Transcript PPT Version

MIDCOM Protocol Semantics
56th IETF
Martin Stiemerling, Jürgen Quittek,
Tom Taylor
{stiemerling|quittek}@ccrle.nec.de
[email protected]
20030318
Changes in –01 Draft
• Address tuple section
– Moved from PER/PRR sections into new section
• Structured wildcarding text
– IP addresses and port numbers
– Currently no IP wildcarding supported
• Adapted example section
• Changed group transactions
– Now imlplicit handling
– See next slide
• Conformance statements
Group Transactions
• Groups are created implicit by PER/PRR
• No explicit group lifetime anymore
• Group is deleted when last member Policy
Rule is deleted
• Removed transactions
– Group Establishment (GE)
– Asynchronous Group Deletetion (AGD)
Conformance Statements
• Session Control Transactions – All Mandatory
– Session Establishment (SE) mandatory
– Session Termination (ST) mandatory
– Asynchronous Session Termination (AST) mandatory
• Policy Rule Group Transactions – All Optional
– Group Lifetime Change (GLC) optional
– Group List (GL)
optional
– Group Status (GS)
optional
• Policy Rule Transactions
–
–
–
–
–
Policy Reserve Rule (PRR)
mandatory
Policy Enable Rule (PER)
mandatory
Policy Rule Lifetime Change (RLC) mandatory
Policy Rule Status (PRS)
optional
Asynchronous Policy Rule Deletion (ARD)
mandatory
Open Issues(1)
• Is IP wildcarding required?
– What would be application scenarios for IP
wildcarding?
• Further elaborate the capability information sent
from the middlebox to the agent at session setup.
– What further capability information should be sent?
• Is there a need to support enabling ICMP, IGMP,
RSVP, ...?
• Should the middlebox reply with a list of
supported encryption methods in SE failure reply?
Open Issues(2)
• Further elaborate section on security
considerations.
• Shall the agent be able to specify parameters for
protection against denial of service attacks, like:
– maximum total number of TCP connection setups
allowed
– maximum number of TCP connection setups per minute
– maximum number of UDP packets per minute
– maximum bit rate
– etc.
Enabling SIP Calls or
Why do we need PRR?
I wanna call
User E
User I
Internal
SIP
Telephone
Private
Network
User E
External
SIP
Telephone
NAPT
Reserve External
Address and Port X
Enable
All
OK, NAT mapped
address and port X*
Thank you!