbols 235 ( ) Used to force the precedence of operators in Boolean expressions 236 and to delimit the argument(s) of actions within state boxes. 237 ; Used as a terminating delimiter for actions within state boxes. 238 Where a state box contains multiple actions, the order of 239 execution follows the normal language conventions for reading 240 text. 241 = Assignment action. The value of the expression to the right of 242 the operator is assigned to the variable to the left of the 243 operator. Where this operator is used to define multiple 244 assignments, e.g., a = b = X the action causes the value of the 245 expression following the right-most assignment operator to be 246 assigned to all of the variables that appear to the left of the 247 right-most assignment operator. 248 ! Logical NOT operator. 249 && Logical AND operator. 250 || Logical OR operator. 251 if...then... Conditional action. If the Boolean expression following 252 the if evaluates to TRUE, then the action following the then is 253 executed. 254 { statement 1, ... statement N } Compound statement. Braces are used 255 to group statements that are executed together as if they were a 256 single statement. 257 != Inequality. Evaluates to TRUE if the expression to the left of 258 the operator is not equal in value to the expression to the right. 259 == Equality. Evaluates to TRUE if the expression to the left of the 260 operator is equal in value to the expression to the right. 262 > Greater than. Evaluates to TRUE if the value of the expression to 263 the left of the operator is greater than the value of the 264 expression to the right. 265 <= Less than or equal to. Evaluates to TRUE if the value of the 266 expression to the left of the operator is either less than or 267 equal to the value of the expression to the right. 268 ++ Increment the preceding integer operator by 1. 270 5. Common Rules 272 Throughout the document we use terms defined in the [1], such as NI, 273 NF, NR, CREATE, REA or RESPONSE. 275 5.1. Common Procedures 277 tx_CREATE(): Transmit a CREATE message 278 tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object 279 explicitly set to 0 for session deletion 280 tx_RESPONSE(code,type): Transmit RESPONSE message with specified code 281 (SUCCESS or ERROR) and result type (related to a specific request 282 type message: CREATE or REA). A code or result type may be 283 omitted, typically when forwarding received RESPONSE messages. 284 tx_REA(): Transmit a REA message 285 rx_RESPONSE(code, type): Evaluates to TRUE if a RESPONSE message has 286 been received with the specified code (SUCCESS or ERROR) and 287 result type (related to a specific request type message: CREATE or 288 REA). If the code or type is omitted, any received RESPONSE 289 message which is only matching the given code or type will 290 evaluate this procedure to TRUE. 291 rx_CREATE(): Evaluates to TRUE if a CREATE message has been received. 292 rx_REA(): Evaluates to TRUE if a REA message has been received. 293 CHECK_AA(): Checks Authorization and Authentication of the received 294 message. Evaluates to TRUE if the check is successful, otherwise 295 it evaluates to FALSE. This check is performed on all received 296 messages hence it will only be shown within the state machine when 297 the check has failed. This CHECK_AA also MAY include a local 298 policy check for the received message. 299 CreateSession(): Installs all session related states, variables, 300 bindings, policies. 301 DeleteSession(): Removes all session related states, variables, 302 bindings, policies. 303 CreatePinhole(): Installs a pinhole for the new session. 304 DeletePinhole(): Removes a previously installed pinhole. 306 CreateReservations(): Creates a matching based on the MRI and open 307 pinholes for the signaling traffic. 