idnits 2.17.00 (12 Aug 2021) /tmp/idnits24843/draft-werner-nsis-natfw-nslp-statemachine-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 20. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 821. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 832. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 839. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 845. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 306: '...This CHECK_AA also MAY include a local...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year ** The document contains RFC2119-like boilerplate, but doesn't seem to mention RFC 2119. The boilerplate contains a reference [2], but that reference does not seem to mention RFC 2119 either. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 5, 2007) is 5555 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: draft-ietf-nsis-nslp-natfw has been published as RFC 5973 ** Downref: Normative reference to an Experimental draft: draft-ietf-nsis-nslp-natfw (ref. '1') -- Possible downref: Non-RFC (?) normative reference: ref. '2' == Outdated reference: draft-ietf-pana-statemachine has been published as RFC 5609 == Outdated reference: draft-ietf-eap-statemachine has been published as RFC 4137 == Outdated reference: draft-ietf-nsis-threats has been published as RFC 4081 Summary: 5 errors (**), 0 flaws (~~), 6 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NSIS C. Werner 3 Internet-Draft N. Steinleitner, Ed. 4 Expires: September 6, 2007 X. Fu 5 Univ. Goettingen 6 H. Tschofenig 7 Siemens 8 C. Aoun 9 ENST 10 March 5, 2007 12 NAT/FW NSLP State Machine 13 draft-werner-nsis-natfw-nslp-statemachine-04.txt 15 Status of this Memo 17 By submitting this Internet-Draft, each author represents that any 18 applicable patent or other IPR claims of which he or she is aware 19 have been or will be disclosed, and any of which he or she becomes 20 aware will be disclosed, in accordance with Section 6 of BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF), its areas, and its working groups. Note that 24 other groups may also distribute working documents as Internet- 25 Drafts. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt. 35 The list of Internet-Draft Shadow Directories can be accessed at 36 http://www.ietf.org/shadow.html. 38 This Internet-Draft will expire on September 6, 2007. 40 Copyright Notice 42 Copyright (C) The IETF Trust (2007). 44 Abstract 46 This document describes the state machines for the NSIS Signaling 47 Layer Protocol for Network Address Translation/Firewall signaling 48 (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at 49 different locations of a signaling path are presented in order to 50 illustrate how NAT/FW NSLP may be implemented. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 3. Notational conventions used in state diagrams . . . . . . . . 3 57 4. State Machine Symbols . . . . . . . . . . . . . . . . . . . . 6 58 5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 7 59 5.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 7 60 5.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 9 61 5.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 9 62 6. State machine for the NAT/FW NI/NR+ . . . . . . . . . . . . . 9 63 7. State machine for the NAT/FW NF . . . . . . . . . . . . . . . 11 64 8. State machine for the NAT/FW NR/NI+ . . . . . . . . . . . . . 15 65 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 66 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 18 67 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 18 68 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 69 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 70 13.1. Normative References . . . . . . . . . . . . . . . . . . . 18 71 13.2. Informative References . . . . . . . . . . . . . . . . . . 18 72 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 73 Intellectual Property and Copyright Statements . . . . . . . . . . 21 75 1. Introduction 77 This document describes the state machines for NAT/FW NSLP [1], 78 trying to show how NAT/FW NSLP can be implemented to support its 79 deployment. The state machines described in this document are 80 illustrative of how the NAT/FW NSLP protocol defined in [1] may be 81 implemented for the first NAT/FW NSLP node in the signaling path, 82 intermediate NAT/FW NSLP nodes with Firewall and/or NAT 83 functionality, and the last NAT/FW NSLP node in the signaling path. 84 Where there are differences [1] are authoritative. The state 85 machines are informative only. Implementations may achieve the same 86 results using different methods. 