idnits 2.17.00 (12 Aug 2021) /tmp/idnits25692/draft-werner-nsis-natfw-nslp-statemachine-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 21. -- Found old boilerplate from RFC 3978, Section 5.5 on line 841. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 818. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 825. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 831. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 307: '...This CHECK_AA also MAY include a local...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year ** The document contains RFC2119-like boilerplate, but doesn't seem to mention RFC 2119. The boilerplate contains a reference [2], but that reference does not seem to mention RFC 2119 either. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 25, 2006) is 5808 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: draft-ietf-nsis-nslp-natfw has been published as RFC 5973 ** Downref: Normative reference to an Experimental draft: draft-ietf-nsis-nslp-natfw (ref. '1') -- Possible downref: Non-RFC (?) normative reference: ref. '2' == Outdated reference: draft-ietf-pana-statemachine has been published as RFC 5609 == Outdated reference: draft-ietf-eap-statemachine has been published as RFC 4137 == Outdated reference: draft-ietf-nsis-threats has been published as RFC 4081 Summary: 7 errors (**), 0 flaws (~~), 6 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NSIS C. Werner 3 Internet-Draft X. Fu 4 Expires: December 27, 2006 Univ. Goettingen 5 H. Tschofenig 6 Siemens 7 C. Aoun 8 ENST 9 N. Steinleitner, Ed. 10 Univ. Goettingen 11 June 25, 2006 13 NAT/FW NSLP State Machine 14 draft-werner-nsis-natfw-nslp-statemachine-03.txt 16 Status of this Memo 18 By submitting this Internet-Draft, each author represents that any 19 applicable patent or other IPR claims of which he or she is aware 20 have been or will be disclosed, and any of which he or she becomes 21 aware will be disclosed, in accordance with Section 6 of BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as Internet- 26 Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/ietf/1id-abstracts.txt. 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html. 39 This Internet-Draft will expire on December 27, 2006. 41 Copyright Notice 43 Copyright (C) The Internet Society (2006). 45 Abstract 47 This document describes the state machines for the NSIS Signaling 48 Layer Protocol for Network Address Translation/Firewall signaling 49 (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at 50 different locations of a signaling path are presented in order to 51 illustrate how NAT/FW NSLP may be implemented. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3. Notational conventions used in state diagrams . . . . . . . . 3 58 4. State Machine Symbols . . . . . . . . . . . . . . . . . . . . 6 59 5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 7 60 5.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 7 61 5.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 9 62 5.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 9 63 6. State machine for the NAT/FW NI/NR+ . . . . . . . . . . . . . 9 64 7. State machine for the NAT/FW NF . . . . . . . . . . . . . . . 11 65 8. State machine for the NAT/FW NR/NI+ . . . . . . . . . . . . . 15 66 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 67 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 18 68 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 18 69 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 70 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 71 13.1. Normative References . . . . . . . . . . . . . . . . . . . 18 72 13.2. Informative References . . . . . . . . . . . . . . . . . . 18 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20 74 Intellectual Property and Copyright Statements . . . . . . . . . . 21 76 1. Introduction 78 This document describes the state machines for NAT/FW NSLP [1], 79 trying to show how NAT/FW NSLP can be implemented to support its 80 deployment. The state machines described in this document are 81 illustrative of how the NAT/FW NSLP protocol defined in [1] may be 82 implemented for the first NAT/FW NSLP node in the signaling path, 83 intermediate NAT/FW NSLP nodes with Firewall and/or NAT 84 functionality, and the last NAT/FW NSLP node in the signaling path. 85 Where there are differences [1] are authoritative. The state 86 machines are informative only. Implementations may achieve the same 87 results using different methods. 