308 DeleteReservations(): Deletes previously installed matchings and 309 pinholes for the signaling traffic. 310 CreateBinding(): Creates a public/private network translation binding 311 on a NAT device for the requesting entity. 312 DeleteBinding(): Deletes a previously created a public/private 313 network translation binding on a NAT device for the requesting 314 entity. 315 StartTimer(identifier): This procedure starts a timer with a certain 316 timespan, which is up to the specific implementation. The 317 parameter 'identifier' identifies this timer uniquely. Any 318 subsequent StartTimer(identifier), StopTimer(identifier), 319 (identifier)_TIMEOUT refer to the same timer labeled x. This 320 timer is required to time the lifetime of state, which means that 321 when it times out, it indicates the current machine state should 322 be left or its validation has expired. This procedure starts the 323 timer 'identifier'. If a timer with the same 'identifier' has 324 already been started and not yet stopped, the timer is now stopped 325 and restarted. After the timer has timed out, the procedure 326 (identifier)_TIMEOUT evaluates to TRUE. The timer does not 327 restart automatically, but must be started again with a 328 StartTimer(identifier). Notice that this function can call as 329 statetimer or as refreshtimer which represents the 330 "Start.REFRESH_TIMER(identifier)" procedure in version 01. 331 StopTimer(identifier): This procedure stops the timer labeled 332 'identifier'. If it has already been stopped, this procedure has 333 no effect. If the timer has already timed out, this procedure 334 removes the timeout-state from the timer 'identifier', so 335 subsequent calls to (identifier)_TIMEOUT evaluate to FALSE. A 336 timeout cannot occur until the timer 'identifier' has been 337 (re-)started. 338 (identifier)_TIMEOUT: This procedure evaluates to TRUE if the 339 (identifier)-timer has timed out and indicates a state lifetime 340 expiration. This procedure cannot evaluate to TRUE if the timer 341 has been stopped. Used timers are STATE_TIMEOUT, REFRESH_TIMEOUT, 342 CREATE_TIMEOUT, REA_TIMEOUT or RESPONSE_TIMEOUT. 343 tg_CREATE: External trigger to send a CREATE message (typically 344 triggered by the application). 345 tg_TEARDOWN: External trigger to delete a previously created session 346 (typically triggered by the application) 347 tg_REA: External trigger to send a REA message towards an 348 opportunistic address (typically triggered by the application) 349 tg_CREATE_PROXY: Internal trigger to send a CREATE message (used in 350 proxy mode, triggered by corresponding NAT/FW NSLP session). 352 tg_TEARDOWN_PROXY: Internal trigger to delete a previously created 353 session (used in proxy mode, triggered by corresponding NAT/FW 354 NSLP session). 356 5.2. Common Variables 358 IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the 359 network edge, otherwise it evaluates to FALSE. 360 IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE- 361 or REA-) message has been received on the public side of the 362 network. 363 CREATE(LIFETIME): Gets the value of the LIFETIME object in the CREATE 364 message. 365 counter(CREATE): Denotes the current number of retries of CREATE 366 message which has been re-transmitted due to previous 367 RESPONSE_ERROR message. If the number of counter(CREATE) equals 368 the value of counterLimit(CREATE), the current session creation 369 attempt is aborted and the application is being notified. 370 counter(REA): Denotes the current number of retries of REA message 371 which has been re-transmitted due to previous RESPONSE_ERROR 372 message. If the number of counter(REA) equals the value of 373 counterLimit(REA), the current session creation attempt is aborted 374 and the application is being notified. 