88 The messages used in the NAT/FW NSLP protocol can be summarized as 89 follows: 91 Requesting message Responding message 92 ------------------------+--------------------------- 93 CREATE |RESPONSE 94 EXT |RESPONSE 95 RESPONSE |NONE 96 NOTIFY |NONE 97 ------------------------+--------------------------- 99 We describe a set of state machines for different roles of entities 100 running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented. 102 2. Terminology 104 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 105 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 106 document are to be interpreted as described in [2]. 108 3. Notational conventions used in state diagrams 110 The following state transition tables are completed mostly based on 111 the conventions specified in [3]. The complete text is described 112 below. 114 State transition tables are used to represent the operation of the 115 protocol by a number of cooperating state machines each comprising a 116 group of connected, mutually exclusive states. Only one state of 117 each machine can be active at any given time. 119 All permissible transitions from a given state to other states and 120 associated actions performed when the transitions occur are 121 represented by using triplets of (exit condition, exit action, exit 122 state). All conditions are expressions that evaluate to TRUE or 123 FALSE; if a condition evaluates to TRUE, then the condition is met. 124 A state "ANY" is a wildcard state that matches the current state in 125 each state machine. The exit conditions of a wildcard state are 126 evaluated after all other exit conditions of specific to the current 127 state are met. 129 On exit from a state, the procedures defined for the state and the 130 exit condition are executed exactly once, in the order that they 131 appear on the page. (Note that the procedures defined in [4] are 132 executed on entry to a state, which is one major difference from this 133 document.) Each procedure is deemed to be atomic; i.e., execution of 134 a procedure completes before the next sequential procedure starts to 135 execute. No procedures execute outside of a state block. The 136 procedures in only one state block execute at a time, even if the 137 conditions for execution of state blocks in different state machines 138 are satisfied, and all procedures in an executing state block 139 complete execution before the transition to and execution of any 140 other state block occurs, i.e., the execution of any state block 141 appears to be atomic with respect to the execution of any other state 142 block and the transition condition to that state from the previous 143 state is TRUE when execution commences. The order of execution of 144 state blocks in different state machines is undefined except as 145 constrained by their transition conditions. A variable that is set 146 to a particular value in a state block retains this value until a 147 subsequent state block executes a procedure that modifies the value. 149 On completion of the transition from the previous state to the 150 current state, all exit conditions for the current state (including 151 exit conditions defined for the wildcard state) are evaluated 152 continuously until one of the conditions is met. 154 Any event variable is set to TRUE when the corresponding event occurs 155 and set to FALSE immediately after completion of the action 156 associated with the current state and the event. 158 The interpretation of the special symbols and operators is reused 159 from [4] and the state diagrams are based on the conventions 160 specified in [5], Section 8.2.1. 