89 The messages used in the NAT/FW NSLP protocol can be summarized as 90 follows: 92 Requesting message Responding message 93 ------------------------+--------------------------- 94 CREATE |RESPONSE 95 REA |RESPONSE 96 TRACE |RESPONSE 97 RESPONSE |NONE 98 NOTIFY |NONE 99 ------------------------+--------------------------- 101 We describe a set of state machines for different roles of entities 102 running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented. 104 2. Terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [2]. 110 3. Notational conventions used in state diagrams 112 The following state transition tables are completed mostly based on 113 the conventions specified in [3]. The complete text is described 114 below. 116 State transition tables are used to represent the operation of the 117 protocol by a number of cooperating state machines each comprising a 118 group of connected, mutually exclusive states. Only one state of 119 each machine can be active at any given time. 121 All permissible transitions from a given state to other states and 122 associated actions performed when the transitions occur are 123 represented by using triplets of (exit condition, exit action, exit 124 state). All conditions are expressions that evaluate to TRUE or 125 FALSE; if a condition evaluates to TRUE, then the condition is met. 126 A state "ANY" is a wildcard state that matches the current state in 127 each state machine. The exit conditions of a wildcard state are 128 evaluated after all other exit conditions of specific to the current 129 state are met. 131 On exit from a state, the procedures defined for the state and the 132 exit condition are executed exactly once, in the order that they 133 appear on the page. (Note that the procedures defined in [4] are 134 executed on entry to a state, which is one major difference from this 135 document.) Each procedure is deemed to be atomic; i.e., execution of 136 a procedure completes before the next sequential procedure starts to 137 execute. No procedures execute outside of a state block. The 138 procedures in only one state block execute at a time, even if the 139 conditions for execution of state blocks in different state machines 140 are satisfied, and all procedures in an executing state block 141 complete execution before the transition to and execution of any 142 other state block occurs, i.e., the execution of any state block 143 appears to be atomic with respect to the execution of any other state 144 block and the transition condition to that state from the previous 145 state is TRUE when execution commences. The order of execution of 146 state blocks in different state machines is undefined except as 147 constrained by their transition conditions. A variable that is set 148 to a particular value in a state block retains this value until a 149 subsequent state block executes a procedure that modifies the value. 151 On completion of the transition from the previous state to the 152 current state, all exit conditions for the current state (including 153 exit conditions defined for the wildcard state) are evaluated 154 continuously until one of the conditions is met. 156 Any event variable is set to TRUE when the corresponding event occurs 157 and set to FALSE immediately after completion of the action 158 associated with the current state and the event. 160 The interpretation of the special symbols and operators is reused 161 from [4] and the state diagrams are based on the conventions 162 specified in [5], Section 8.2.1. 164 The complete text is reproduced here: 166 State diagrams are used to represent the operation of the protocol 167 by a number of cooperating state machines each comprising a group 168 of connected, mutually exclusive states. Only one state of each 169 machine can be active at any given time. 171 All permissible transitions between states are represented by 172 arrows, the arrowhead denoting the direction of the possible 173 transition. Labels attached to arrows denote the condition(s) 174 that must be met in order for the transition to take place. All 175 conditions are expressions that evaluate to TRUE or FALSE; if a 176 condition evaluates to TRUE, then the condition is met. The label 177 UCT denotes an unconditional transition (i.e., UCT always 