376 5.3. Constants 378 counterLimit(CREATE): Contains the maximum number of retransmission 379 attempts of a CREATE message after it is aborted and the 380 application is being notified. 381 counterLimit(REA): Contains the maximum number of retransmission 382 attempts of a REA message after it is aborted and the application 383 is being notified. 385 6. State machine for the NAT/FW NI 387 This section presents the state machine for the NSIS initator which 388 is capable of NAT/FW NSLP signaling. 390 ----------- 391 State: INITIALIZE 392 ----------- 394 Condition Action State 395 ----------------------------+-----------------------------+---------- 396 UCT |Initialize variables | IDLE 397 ----------------------------+-----------------------------+---------- 398 ----------- 399 State: IDLE 400 Entry: DeleteSession(); 401 Exit : CreateSession(); 402 ----------- 404 Condition Action State 405 ----------------------------+-----------------------------+---------- 406 tg_CREATE |tx_CREATE(); | WAITRESP 407 | | 408 tg_CREATE_PROXY |tx_CREATE(); | WAITRESP 409 ----------------------------+-----------------------------+---------- 411 ----------- 412 State: WAITRESP 413 Entry: ResetCounter(CREATE); 414 StartTimer(RESPONSE); 415 Exit : StopTimer(RESPONSE); 416 ----------- 418 Condition Action State 419 ----------------------------+-----------------------------+---------- 420 RESPONSE_TIMEOUT && |counter(CREATE)++; | WAITRESP 421 (counter(CREATE)< |StartTimer(RESPONSE); | 422 counterLimit(CREATE)) |tx_CREATE(); | 423 | | 424 rx_RESPONSE(SUCCESS,CREATE) |ReportAsyncEvent(); | SESSION 425 | | 426 tg_TEARDOWN |tx_CREATE(Lifetime=0); | IDLE 427 | | 428 tg_TEARDOWN_PROXY |tx_CREATE(Lifetime=0); | IDLE 429 | | 430 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 431 (counter(CREATE)== | | 432 counterLimit(CREATE)) | | 433 | | 434 rx_RESPONSE(ERROR,CREATE) |ReportAsyncEvent(); | IDLE 435 ----------------------------+-----------------------------+---------- 436 ----------- 437 State: SESSION 438 Entry: ResetCounter(CREATE); 439 StartTimer(REFRESH); 440 Exit : StopTimer(REFRESH); 441 StopTimer(RESPONSE); 442 ----------- 444 Condition Action State 445 ----------------------------+-----------------------------+---------- 446 REFRESH_TIMEOUT |StartTimer(RESPONSE); | SESSION 447 |tx_CREATE(); | 448 | | 449 RESPONSE_TIMEOUT && |counter(CREATE)++; | SESSION 450 (counter(CREATE) < |StartTimer(RESPONSE); | 451 counterLimit(CREATE)) |tx_CREATE(); | 452 | | 453 rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION 454 |StartTimer(REFRESH); | 455 |ResetCounter(CREATE); | 456 | | 457 tg_TEARDOWN |tx_CREATE(LIFETIME=0); | IDLE 458 | | 459 tg_TEARDOWN_PROXY |tx_CREATE(LIFETIME=0); | IDLE 460 | | 461 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 462 (counter(CREATE) == | | 463 counterLimit(CREATE)) | | 464 | | 465 rx_RESPONSE(ERROR,CREATE) |ReportAsyncEvent(); | IDLE 466 ----------------------------+-----------------------------+---------- 468 7. State machines for the NAT/FW NF 470 This section describes the state machines for intermediate nodes 471 within the signaling path capable of processing NAT/FW NSLP messages. 472 These nodes typically implement firewall and/or network address 473 translation (NAT) functionality. 475 Condition Action State 476 ----------------------------+-----------------------------+---------- 477 UCT |Initialize variables | IDLE 478 ----------------------------+-----------------------------+---------- 479 ----------- 480 State: IDLE 481 Entry: DeleteSession(); 482 Exit : CreateSession(); 483 ----------- 485 Condition Action State 486 ----------------------------+-----------------------------+---------- 487 (rx_REA) && (IS_PUBLICSIDE) |tx_RESPONSE(ERROR, REA); | IDLE 488 | | 489 (rx_CREATE) && |tx_CREATE(); | CREATE_ 490 (CREATE(Lifetime) > 0) | | WAITRESP 491 | | 492 ((rx_REA) && (!IS_EDGE) |tx_REA(); | NONEDGE_ 493 && (!IS_PUBLICSIDE)) | | REA 494 | | 495 ((rx_REA) && (IS_EDGE) |tx_RESPONSE(SUCCESS,REA); | EDGE_REA 496 && (!IS_PUBLICSIDE)) |tx_CREATE; | 497 |if(proxy_object) then | 498 | (tg_CREATE_PROXY);| 499 ----------------------------+-----------------------------+---------- 501 ----------- 502 State: CREATE_WAITRESP 503 Entry: StartTimer(STATE); 504 Exit : StopTimer(STATE); 505 ----------- 507 Condition Action State 508 ----------------------------+-----------------------------+---------- 509 rx_RESPONSE(ERROR,CREATE) |tx_RESPONSE(ERROR,CREATE); | IDLE 510 |ReportAsyncEvent(); | 511 | | 512 STATE_TIMEOUT |tx_RESPONSE(ERROR,CREATE); | IDLE 513 |ReportAsyncEvent(); | 514 | | 515 (rx_CREATE) && |tx_CREATE(Lifetime=0); | IDLE 516 (CREATE(Lifetime) == 0) | | 517 | | 518 rx_RESPONSE(SUCCESS,CREATE) |tx_RESPONSE(SUCCESS,CREATE); | SESSION 519 ----------------------------+-----------------------------+---------- 520 ----------- 521 State: NONEDGE_REA 522 Entry: StartTimer(REA); 523 CreateReservations(); 524 Exit : StopTimer(REA); 525 DeleteReservations(); 526 ----------- 528 Condition Action State 529 ----------------------------+-----------------------------+---------- 530 (rx_REA) && |StopTimer(REA); | NONEDGE_ 531 (REA(Lifetime) > 0) |StartTimer(REA); | REA 532 |tx_REA(); | 533 | | 534 rx_RESPONSE(ERROR, REA) |tx_RESPONSE(ERROR,REA); | IDLE 535 |ReportAsyncEvent(); | 536 | | 537 (rx_REA) && |tx_REA(Lifetime=0); | IDLE 538 (REA(Lifetime) == 0) |ReportAsyncEvent(); | 539 | | 540 REA_TIMEOUT |ReportAsyncEvent(); | IDLE 541 ----------------------------+-----------------------------+---------- 542 ----------- 543 State: EDGE_REA 544 Entry: StartTimer(REA); 545 CreateReservations(); 546 Exit : StopTimer(REA); 547 DeleteReservations(); 548 ----------- 550 Condition Action State 551 ----------------------------+-----------------------------+---------- 552 (rx_REA) && |StopTimer(REA); | NONEDGE_ 553 (REA(Lifetime) > 0) |StartTimer(REA); | REA 554 |tx_REA(); | 555 | | 556 rx_RESPONSE(ERROR, REA) |tx_RESPONSE(ERROR,REA); | IDLE 557 |ReportAsyncEvent(); | 558 |if(proxy_mode) then | 559 | (tg_TEARDOWN_PROXY);| 560 | | 561 (rx_REA) && |tx_REA(Lifetime=0); | IDLE 562 (REA(Lifetime) == 0) |ReportAsyncEvent(); | 563 |if(proxy_mode) then | 564 | (tg_TEARDOWN_PROXY);| 565 | | 566 REA_TIMEOUT |ReportAsyncEvent(); | IDLE 567 |if(proxy_mode) then | 568 | (tg_TEARDOWN_PROXY);| 569 ----------------------------+-----------------------------+---------- 570 ----------- 571 State: SESSION 572 Entry: StartTimer(CREATE) 573 CreatePinhole(); 574 CreateBinding(); 575 Exit : StopTimer(RESPONSE); 576 StopTimer(CREATE); 577 DeletePinhole(); 578 DeleteBinding(); 579 ----------- 581 Condition Action State 582 ----------------------------+-----------------------------+---------- 583 RESPONSE_TIMEOUT |StopTimer(RESPONSE); | SESSION 584 |tx_RESPONSE(ERROR,CREATE); | 585 | | 586 (rx_CREATE) && |StopTimer(CREATE); | SESSION 587 (CREATE(Lifetime) > 0) |StartTimer(RESPONSE); | 588 |tx_CREATE(); | 589 | | 590 rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION 591 |StartTimer(CREATE); | 592 |tx_RESPONSE(SUCCESS,CREATE); | 593 | | 594 CREATE_TIMEOUT |ReportAsyncEvent(); | IDLE 595 | | 596 (rx_CREATE) && |tx_CREATE(Lifetime=0); | IDLE 597 (CREATE(Lifetime) == 0) | | 598 ----------------------------+-----------------------------+---------- 600 8. State machine for the NAT/FW NR 602 This section presents the state machines for the NSIS responder which 603 is capable of NSLP NAT/FW signaling. 605 ----------- 606 State: INITIALIZE 607 ----------- 609 Condition Action State 610 ----------------------------+-----------------------------+---------- 611 UCT |Initialize variables | IDLE 612 ----------------------------+-----------------------------+---------- 613 ----------- 614 State: IDLE 615 Entry: DeleteSession(); 616 Exit : CreateSession(); 617 ----------- 619 Condition Action State 620 ----------------------------+-----------------------------+---------- 621 (rx_CREATE) && !