162 The complete text is reproduced here: 164 State diagrams are used to represent the operation of the protocol 165 by a number of cooperating state machines each comprising a group 166 of connected, mutually exclusive states. Only one state of each 167 machine can be active at any given time. 169 All permissible transitions between states are represented by 170 arrows, the arrowhead denoting the direction of the possible 171 transition. Labels attached to arrows denote the condition(s) 172 that must be met in order for the transition to take place. All 173 conditions are expressions that evaluate to TRUE or FALSE; if a 174 condition evaluates to TRUE, then the condition is met. The label 175 UCT denotes an unconditional transition (i.e., UCT always 176 evaluates to TRUE). A transition that is global in nature (i.e., 177 a transition that occurs from any of the possible states if the 178 condition attached to the arrow is met) is denoted by an open 179 arrow; i.e., no specific state is identified as the origin of the 180 transition. When the condition associated with a global 181 transition is met, it supersedes all other exit conditions 182 including UCT. The special global condition BEGIN supersedes all 183 other global conditions, and once asserted remains asserted until 184 all state blocks have executed to the point that variable 185 assignments and other consequences of their execution remain 186 unchanged. 188 On entry to a state, the procedures defined for the state (if any) 189 are executed exactly once, in the order that they appear on the 190 page. Each action is deemed to be atomic; i.e., execution of a 191 procedure completes before the next sequential procedure starts to 192 execute. No procedures execute outside of a state block. The 193 procedures in only one state block execute at a time, even if the 194 conditions for execution of state blocks in different state 195 machines are satisfied, and all procedures in an executing state 196 block complete execution before the transition to and execution of 197 any other state block occurs, i.e., the execution of any state 198 block appears to be atomic with respect to the execution of any 199 other state block and the transition condition to that state from 200 the previous state is TRUE when execution commences. The order of 201 execution of state blocks in different state machines is undefined 202 except as constrained by their transition conditions. A variable 203 that is set to a particular value in a state block retains this 204 value until a subsequent state block executes a procedure that 205 modifies the value. 207 On completion of all of the procedures within a state, all exit 208 conditions for the state (including all conditions associated with 209 global transitions) are evaluated continuously until one of the 210 conditions is met. The label ELSE denotes a transition that 211 occurs if none of the other conditions for transitions from the 212 state are met (i.e., ELSE evaluates to TRUE if all other possible 213 exit conditions from the state evaluate to FALSE). Where two or 214 more exit conditions with the same level of precedence become TRUE 215 simultaneously, the choice as to which exit condition causes the 216 state transition to take place is arbitrary. 218 In addition to the above notation, there are a couple of 219 clarifications specific to this document. First, all boolean 220 variables are initialized to FALSE before the state machine execution 221 begins. Second, the following notational shorthand is specific to 222 this document: 224 = | | ... 225 Execution of a statement of this form will result in 226 having a value of exactly one of the expressions. The logic for 227 which of those expressions gets executed is outside of the state 228 machine and could be environmental, configurable, or based on 229 another state machine such as that of the method. 231 4. State Machine Symbols 233 ( ) Used to force the precedence of operators in Boolean expressions 234 and to delimit the argument(s) of actions within state boxes. 235 ; Used as a terminating delimiter for actions within state boxes. 236 Where a state box contains multiple actions, the order of 237 execution follows the normal language conventions for reading 238 text. 239 = Assignment action. The value of the expression to the right of 240 the operator is assigned to the variable to the left of the 241 operator. Where this operator is used to define multiple 242 assignments, e.g., a = b = X the action causes the value of the 243 expression following the right-most assignment operator to be 244 assigned to all of the variables that appear to the left of the 245 right-most assignment operator. 246 ! Logical NOT operator. 247 && Logical AND operator. 248 || Logical OR operator. 249 if...then... Conditional action. If the Boolean expression 250 following the if evaluates to TRUE, then the action following the 251 then is executed. 