178 evaluates to TRUE). A transition that is global in nature (i.e., 179 a transition that occurs from any of the possible states if the 180 condition attached to the arrow is met) is denoted by an open 181 arrow; i.e., no specific state is identified as the origin of the 182 transition. When the condition associated with a global 183 transition is met, it supersedes all other exit conditions 184 including UCT. The special global condition BEGIN supersedes all 185 other global conditions, and once asserted remains asserted until 186 all state blocks have executed to the point that variable 187 assignments and other consequences of their execution remain 188 unchanged. 190 On entry to a state, the procedures defined for the state (if any) 191 are executed exactly once, in the order that they appear on the 192 page. Each action is deemed to be atomic; i.e., execution of a 193 procedure completes before the next sequential procedure starts to 194 execute. No procedures execute outside of a state block. The 195 procedures in only one state block execute at a time, even if the 196 conditions for execution of state blocks in different state 197 machines are satisfied, and all procedures in an executing state 198 block complete execution before the transition to and execution of 199 any other state block occurs, i.e., the execution of any state 200 block appears to be atomic with respect to the execution of any 201 other state block and the transition condition to that state from 202 the previous state is TRUE when execution commences. The order of 203 execution of state blocks in different state machines is undefined 204 except as constrained by their transition conditions. A variable 205 that is set to a particular value in a state block retains this 206 value until a subsequent state block executes a procedure that 207 modifies the value. 209 On completion of all of the procedures within a state, all exit 210 conditions for the state (including all conditions associated with 211 global transitions) are evaluated continuously until one of the 212 conditions is met. The label ELSE denotes a transition that 213 occurs if none of the other conditions for transitions from the 214 state are met (i.e., ELSE evaluates to TRUE if all other possible 215 exit conditions from the state evaluate to FALSE). Where two or 216 more exit conditions with the same level of precedence become TRUE 217 simultaneously, the choice as to which exit condition causes the 218 state transition to take place is arbitrary. 220 In addition to the above notation, there are a couple of 221 clarifications specific to this document. First, all boolean 222 variables are initialized to FALSE before the state machine execution 223 begins. Second, the following notational shorthand is specific to 224 this document: 226 = | | ... 227 Execution of a statement of this form will result in 228 having a value of exactly one of the expressions. The logic for 229 which of those expressions gets executed is outside of the state 230 machine and could be environmental, configurable, or based on 231 another state machine such as that of the method. 233 4. State Machine Symbols 235 ( ) Used to force the precedence of operators in Boolean expressions 236 and to delimit the argument(s) of actions within state boxes. 237 ; Used as a terminating delimiter for actions within state boxes. 238 Where a state box contains multiple actions, the order of 239 execution follows the normal language conventions for reading 240 text. 241 = Assignment action. The value of the expression to the right of 242 the operator is assigned to the variable to the left of the 243 operator. Where this operator is used to define multiple 244 assignments, e.g., a = b = X the action causes the value of the 245 expression following the right-most assignment operator to be 246 assigned to all of the variables that appear to the left of the 247 right-most assignment operator. 248 ! Logical NOT operator. 249 && Logical AND operator. 250 || Logical OR operator. 251 if...then... Conditional action. If the Boolean expression following 252 the if evaluates to TRUE, then the action following the then is 253 executed. 254 { statement 1, ... statement N } Compound statement. Braces are used 255 to group statements that are executed together as if they were a 256 single statement. 