(CHECK_AA())|tx_RESPONSE(ERROR,CREATE); | IDLE 622 | | 623 tg_REA |tx_REA(); | REA_ 624 | | WAITRESP 625 | | 626 (rx_CREATE) && |tx_RESPONSE(SUCCESS,CREATE); | SESSION 627 (CREATE(Lifetime) > 0) | | 628 ----------------------------+-----------------------------+---------- 630 ----------- 631 State: REA_WAITRESP 632 Entry: ResetCounter(REA); 633 StartTimer(RESPONSE); 634 Exit : StopTimer(RESPONSE); 635 ----------- 637 Condition Action State 638 ----------------------------+-----------------------------+---------- 639 RESPONSE_TIMEOUT && |counter(REA)++; | REA_ 640 (counter(REA) < |StartTimer(RESPONSE); | WAITRESP 641 counterLimit(REA)) |tx_REA(); | 642 | | 643 rx_RESPONSE(SUCCESS,REA) |ReportAsyncEvent(); | REA 644 | | 645 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 646 (counter(REA) == | | 647 counterLimit(REA)) | | 648 | | 649 rx_RESPONSE(ERROR,REA) |ReportAsyncEvent(); | IDLE 650 | | 651 tg_TEARDOWN |tx_REA(Lifetime=0); | IDLE 652 ----------------------------+-----------------------------+---------- 653 ----------- 654 State: REA 655 Entry: ResetCounter(REA); 656 StartTimer(REFRESH); 657 Exit : StopTimer(RESPONSE); 658 StopTimer(REFRESH); 659 ----------- 661 Condition Action State 662 ----------------------------+-----------------------------+---------- 663 RESPONSE_TIMEOUT && |counter(REA)++; | REA 664 (counter(REA) < |StartTimer(RESPONSE); | 665 counterLimit(REA)) |tx_REA(); | 666 | | 667 rx_RESPONSE(SUCCESS,REA) |StartTimer(REFRESH); | REA 668 |StopTimer(RESPONSE); | 669 |ResetCounter(REA); | 670 | | 671 REFRESH_TIMEOUT |tx_REA(); | REA 672 |StartTimer(RESPONSE); | 673 | | 674 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 675 (counter(REA) == | | 676 counterLimit(REA)) | | 677 | | 678 rx_RESPONSE(ERROR,REA) |ReportAsyncEvent(); | IDLE 679 | | 680 tg_TEARDOWN |tx_REA(Lifetime=0); | IDLE 681 ----------------------------+-----------------------------+---------- 682 ----------- 683 State: SESSION 684 Entry: StartTimer(STATE); 685 Exit : StopTimer(STATE); 686 ----------- 688 Condition Action State 689 ----------------------------+-----------------------------+---------- 690 (rx_CREATE) && |tx_RESPONSE(SUCCESS,CREATE); | SESSION 691 (CREATE(LIFETIME) > 0) |StopTimer(STATE); | 692 |StartTimer(STATE); | 693 | | 694 tg_TEARDOWN |tx_CREATE(LIFETIME=0); | IDLE 695 | | 696 (rx_CREATE) && |ReportAsyncEvent(); | IDLE 697 (CREATE(LIFETIME) == 0) | | 698 | | 699 STATE_TIMEOUT |ReportAsyncEvent(); | IDLE 700 ----------------------------+-----------------------------+---------- 702 9. Security Considerations 704 This document does not raise new security considerations. Any 705 security concerns with the NAT/FW NSLP are likely reflected in 706 security related NSIS work already (such as [1] or [6]). 708 For the time being, the state machines described in this document do 709 not consider the security aspect of NAT/FW NSLP protocol itself. A 710 future version of this document will add security relevant states and 711 state transitions. 713 10. Open Issues 715 Since 01 version, we removed session ownership, change procedure- 716 names and added some clarifications according to the specification 717 evolution. Route change and the open issues in [1] will be added in 718 future versions of this document. 720 11. Contributors 722 Tseno Tsenov contributed since the initial version and Henning Peters 723 collaborated to refining of the state machine since 01 version. 725 12. Acknowledgments 727 The authors would like to thank Martin Stiemerling for his valuable 728 comments and discussions. 