252 { statement 1, ... statement N } Compound statement. Braces are 253 used to group statements that are executed together as if they 254 were a single statement. 255 != Inequality. Evaluates to TRUE if the expression to the left of 256 the operator is not equal in value to the expression to the right. 257 == Equality. Evaluates to TRUE if the expression to the left of the 258 operator is equal in value to the expression to the right. 259 > Greater than. Evaluates to TRUE if the value of the expression to 260 the left of the operator is greater than the value of the 261 expression to the right. 263 <= Less than or equal to. Evaluates to TRUE if the value of the 264 expression to the left of the operator is either less than or 265 equal to the value of the expression to the right. 266 ++ Increment the preceding integer operator by 1. 268 5. Common Rules 270 Throughout the document we use terms defined in the [1], such as NI, 271 NF, NR, CREATE, EXT or RESPONSE. 273 5.1. Common Procedures 275 tx_CREATE(): Transmit a CREATE message 276 tx_CREATE(LIFETIME>0): Transmit CREATE message with lifetime object 277 greater than 0 for session creation. 278 tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object 279 explicitly set to 0 for session deletion. 280 tx_RESPONSE(code,type): Transmit RESPONSE message with specified 281 code (SUCCESS or ERROR) and result type (related to a specific 282 request type message: CREATE or EXT). A code or result type may 283 be omitted, typically when forwarding received RESPONSE messages. 284 tx_EXT(): Transmit a EXT message 285 rx_RESPONSE(code, type): Evaluates to TRUE if a RESPONSE message has 286 been received with the specified code (SUCCESS or ERROR) and 287 result type (related to a specific request type message: CREATE or 288 EXT). If the code or type is omitted, any received RESPONSE 289 message which is only matching the given code or type will 290 evaluate this procedure to TRUE. 291 rx_CREATE(): Evaluates to TRUE if a CREATE message has been 292 received. 293 rx_CREATE(Lifetime > 0): Evaluates to TRUE if a CREATE message with 294 lifetime object greater than 0 has been received. 295 rx_CREATE(Lifetime == 0): Evaluates to TRUE if a CREATE message with 296 lifetime object explicitly set to 0 has been received. 297 rx_EXT(): Evaluates to TRUE if a EXT message has been received. 298 rx_EXT(Lifetime > 0): Evaluates to TRUE if a EXT message with 299 lifetime object greater than 0 has been received. 300 rx_EXT(Lifetime == 0): Evaluates to TRUE if a EXT message with 301 lifetime object explicitly set to 0 has been received. 302 CHECK_AA(): Checks Authorization and Authentication of the received 303 message. Evaluates to TRUE if the check is successful, otherwise 304 it evaluates to FALSE. This check is performed on all received 305 messages hence it will only be shown within the state machine when 306 the check has failed. This CHECK_AA also MAY include a local 307 policy check for the received message. 309 CreateSession(): Installs all session related states, variables, 310 bindings, policies. 311 DeleteSession(): Removes all session related states, variables, 312 bindings, policies. 313 CreatePinhole(): Installs a pinhole for the new session. 314 DeletePinhole(): Removes a previously installed pinhole. 315 CreateReservations(): Creates a matching based on the MRI and open 316 pinholes for the signaling traffic. 317 DeleteReservations(): Deletes previously installed matchings and 318 pinholes for the signaling traffic. 319 CreateBinding(): Creates a public/private network translation 320 binding on a NAT device for the requesting entity. 321 DeleteBinding(): Deletes a previously created a public/private 322 network translation binding on a NAT device for the requesting 323 entity. 324 StartTimer(identifier): This procedure starts a timer with a certain 325 timespan, which is up to the specific implementation. The 326 parameter 'identifier' identifies this timer uniquely. Any 327 subsequent StartTimer(identifier), StopTimer(identifier), 328 (identifier)_TIMEOUT refer to the same timer labeled x. This 329 timer is required to time the lifetime of state, which means that 330 when it times out, it indicates the current machine state should 331 be left or its validation has expired. This procedure starts the 332 timer 'identifier'. If a timer with the same 'identifier' has 333 already been started and not yet stopped, the timer is now stopped 334 and restarted. After the timer has timed out, the procedure 335 (identifier)_TIMEOUT evaluates to TRUE. The timer does not 336 restart automatically, but must be started again with a 337 StartTimer(identifier). Used identifier are STATE, REFRESH, 338 CREATE, EXT or RESPONSE. 