257 != Inequality. Evaluates to TRUE if the expression to the left of 258 the operator is not equal in value to the expression to the right. 259 == Equality. Evaluates to TRUE if the expression to the left of the 260 operator is equal in value to the expression to the right. 262 > Greater than. Evaluates to TRUE if the value of the expression to 263 the left of the operator is greater than the value of the 264 expression to the right. 265 <= Less than or equal to. Evaluates to TRUE if the value of the 266 expression to the left of the operator is either less than or 267 equal to the value of the expression to the right. 268 ++ Increment the preceding integer operator by 1. 270 5. Common Rules 272 Throughout the document we use terms defined in the [1], such as NI, 273 NF, NR, CREATE, REA or RESPONSE. 275 5.1. Common Procedures 277 tx_CREATE(): Transmit a CREATE message 278 tx_CREATE(LIFETIME>0): Transmit CREATE message with lifetime object 279 greater than 0 for session creation. 280 tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object 281 explicitly set to 0 for session deletion. 282 tx_RESPONSE(code,type): Transmit RESPONSE message with specified code 283 (SUCCESS or ERROR) and result type (related to a specific request 284 type message: CREATE or REA). A code or result type may be 285 omitted, typically when forwarding received RESPONSE messages. 286 tx_REA(): Transmit a REA message 287 rx_RESPONSE(code, type): Evaluates to TRUE if a RESPONSE message has 288 been received with the specified code (SUCCESS or ERROR) and 289 result type (related to a specific request type message: CREATE or 290 REA). If the code or type is omitted, any received RESPONSE 291 message which is only matching the given code or type will 292 evaluate this procedure to TRUE. 293 rx_CREATE(): Evaluates to TRUE if a CREATE message has been received. 294 rx_CREATE(Lifetime > 0): Evaluates to TRUE if a CREATE message with 295 lifetime object greater than 0 has been received. 296 rx_CREATE(Lifetime == 0): Evaluates to TRUE if a CREATE message with 297 lifetime object explicitly set to 0 has been received. 298 rx_REA(): Evaluates to TRUE if a REA message has been received. 299 rx_REA(Lifetime > 0): Evaluates to TRUE if a REA message with 300 lifetime object greater than 0 has been received. 301 rx_REA(Lifetime == 0): Evaluates to TRUE if a REA message with 302 lifetime object explicitly set to 0 has been received. 303 CHECK_AA(): Checks Authorization and Authentication of the received 304 message. Evaluates to TRUE if the check is successful, otherwise 305 it evaluates to FALSE. This check is performed on all received 306 messages hence it will only be shown within the state machine when 307 the check has failed. This CHECK_AA also MAY include a local 308 policy check for the received message. 310 CreateSession(): Installs all session related states, variables, 311 bindings, policies. 312 DeleteSession(): Removes all session related states, variables, 313 bindings, policies. 314 CreatePinhole(): Installs a pinhole for the new session. 315 DeletePinhole(): Removes a previously installed pinhole. 316 CreateReservations(): Creates a matching based on the MRI and open 317 pinholes for the signaling traffic. 318 DeleteReservations(): Deletes previously installed matchings and 319 pinholes for the signaling traffic. 320 CreateBinding(): Creates a public/private network translation binding 321 on a NAT device for the requesting entity. 322 DeleteBinding(): Deletes a previously created a public/private 323 network translation binding on a NAT device for the requesting 324 entity. 325 StartTimer(identifier): This procedure starts a timer with a certain 326 timespan, which is up to the specific implementation. The 327 parameter 'identifier' identifies this timer uniquely. Any 328 subsequent StartTimer(identifier), StopTimer(identifier), 329 (identifier)_TIMEOUT refer to the same timer labeled x. This 330 timer is required to time the lifetime of state, which means that 331 when it times out, it indicates the current machine state should 332 be left or its validation has expired. This procedure starts the 333 timer 'identifier'. If a timer with the same 'identifier' has 334 already been started and not yet stopped, the timer is now stopped 335 and restarted. After the timer has timed out, the procedure 336 (identifier)_TIMEOUT evaluates to TRUE. The timer does not 337 restart automatically, but must be started again with a 338 StartTimer(identifier). Used identifier are STATE, REFRESH, 339 CREATE, REA or RESPONSE. 