730 13. References 732 13.1. Normative References 734 [1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol 735 (NSLP)", draft-ietf-nsis-nslp-natfw-09 (work in progress), 736 February 2006. 738 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 739 Levels", March 1997. 741 13.2. Informative References 743 [3] Fajardo, V., "State Machines for Protocol for Carrying 744 Authentication for Network Access (PANA)", 745 draft-ietf-pana-statemachine-03 (work in progress), 746 October 2005. 748 [4] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, "State 749 Machines for Extensible Authentication Protocol (EAP) Peer and 750 Authenticator", draft-ietf-eap-statemachine-06 (work in 751 progress), December 2004. 753 [5] Institute of Electrical and Electronics Engineers, "DRAFT 754 Standard for Local and Metropolitan Area Networks: Port-Based 755 Network Access Control (Revision)", IEEE 802-1X-REV/D9, 756 January 2004. 758 [6] Tschofenig, H. and D. Kroeselberg, "Security Threats for NSIS", 759 draft-ietf-nsis-threats-06 (work in progress), October 2004. 761 Authors' Addresses 763 Constantin Werner 764 University of Goettingen 765 Telematics Group 766 Lotzestr. 16-18 767 Goettingen 37083 768 Germany 770 Email: werner@cs.uni-goettingen.de 772 Xiaoming Fu (editor) 773 University of Goettingen 774 Telematics Group 775 Lotzestr. 16-18 776 Goettingen 37083 777 Germany 779 Email: fu@cs.uni-goettingen.de 781 Hannes Tschofenig 782 Siemens 783 Otto-Hahn-Ring 6 784 Munich, Bayern 81739 785 Germany 787 Email: Hannes.Tschofenig@siemens.com 789 Cedric Aoun 790 Ecole Nationale Superieure des Telecommunications 791 Paris 792 France 794 Email: cedric@caoun.net 796 Niklas Steinleitner 797 University of Goettingen 798 Telematics Group 799 Lotzestr. 16-18 800 Goettingen 37083 801 Germany 803 Email: steinleitner@cs.uni-goettingen.de 805 Intellectual Property Statement 807 The IETF takes no position regarding the validity or scope of any 808 Intellectual Property Rights or other rights that might be claimed to 809 pertain to the implementation or use of the technology described in 810 this document or the extent to which any license under such rights 811 might or might not be available; nor does it represent that it has 812 made any independent effort to identify any such rights. Information 813 on the procedures with respect to rights in RFC documents can be 814 found in BCP 78 and BCP 79. 816 Copies of IPR disclosures made to the IETF Secretariat and any 817 assurances of licenses to be made available, or the result of an 818 attempt made to obtain a general license or permission for the use of 819 such proprietary rights by implementers or users of this 820 specification can be obtained from the IETF on-line IPR repository at 821 http://www.ietf.org/ipr. 823 The IETF invites any interested party to bring to its attention any 824 copyrights, patents or patent applications, or other proprietary 825 rights that may cover technology that may be required to implement 826 this standard. Please address the information to the IETF at 827 ietf-ipr@ietf.org. 829 Disclaimer of Validity 831 This document and the information contained herein are provided on an 832 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 833 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 834 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 835 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 836 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 837 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 839 Copyright Statement 841 Copyright (C) The Internet Society (2006). This document is subject 842 to the rights, licenses and restrictions contained in BCP 78, and 843 except as set forth therein, the authors retain all their rights. 845 Acknowledgment 847 Funding for the RFC Editor function is currently provided by the 848 Internet Society.