339 StopTimer(identifier): This procedure stops the timer labeled 340 'identifier'. If it has already been stopped, this procedure has 341 no effect. If the timer has already timed out, this procedure 342 removes the timeout-state from the timer 'identifier', so 343 subsequent calls to (identifier)_TIMEOUT evaluate to FALSE. A 344 timeout cannot occur until the timer 'identifier' has been 345 (re-)started. 346 (identifier)_TIMEOUT: This procedure evaluates to TRUE if the 347 (identifier)-timer has timed out and indicates a state lifetime 348 expiration. This procedure cannot evaluate to TRUE if the timer 349 has been stopped. Used timers are STATE_TIMEOUT, REFRESH_TIMEOUT, 350 CREATE_TIMEOUT, EXT_TIMEOUT or RESPONSE_TIMEOUT. 351 tg_CREATE: External trigger to send a CREATE message (typically 352 triggered by the application). 354 tg_TEARDOWN: External trigger to delete a previously created session 355 (typically triggered by the application) 356 tg_EXT: External trigger to send a EXT message towards an 357 opportunistic address (typically triggered by the application) 358 tg_CREATE_PROXY: Internal trigger to send a CREATE message (used in 359 proxy mode, triggered by corresponding NAT/FW NSLP session). 360 tg_TEARDOWN_PROXY: Internal trigger to delete a previously created 361 session (used in proxy mode, triggered by corresponding NAT/FW 362 NSLP session). 364 5.2. Common Variables 366 IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the 367 network edge, otherwise it evaluates to FALSE. 368 IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE- 369 or EXT-) message has been received on the public side of the 370 network. 371 CREATE(LIFETIME): Gets the value of the LIFETIME object in the 372 CREATE message. 373 counter(CREATE): Denotes the current number of retries of CREATE 374 message which has been re-transmitted due to previous 375 RESPONSE_ERROR message. If the number of counter(CREATE) equals 376 the value of counterLimit(CREATE), the current session creation 377 attempt is aborted and the application is being notified. 378 counter(EXT): Denotes the current number of retries of EXT message 379 which has been re-transmitted due to previous RESPONSE_ERROR 380 message. If the number of counter(EXT) equals the value of 381 counterLimit(EXT), the current session creation attempt is aborted 382 and the application is being notified. 384 5.3. Constants 386 counterLimit(CREATE): Contains the maximum number of retransmission 387 attempts of a CREATE message after it is aborted and the 388 application is being notified. 389 counterLimit(EXT): Contains the maximum number of retransmission 390 attempts of a EXT message after it is aborted and the application 391 is being notified. 393 6. State machine for the NAT/FW NI/NR+ 395 This section presents the state machine for the NSIS initator which 396 is capable of NAT/FW NSLP signaling. 398 ----------- 399 State: INITIALIZE 400 ----------- 402 Condition Action State 403 ----------------------------+-----------------------------+---------- 404 UCT |Initialize variables | IDLE 405 ----------------------------+-----------------------------+---------- 407 ----------- 408 State: IDLE 409 Entry: DeleteSession(); 410 Exit : CreateSession(); 411 ----------- 413 Condition Action State 414 ----------------------------+-----------------------------+---------- 415 tg_CREATE |tx_CREATE(); | WAITRESP 416 | | 417 tg_CREATE_PROXY |tx_CREATE(); | WAITRESP 418 ----------------------------+-----------------------------+---------- 420 ----------- 421 State: WAITRESP 422 Entry: ResetCounter(CREATE); 423 StartTimer(RESPONSE); 424 Exit : StopTimer(RESPONSE); 425 ----------- 427 Condition Action State 428 ----------------------------+-----------------------------+---------- 429 RESPONSE_TIMEOUT && |counter(CREATE)++; | WAITRESP 430 (counter(CREATE)< |StartTimer(RESPONSE); | 431 counterLimit(CREATE)) |tx_CREATE(); | 432 | | 433 rx_RESPONSE(SUCCESS,CREATE) |ReportAsyncEvent(); | SESSION 434 | | 435 tg_TEARDOWN |tx_CREATE(Lifetime=0); | IDLE 436 | | 437 tg_TEARDOWN_PROXY |tx_CREATE(Lifetime=0); | IDLE 438 | | 439 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 440 (counter(CREATE)== | | 