340 StopTimer(identifier): This procedure stops the timer labeled 341 'identifier'. If it has already been stopped, this procedure has 342 no effect. If the timer has already timed out, this procedure 343 removes the timeout-state from the timer 'identifier', so 344 subsequent calls to (identifier)_TIMEOUT evaluate to FALSE. A 345 timeout cannot occur until the timer 'identifier' has been 346 (re-)started. 347 (identifier)_TIMEOUT: This procedure evaluates to TRUE if the 348 (identifier)-timer has timed out and indicates a state lifetime 349 expiration. This procedure cannot evaluate to TRUE if the timer 350 has been stopped. Used timers are STATE_TIMEOUT, REFRESH_TIMEOUT, 351 CREATE_TIMEOUT, REA_TIMEOUT or RESPONSE_TIMEOUT. 352 tg_CREATE: External trigger to send a CREATE message (typically 353 triggered by the application). 355 tg_TEARDOWN: External trigger to delete a previously created session 356 (typically triggered by the application) 357 tg_REA: External trigger to send a REA message towards an 358 opportunistic address (typically triggered by the application) 359 tg_CREATE_PROXY: Internal trigger to send a CREATE message (used in 360 proxy mode, triggered by corresponding NAT/FW NSLP session). 361 tg_TEARDOWN_PROXY: Internal trigger to delete a previously created 362 session (used in proxy mode, triggered by corresponding NAT/FW 363 NSLP session). 365 5.2. Common Variables 367 IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the 368 network edge, otherwise it evaluates to FALSE. 369 IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE- 370 or REA-) message has been received on the public side of the 371 network. 372 CREATE(LIFETIME): Gets the value of the LIFETIME object in the CREATE 373 message. 374 counter(CREATE): Denotes the current number of retries of CREATE 375 message which has been re-transmitted due to previous 376 RESPONSE_ERROR message. If the number of counter(CREATE) equals 377 the value of counterLimit(CREATE), the current session creation 378 attempt is aborted and the application is being notified. 379 counter(REA): Denotes the current number of retries of REA message 380 which has been re-transmitted due to previous RESPONSE_ERROR 381 message. If the number of counter(REA) equals the value of 382 counterLimit(REA), the current session creation attempt is aborted 383 and the application is being notified. 385 5.3. Constants 387 counterLimit(CREATE): Contains the maximum number of retransmission 388 attempts of a CREATE message after it is aborted and the 389 application is being notified. 390 counterLimit(REA): Contains the maximum number of retransmission 391 attempts of a REA message after it is aborted and the application 392 is being notified. 394 6. State machine for the NAT/FW NI/NR+ 396 This section presents the state machine for the NSIS initator which 397 is capable of NAT/FW NSLP signaling. 399 ----------- 400 State: INITIALIZE 401 ----------- 403 Condition Action State 404 ----------------------------+-----------------------------+---------- 405 UCT |Initialize variables | IDLE 406 ----------------------------+-----------------------------+---------- 408 ----------- 409 State: IDLE 410 Entry: DeleteSession(); 411 Exit : CreateSession(); 412 ----------- 414 Condition Action State 415 ----------------------------+-----------------------------+---------- 416 tg_CREATE |tx_CREATE(); | WAITRESP 417 | | 418 tg_CREATE_PROXY |tx_CREATE(); | WAITRESP 419 ----------------------------+-----------------------------+---------- 421 ----------- 422 State: WAITRESP 423 Entry: ResetCounter(CREATE); 424 StartTimer(RESPONSE); 425 Exit : StopTimer(RESPONSE); 426 ----------- 428 Condition Action State 429 ----------------------------+-----------------------------+---------- 430 RESPONSE_TIMEOUT && |counter(CREATE)++; | WAITRESP 431 (counter(CREATE)< |StartTimer(RESPONSE); | 432 counterLimit(CREATE)) |tx_CREATE(); | 433 | | 434 rx_RESPONSE(SUCCESS,CREATE) |ReportAsyncEvent(); | SESSION 435 | | 436 tg_TEARDOWN |tx_CREATE(Lifetime=0); | IDLE 437 | | 438 tg_TEARDOWN_PROXY |tx_CREATE(Lifetime=0); | IDLE 439 | | 440 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 441 (counter(CREATE)== | | 442 counterLimit(CREATE)) | | 443 | | 444 rx_RESPONSE(ERROR,CREATE) |ReportAsyncEvent(); | IDLE 