441 counterLimit(CREATE)) | | 442 | | 443 rx_RESPONSE(ERROR,CREATE) |ReportAsyncEvent(); | IDLE 444 ----------------------------+-----------------------------+---------- 446 ----------- 447 State: SESSION 448 Entry: ResetCounter(CREATE); 449 StartTimer(REFRESH); 450 Exit : StopTimer(REFRESH); 451 StopTimer(RESPONSE); 452 ----------- 454 Condition Action State 455 ----------------------------+-----------------------------+---------- 456 REFRESH_TIMEOUT |StartTimer(RESPONSE); | SESSION 457 |tx_CREATE(); | 458 | | 459 RESPONSE_TIMEOUT && |counter(CREATE)++; | SESSION 460 (counter(CREATE) < |StartTimer(RESPONSE); | 461 counterLimit(CREATE)) |tx_CREATE(); | 462 | | 463 rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION 464 |StartTimer(REFRESH); | 465 |ResetCounter(CREATE); | 466 | | 467 tg_TEARDOWN |tx_CREATE(LIFETIME=0); | IDLE 468 | | 469 tg_TEARDOWN_PROXY |tx_CREATE(LIFETIME=0); | IDLE 470 | | 471 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 472 (counter(CREATE) == | | 473 counterLimit(CREATE)) | | 474 | | 475 rx_RESPONSE(ERROR,CREATE) |ReportAsyncEvent(); | IDLE 476 ----------------------------+-----------------------------+---------- 478 7. State machine for the NAT/FW NF 480 This section describes the state machine for intermediate nodes 481 within the signaling path capable of processing NAT/FW NSLP messages. 482 These nodes typically implement firewall and/or network address 483 translation (NAT) functionality. 485 Condition Action State 486 ----------------------------+-----------------------------+---------- 487 UCT |Initialize variables | IDLE 488 ----------------------------+-----------------------------+---------- 490 ----------- 491 State: IDLE 492 Entry: DeleteSession(); 493 Exit : CreateSession(); 494 ----------- 496 Condition Action State 497 ----------------------------+-----------------------------+---------- 498 (rx_EXT) && (IS_PUBLICSIDE) |tx_RESPONSE(ERROR, EXT); | IDLE 499 | | 500 (rx_CREATE(Lifetime > 0)) |tx_CREATE(); | CREATE_ 501 | | WAITRESP 502 | | 503 ((rx_EXT) && (!IS_EDGE) |tx_EXT(); | NONEDGE_ 504 && (!IS_PUBLICSIDE)) | | EXT 505 | | 506 ((rx_EXT) && (IS_EDGE) |tx_RESPONSE(SUCCESS,EXT); | EDGE_EXT 507 && (!IS_PUBLICSIDE)) |tx_CREATE; | 508 |if(proxy_object) then | 509 | (tg_CREATE_PROXY);| 510 ----------------------------+-----------------------------+---------- 512 ----------- 513 State: CREATE_WAITRESP 514 Entry: StartTimer(STATE); 515 Exit : StopTimer(STATE); 516 ----------- 518 Condition Action State 519 ----------------------------+-----------------------------+---------- 520 rx_RESPONSE(ERROR,CREATE) |tx_RESPONSE(ERROR,CREATE); | IDLE 521 |ReportAsyncEvent(); | 522 | | 523 STATE_TIMEOUT |tx_RESPONSE(ERROR,CREATE); | IDLE 524 |ReportAsyncEvent(); | 525 | | 526 (rx_CREATE(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE 527 | | 528 rx_RESPONSE(SUCCESS,CREATE) |tx_RESPONSE(SUCCESS,CREATE); | SESSION 529 ----------------------------+-----------------------------+---------- 530 ----------- 531 State: NONEDGE_EXT 532 Entry: StartTimer(EXT); 533 CreateReservations(); 534 Exit : StopTimer(EXT); 535 DeleteReservations(); 536 ----------- 538 Condition Action State 539 ----------------------------+-----------------------------+---------- 540 (rx_EXT(Lifetime > 0)) |StopTimer(EXT); | NONEDGE_ 541 |StartTimer(EXT); | EXT 542 |tx_EXT(); | 543 | | 544 rx_RESPONSE(SUCCESS, EXT) |tx_RESPONSE(SUCCESS,EXT); | NONEDGE_ 545 | | EXT 546 | | 547 rx_RESPONSE(ERROR, EXT) |tx_RESPONSE(ERROR,EXT); | IDLE 548 |ReportAsyncEvent(); | 549 | | 550 (rx_EXT(Lifetime == 0)) |tx_EXT(Lifetime=0); | IDLE 551 |ReportAsyncEvent(); | 552 | | 553 EXT_TIMEOUT |ReportAsyncEvent(); | IDLE 554 ----------------------------+-----------------------------+---------- 555 ----------- 556 State: EDGE_EXT 557 Entry: StartTimer(EXT); 558 CreateReservations(); 559 Exit : StopTimer(EXT); 560 DeleteReservations(); 561 ----------- 563 Condition Action State 564 ----------------------------+-----------------------------+---------- 565 (rx_EXT(Lifetime > 0)) |StopTimer(EXT); | EDGE_EXT 566 |StartTimer(EXT); | 567 |tx_RESPONSE(SUCCESS, EXT); | 568 | | 569 (rx_EXT(Lifetime == 0)) |tx_EXT(Lifetime=0); | IDLE 570 |ReportAsyncEvent(); | 571 |if(proxy_mode) then | 572 | (tg_TEARDOWN_PROXY);| 573 | | 574 EXT_TIMEOUT |ReportAsyncEvent(); | IDLE 575 |if(proxy_mode) then | 576 | (tg_TEARDOWN_PROXY);| 577 ----------------------------+-----------------------------+---------- 