445 ----------------------------+-----------------------------+---------- 447 ----------- 448 State: SESSION 449 Entry: ResetCounter(CREATE); 450 StartTimer(REFRESH); 451 Exit : StopTimer(REFRESH); 452 StopTimer(RESPONSE); 453 ----------- 455 Condition Action State 456 ----------------------------+-----------------------------+---------- 457 REFRESH_TIMEOUT |StartTimer(RESPONSE); | SESSION 458 |tx_CREATE(); | 459 | | 460 RESPONSE_TIMEOUT && |counter(CREATE)++; | SESSION 461 (counter(CREATE) < |StartTimer(RESPONSE); | 462 counterLimit(CREATE)) |tx_CREATE(); | 463 | | 464 rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION 465 |StartTimer(REFRESH); | 466 |ResetCounter(CREATE); | 467 | | 468 tg_TEARDOWN |tx_CREATE(LIFETIME=0); | IDLE 469 | | 470 tg_TEARDOWN_PROXY |tx_CREATE(LIFETIME=0); | IDLE 471 | | 472 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 473 (counter(CREATE) == | | 474 counterLimit(CREATE)) | | 475 | | 476 rx_RESPONSE(ERROR,CREATE) |ReportAsyncEvent(); | IDLE 477 ----------------------------+-----------------------------+---------- 479 7. State machine for the NAT/FW NF 481 This section describes the state machine for intermediate nodes 482 within the signaling path capable of processing NAT/FW NSLP messages. 483 These nodes typically implement firewall and/or network address 484 translation (NAT) functionality. 486 Condition Action State 487 ----------------------------+-----------------------------+---------- 488 UCT |Initialize variables | IDLE 489 ----------------------------+-----------------------------+---------- 491 ----------- 492 State: IDLE 493 Entry: DeleteSession(); 494 Exit : CreateSession(); 495 ----------- 497 Condition Action State 498 ----------------------------+-----------------------------+---------- 499 (rx_REA) && (IS_PUBLICSIDE) |tx_RESPONSE(ERROR, REA); | IDLE 500 | | 501 (rx_CREATE(Lifetime > 0)) |tx_CREATE(); | CREATE_ 502 | | WAITRESP 503 | | 504 ((rx_REA) && (!IS_EDGE) |tx_REA(); | NONEDGE_ 505 && (!IS_PUBLICSIDE)) | | REA 506 | | 507 ((rx_REA) && (IS_EDGE) |tx_RESPONSE(SUCCESS,REA); | EDGE_REA 508 && (!IS_PUBLICSIDE)) |tx_CREATE; | 509 |if(proxy_object) then | 510 | (tg_CREATE_PROXY);| 511 ----------------------------+-----------------------------+---------- 513 ----------- 514 State: CREATE_WAITRESP 515 Entry: StartTimer(STATE); 516 Exit : StopTimer(STATE); 517 ----------- 519 Condition Action State 520 ----------------------------+-----------------------------+---------- 521 rx_RESPONSE(ERROR,CREATE) |tx_RESPONSE(ERROR,CREATE); | IDLE 522 |ReportAsyncEvent(); | 523 | | 524 STATE_TIMEOUT |tx_RESPONSE(ERROR,CREATE); | IDLE 525 |ReportAsyncEvent(); | 526 | | 527 (rx_CREATE(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE 528 | | 529 rx_RESPONSE(SUCCESS,CREATE) |tx_RESPONSE(SUCCESS,CREATE); | SESSION 530 ----------------------------+-----------------------------+---------- 531 ----------- 532 State: NONEDGE_REA 533 Entry: StartTimer(REA); 534 CreateReservations(); 535 Exit : StopTimer(REA); 536 DeleteReservations(); 537 ----------- 539 Condition Action State 540 ----------------------------+-----------------------------+---------- 541 (rx_REA(Lifetime > 0)) |StopTimer(REA); | NONEDGE_ 542 |StartTimer(REA); | REA 543 |tx_REA(); | 544 | | 545 rx_RESPONSE(SUCCESS, REA) |tx_RESPONSE(SUCCESS,REA); | NONEDGE_ 546 | | REA 547 | | 548 rx_RESPONSE(ERROR, REA) |tx_RESPONSE(ERROR,REA); | IDLE 549 |ReportAsyncEvent(); | 550 | | 551 (rx_REA(Lifetime == 0)) |tx_REA(Lifetime=0); | IDLE 552 |ReportAsyncEvent(); | 553 | | 554 REA_TIMEOUT |ReportAsyncEvent(); | IDLE 555 ----------------------------+-----------------------------+---------- 556 ----------- 557 State: EDGE_REA 558 Entry: StartTimer(REA); 559 CreateReservations(); 560 Exit : StopTimer(REA); 561 DeleteReservations(); 562 ----------- 564 Condition Action State 565 ----------------------------+-----------------------------+---------- 566 (rx_REA(Lifetime > 0)) |StopTimer(REA); | EDGE_REA 567 |StartTimer(REA); | 568 |tx_RESPONSE(SUCCESS, REA); | 569 | | 570 (rx_REA(Lifetime == 0)) |tx_REA(Lifetime=0); | IDLE 571 |ReportAsyncEvent(); | 572 |if(proxy_mode) then | 573 | (tg_TEARDOWN_PROXY);| 574 | | 575 REA_TIMEOUT |ReportAsyncEvent(); | IDLE 576 |if(proxy_mode) then | 577 | (tg_TEARDOWN_PROXY);| 578 ----------------------------+-----------------------------+---------- 579 ----------- 580 State: SESSION 581 Entry: StartTimer(CREATE) 582 CreatePinhole(); 583 CreateBinding(); 584 Exit : StopTimer(RESPONSE); 585 StopTimer(CREATE); 586 DeletePinhole(); 587 DeleteBinding(); 588 ----------- 590 Condition Action State 591 ----------------------------+-----------------------------+---------- 592 RESPONSE_TIMEOUT |StopTimer(RESPONSE); | SESSION 593 |tx_RESPONSE(ERROR,CREATE); | 594 | | 595 (rx_REA(Lifetime > 0)) |StopTimer(CREATE); | SESSION 596 |StartTimer(RESPONSE); | 597 |tx_CREATE(); | 598 | | 599 rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION 600 |StartTimer(CREATE); | 601 |tx_RESPONSE(SUCCESS,CREATE); | 602 | | 603 CREATE_TIMEOUT |ReportAsyncEvent(); | IDLE 604 | | 605 (rx_REA(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE 606 ----------------------------+-----------------------------+---------- 608 8. State machine for the NAT/FW NR/NI+ 610 This section presents the state machines for the NSIS responder which 611 is capable of NSLP NAT/FW signaling. 613 ----------- 614 State: INITIALIZE 615 ----------- 617 Condition Action State 618 ----------------------------+-----------------------------+---------- 619 UCT |Initialize variables | IDLE 620 ----------------------------+-----------------------------+---------- 621 ----------- 622 State: IDLE 623 Entry: DeleteSession(); 624 Exit : CreateSession(); 625 ----------- 627 Condition Action State 628 ----------------------------+-----------------------------+---------- 629 (rx_CREATE) && !(CHECK_AA())|tx_RESPONSE(ERROR,CREATE); | IDLE 630 | | 631 tg_REA |tx_REA(); | REA_ 632 | | WAITRESP 633 | | 634 (rx_REA(Lifetime > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION 635 ----------------------------+-----------------------------+---------- 637 ----------- 638 State: REA_WAITRESP 639 Entry: ResetCounter(REA); 640 StartTimer(RESPONSE); 641 Exit : StopTimer(RESPONSE); 642 ----------- 644 Condition Action State 645 ----------------------------+-----------------------------+---------- 646 RESPONSE_TIMEOUT && |counter(REA)++; | REA_ 647 (counter(REA) < |StartTimer(RESPONSE); | WAITRESP 648 counterLimit(REA)) |tx_REA(); | 649 | | 650 rx_RESPONSE(SUCCESS,REA) |ReportAsyncEvent(); | REA 651 | | 652 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 653 (counter(REA) == | | 654 counterLimit(REA)) | | 655 | | 656 rx_RESPONSE(ERROR,REA) |ReportAsyncEvent(); | IDLE 657 | | 658 tg_TEARDOWN |tx_REA(Lifetime=0); | IDLE 659 ----------------------------+-----------------------------+---------- 660 ----------- 661 State: REA 662 Entry: ResetCounter(REA); 663 StartTimer(REFRESH); 664 Exit : StopTimer(RESPONSE); 665 StopTimer(REFRESH); 666 ----------- 668 Condition Action State 669 ----------------------------+-----------------------------+---------- 670 RESPONSE_TIMEOUT && |counter(REA)++; | REA 671 (counter(REA) < |StartTimer(RESPONSE); | 672 counterLimit(REA)) |tx_REA(); | 673 | | 674 rx_RESPONSE(SUCCESS,REA) |StartTimer(REFRESH); | REA 675 |StopTimer(RESPONSE); | 676 |ResetCounter(REA); | 677 | | 678 REFRESH_TIMEOUT |tx_REA(); | REA 679 |StartTimer(RESPONSE); | 680 | | 681 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 682 (counter(REA) == | | 683 counterLimit(REA)) | | 684 | | 685 rx_RESPONSE(ERROR,REA) |ReportAsyncEvent(); | IDLE 686 | | 687 tg_TEARDOWN |tx_REA(Lifetime=0); | IDLE 688 ----------------------------+-----------------------------+---------- 690 ----------- 691 State: SESSION 692 Entry: StartTimer(STATE); 693 Exit : StopTimer(STATE); 694 ----------- 696 Condition Action State 697 ----------------------------+-----------------------------+---------- 698 (rx_CREATE(LIFETIME > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION 699 |StopTimer(STATE); | 700 |StartTimer(STATE); | 701 | | 702 (rx_CREATE(LIFETIME == 0)) |ReportAsyncEvent(); | IDLE 703 | | 704 STATE_TIMEOUT |ReportAsyncEvent(); | IDLE 705 ----------------------------+-----------------------------+---------- 707 9. Security Considerations 709 This document does not raise new security considerations. Any 710 security concerns with the NAT/FW NSLP are likely reflected in 711 security related NSIS work already (such as [1] or [6]). 713 For the time being, the state machines described in this document do 714 not consider the security aspect of NAT/FW NSLP protocol itself. A 715 future version of this document will add security relevant states and 716 state transitions. 