578 ----------- 579 State: SESSION 580 Entry: StartTimer(CREATE) 581 CreatePinhole(); 582 CreateBinding(); 583 Exit : StopTimer(RESPONSE); 584 StopTimer(CREATE); 585 DeletePinhole(); 586 DeleteBinding(); 587 ----------- 589 Condition Action State 590 ----------------------------+-----------------------------+---------- 591 RESPONSE_TIMEOUT |StopTimer(RESPONSE); | SESSION 592 |tx_RESPONSE(ERROR,CREATE); | 593 | | 594 (rx_EXT(Lifetime > 0)) |StopTimer(CREATE); | SESSION 595 |StartTimer(RESPONSE); | 596 |tx_CREATE(); | 597 | | 598 rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION 599 |StartTimer(CREATE); | 600 |tx_RESPONSE(SUCCESS,CREATE); | 601 | | 602 CREATE_TIMEOUT |ReportAsyncEvent(); | IDLE 603 | | 604 (rx_EXT(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE 605 ----------------------------+-----------------------------+---------- 607 8. State machine for the NAT/FW NR/NI+ 609 This section presents the state machines for the NSIS responder which 610 is capable of NSLP NAT/FW signaling. 612 ----------- 613 State: INITIALIZE 614 ----------- 616 Condition Action State 617 ----------------------------+-----------------------------+---------- 618 UCT |Initialize variables | IDLE 619 ----------------------------+-----------------------------+---------- 620 ----------- 621 State: IDLE 622 Entry: DeleteSession(); 623 Exit : CreateSession(); 624 ----------- 626 Condition Action State 627 ----------------------------+-----------------------------+---------- 628 (rx_CREATE) && !(CHECK_AA())|tx_RESPONSE(ERROR,CREATE); | IDLE 629 | | 630 tg_EXT |tx_EXT(); | EXT_ 631 | | WAITRESP 632 | | 633 (rx_EXT(Lifetime > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION 634 ----------------------------+-----------------------------+---------- 636 ----------- 637 State: EXT_WAITRESP 638 Entry: ResetCounter(EXT); 639 StartTimer(RESPONSE); 640 Exit : StopTimer(RESPONSE); 641 ----------- 643 Condition Action State 644 ----------------------------+-----------------------------+---------- 645 RESPONSE_TIMEOUT && |counter(EXT)++; | EXT_ 646 (counter(EXT) < |StartTimer(RESPONSE); | WAITRESP 647 counterLimit(EXT)) |tx_EXT(); | 648 | | 649 rx_RESPONSE(SUCCESS,EXT) |ReportAsyncEvent(); | EXT 650 | | 651 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 652 (counter(EXT) == | | 653 counterLimit(EXT)) | | 654 | | 655 rx_RESPONSE(ERROR,EXT) |ReportAsyncEvent(); | IDLE 656 | | 657 tg_TEARDOWN |tx_EXT(Lifetime=0); | IDLE 658 ----------------------------+-----------------------------+---------- 659 ----------- 660 State: EXT 661 Entry: ResetCounter(EXT); 662 StartTimer(REFRESH); 663 Exit : StopTimer(RESPONSE); 664 StopTimer(REFRESH); 665 ----------- 667 Condition Action State 668 ----------------------------+-----------------------------+---------- 669 RESPONSE_TIMEOUT && |counter(EXT)++; | EXT 670 (counter(EXT) < |StartTimer(RESPONSE); | 671 counterLimit(EXT)) |tx_EXT(); | 672 | | 673 rx_RESPONSE(SUCCESS,EXT) |StartTimer(REFRESH); | EXT 674 |StopTimer(RESPONSE); | 675 |ResetCounter(EXT); | 676 | | 677 REFRESH_TIMEOUT |tx_EXT(); | EXT 678 |StartTimer(RESPONSE); | 679 | | 680 RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE 681 (counter(EXT) == | | 682 counterLimit(EXT)) | | 683 | | 684 rx_RESPONSE(ERROR,EXT) |ReportAsyncEvent(); | IDLE 685 | | 686 tg_TEARDOWN |tx_EXT(Lifetime=0); | IDLE 687 ----------------------------+-----------------------------+---------- 689 ----------- 690 State: SESSION 691 Entry: StartTimer(STATE); 692 Exit : StopTimer(STATE); 693 ----------- 695 Condition Action State 696 ----------------------------+-----------------------------+---------- 697 (rx_CREATE(LIFETIME > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION 698 |StopTimer(STATE); | 699 |StartTimer(STATE); | 700 | | 701 (rx_CREATE(LIFETIME == 0)) |ReportAsyncEvent(); | IDLE 702 | | 703 STATE_TIMEOUT |ReportAsyncEvent(); | IDLE 704 ----------------------------+-----------------------------+---------- 706 9. Security Considerations 708 This document does not raise new security considerations. Any 709 security concerns with the NAT/FW NSLP are likely reflected in 710 security related NSIS work already (such as [1] or [6]). 712 For the time being, the state machines described in this document do 713 not consider the security aspect of NAT/FW NSLP protocol itself. A 714 future version of this document will add security relevant states and 715 state transitions. 