718 10. Open Issues 720 Since 01 version, we removed session ownership, change procedure- 721 names and added some clarifications according to the specification 722 evolution. Route change and the open issues in [1] will be added in 723 future versions of this document. 725 11. Contributors 727 Tseno Tsenov contributed since the initial version and Henning Peters 728 collaborated to refining of the state machine since 01 version. 730 12. Acknowledgments 732 The authors would like to thank Martin Stiemerling for his valuable 733 comments and discussions. 735 13. References 737 13.1. Normative References 739 [1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol 740 (NSLP)", draft-ietf-nsis-nslp-natfw-11 (work in progress), 741 April 2006. 743 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 744 Levels", March 1997. 746 13.2. Informative References 748 [3] Fajardo, V., "State Machines for Protocol for Carrying 749 Authentication for Network Access (PANA)", 750 draft-ietf-pana-statemachine-04 (work in progress), May 2006. 752 [4] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, "State 753 Machines for Extensible Authentication Protocol (EAP) Peer and 754 Authenticator", draft-ietf-eap-statemachine-06 (work in 755 progress), December 2004. 757 [5] Institute of Electrical and Electronics Engineers, "DRAFT 758 Standard for Local and Metropolitan Area Networks: Port-Based 759 Network Access Control (Revision)", IEEE 802-1X-REV/D9, 760 January 2004. 762 [6] Tschofenig, H. and D. Kroeselberg, "Security Threats for NSIS", 763 draft-ietf-nsis-threats-06 (work in progress), October 2004. 765 Authors' Addresses 767 Constantin Werner 768 University of Goettingen 769 Telematics Group 770 Lotzestr. 16-18 771 Goettingen 37083 772 Germany 774 Email: werner@cs.uni-goettingen.de 776 Xiaoming Fu 777 University of Goettingen 778 Telematics Group 779 Lotzestr. 16-18 780 Goettingen 37083 781 Germany 783 Email: fu@cs.uni-goettingen.de 785 Hannes Tschofenig 786 Siemens 787 Otto-Hahn-Ring 6 788 Munich, Bayern 81739 789 Germany 791 Email: Hannes.Tschofenig@siemens.com 793 Cedric Aoun 794 Ecole Nationale Superieure des Telecommunications 795 Paris 796 France 798 Email: cedric@caoun.net 800 Niklas Steinleitner (editor) 801 University of Goettingen 802 Telematics Group 803 Lotzestr. 16-18 804 Goettingen 37083 805 Germany 807 Email: steinleitner@cs.uni-goettingen.de 809 Intellectual Property Statement 811 The IETF takes no position regarding the validity or scope of any 812 Intellectual Property Rights or other rights that might be claimed to 813 pertain to the implementation or use of the technology described in 814 this document or the extent to which any license under such rights 815 might or might not be available; nor does it represent that it has 816 made any independent effort to identify any such rights. Information 817 on the procedures with respect to rights in RFC documents can be 818 found in BCP 78 and BCP 79. 820 Copies of IPR disclosures made to the IETF Secretariat and any 821 assurances of licenses to be made available, or the result of an 822 attempt made to obtain a general license or permission for the use of 823 such proprietary rights by implementers or users of this 824 specification can be obtained from the IETF on-line IPR repository at 825 http://www.ietf.org/ipr. 827 The IETF invites any interested party to bring to its attention any 828 copyrights, patents or patent applications, or other proprietary 829 rights that may cover technology that may be required to implement 830 this standard. Please address the information to the IETF at 831 ietf-ipr@ietf.org. 833 Disclaimer of Validity 835 This document and the information contained herein are provided on an 836 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 837 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 838 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 839 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 840 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 841 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 843 Copyright Statement 845 Copyright (C) The Internet Society (2006). This document is subject 846 to the rights, licenses and restrictions contained in BCP 78, and 847 except as set forth therein, the authors retain all their rights. 849 Acknowledgment 851 Funding for the RFC Editor function is currently provided by the 852 Internet Society.