717 10. Open Issues 719 Since 01 version, we removed session ownership, change procedure- 720 names and added some clarifications according to the specification 721 evolution. Route change and the open issues in [1] will be added in 722 future versions of this document. 724 11. Contributors 726 Tseno Tsenov contributed since the initial version and Henning Peters 727 collaborated to refining of the state machine since 01 version. 729 12. Acknowledgments 731 The authors would like to thank Martin Stiemerling for his valuable 732 comments and discussions. 734 13. References 736 13.1. Normative References 738 [1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol 739 (NSLP)", draft-ietf-nsis-nslp-natfw-13 (work in progress), 740 October 2006. 742 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 743 Levels", March 1997. 745 13.2. Informative References 747 [3] Fajardo, V., "State Machines for Protocol for Carrying 748 Authentication for Network Access (PANA)", 749 draft-ietf-pana-statemachine-04 (work in progress), May 2006. 751 [4] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, "State 752 Machines for Extensible Authentication Protocol (EAP) Peer and 753 Authenticator", draft-ietf-eap-statemachine-06 (work in 754 progress), December 2004. 756 [5] Institute of Electrical and Electronics Engineers, "DRAFT 757 Standard for Local and Metropolitan Area Networks: Port-Based 758 Network Access Control (Revision)", IEEE 802-1X-REV/D9, 759 January 2004. 761 [6] Tschofenig, H. and D. Kroeselberg, "Security Threats for NSIS", 762 draft-ietf-nsis-threats-06 (work in progress), October 2004. 764 Authors' Addresses 766 Constantin Werner 767 University of Goettingen 768 Telematics Group 769 Lotzestr. 16-18 770 Goettingen 37083 771 Germany 773 Email: werner@cs.uni-goettingen.de 775 Niklas Steinleitner (editor) 776 University of Goettingen 777 Telematics Group 778 Lotzestr. 16-18 779 Goettingen 37083 780 Germany 782 Email: steinleitner@cs.uni-goettingen.de 784 Xiaoming Fu 785 University of Goettingen 786 Telematics Group 787 Lotzestr. 16-18 788 Goettingen 37083 789 Germany 791 Email: fu@cs.uni-goettingen.de 792 Hannes Tschofenig 793 Siemens 794 Otto-Hahn-Ring 6 795 Munich, Bayern 81739 796 Germany 798 Email: Hannes.Tschofenig@siemens.com 800 Cedric Aoun 801 Ecole Nationale Superieure des Telecommunications 802 Paris 803 France 805 Email: cedric@caoun.net 807 Full Copyright Statement 809 Copyright (C) The IETF Trust (2007). 811 This document is subject to the rights, licenses and restrictions 812 contained in BCP 78, and except as set forth therein, the authors 813 retain all their rights. 815 This document and the information contained herein are provided on an 816 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 817 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 818 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 819 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 820 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 821 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 823 Intellectual Property 825 The IETF takes no position regarding the validity or scope of any 826 Intellectual Property Rights or other rights that might be claimed to 827 pertain to the implementation or use of the technology described in 828 this document or the extent to which any license under such rights 829 might or might not be available; nor does it represent that it has 830 made any independent effort to identify any such rights. Information 831 on the procedures with respect to rights in RFC documents can be 832 found in BCP 78 and BCP 79. 834 Copies of IPR disclosures made to the IETF Secretariat and any 835 assurances of licenses to be made available, or the result of an 836 attempt made to obtain a general license or permission for the use of 837 such proprietary rights by implementers or users of this 838 specification can be obtained from the IETF on-line IPR repository at 839 http://www.ietf.org/ipr. 841 The IETF invites any interested party to bring to its attention any 842 copyrights, patents or patent applications, or other proprietary 843 rights that may cover technology that may be required to implement 844 this standard. Please address the information to the IETF at 845 ietf-ipr@ietf.org. 847 Acknowledgment 849 Funding for the RFC Editor function is provided by the IETF 850 Administrative Support Activity (IASA).