PCP Server SelectionFrance TelecomRennes35000Francemohamed.boucadair@orange.comCiscoUSArepenno@cisco.comCisco Systems, Inc.170 West Tasman DriveSan JoseCalifornia95134USAdwing@cisco.comCisco Systems, Inc.BangaloreIndiapraspati@cisco.comCisco Systems, Inc.Cessna Business Park, Varthur HobliSarjapur Marathalli Outer Ring RoadBangaloreKarnataka560103Indiatireddy@cisco.comPCP Working GroupPCP Server discovery, Port Mapping, Shared Address, Multiple PCP
ServersThe document specifies the behavior to be followed by a PCP client to
contact its PCP server(s) when one or several PCP server IP addresses
are configured.This document updates RFC6887.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.A host may have multiple network interfaces (e.g., 3G, IEEE 802.11,
etc.); each configured with different PCP servers. Each PCP server
learned must be associated with the interface on which it was learned.
Generic multi-interface considerations are documented in Section 8.4 of
. Multiple PCP server IP addresses may be
configured on a PCP client in some deployment contexts such as
multi-homing (see ). A PCP server may
also have multiple IP addresses associated with it. It is out of scope
of this document to enumerate all deployment scenarios that require
multiple PCP server IP addresses to be configured.If a PCP client discovers multiple PCP server IP addresses, it needs
to determine which actions it needs to undertake (e.g., whether PCP
entries are to be installed in all or a subset of discovered IP
addresses, whether some PCP entries are to be removed, etc.). This
document makes the following assumptions:There is no requirement that multiple PCP servers configured on
the same interface have the same capabilities.PCP requests to different PCP servers are independent, the result
of a PCP request to one PCP server does not influence another.The configuration mechanism must distinguish IP addresses that
belong to the same PCP server.This document specifies the behavior to be followed by a PCP client
to contact its PCP server(s) when it is configured with one or several PCP
server IP addresses (e.g., using DHCP ).
This document does make any assumption on the type of these IP addresses
(i.e., unicast/anycast). This document makes use of the following terms:PCP client: denotes a PCP software instance responsible for
issuing PCP requests to a PCP server. Refer to .PCP server: denotes a software instance that receives and
processes PCP requests from a PCP client. A PCP server can be
co-located with or be separated from the function it controls (e.g.,
Network Address Translation (NAT) or firewall). Refer to .This section describes the behavior a PCP client follows to contact
its PCP server when the PCP client has multiple IP addresses for a
single PCP server.A PCP client should construct a set of candidate source addresses
(Section 4 of ), based on application
input and PCP constraints. For
example, when sending a PEER or a MAP with FILTER request for an
existing TCP connection, the only candidate source address is the
source address used for the existing TCP connection. But when
sending a MAP request for a service that will accept incoming
connections, the candidate source addresses may be all of the node's
IP addresses, or some subset of IP addresses on which the service is
configured to listen.The PCP client then sorts the PCP server IP addresses as per
Section 6 of using the candidate
source addresses selected in the previous step as input to the
destination address selection algorithm.The PCP client initializes its Maximum Retransmission Count (MRC)
to 4.The PCP client sends its PCP messages following the
retransmission procedure specified in Section 8.1.1 of . If no response is received after MRC
attempts, the PCP client re-tries the procedure with the next IP
address in the sorted list. If, when sending PCP requests, the PCP
client receives a hard ICMP error it
MUST immediately try the next IP address from the list of PCP server
IP addresses.If the PCP client has exhausted all IP addresses configured for a
given PCP server, the procedure SHOULD be repeated every fifteen
(15) minutes until the PCP request is successfully answered.Once the PCP client has successfully received a response from a
PCP server's IP address, all subsequent PCP requests to that PCP
server are sent on the same IP address until that IP address becomes
unresponsive. In case the IP address becomes unresponsive, the PCP
client clears the cache of sorted destination addresses and follows
the steps described above to contact the PCP server again.For efficiency, the PCP client SHOULD use the same Mapping Nonce for
requests sent to all IP addresses belonging to the same PCP server. As a
reminder, nonce validation checks are performed when operating in the
Simple Threat Model (Section 18.1 of ) to
defend against some off-path attacks.This section describes the behavior a PCP client follows to contact
multiple PCP servers, with each PCP server reachable on a list of IP
addresses. There is no requirement that these multiple PCP servers have
the same capabilities.Note, how PCP clients are configured to separate lists of IP
addresses of each PCP server is implementation-specific and
deployment-specific. For example, a PCP client can be configured
using DHCP with multiple lists of PCP server IP addresses; each list
is referring to a distinct PCP server . If several PCP servers are configured, each with multiple IP
addresses, the PCP client contacts all PCP servers using the procedure
described in .As specified in Section 11.2 and Section 12.2 of , the PCP client must use a different Mapping
Nonce for each PCP server it communicates with.If the PCP client is configured, using some means, with the
capabilities of each PCP server, a PCP client may choose to contact all
PCP servers simultaneously or iterate through them with a delay.This procedure may result in a PCP client instantiating multiple
mappings maintained by distinct PCP servers. The decision to use all
these mappings or delete some of them depends on the purpose of the PCP
request. For example, if the PCP servers are configuring firewall (not
NAT) functionality then the client would by default (i.e., unless it
knows that they all replicate state among them) need to use all the PCP
servers. depicts an example that is used to
illustrate the server selection procedure specified in and . In this
example, PCP servers (A and B) are co-located with edge routers (rtr1,
rtr2) with each PCP server controlling its own device.The example describes behavior when a single IP address for one PCP
server is not responsive. The PCP client is configured with two PCP
servers for the same interface, PCP-Server-A and PCP-Server-B each
having two IP addresses, an IPv4 address and an IPv6 address. The PCP
client wants an IPv4 mapping so it orders the addresses as follows:PCP-Server-A: 192.0.2.12001:db8:1111::1PCP-Server-B: 198.51.100.12001:db8:2222::1Suppose that:The path to reach 192.0.2.1 is brokenThe path to reach 2001:db8:1111::1 is workingThe path to reach 198.51.100.1 is workingThe path to reach 2001:db8:2222::1 is workingIt sends two PCP requests at the same time, the first to 192.0.2.1
(corresponding to PCP-Server-A) and the second to 198.51.100.1
(corresponding to PCP-Server-B). The path to 198.51.100.1 is working so
a PCP response is received. Because the path to 192.0.2.1 is broken, no
PCP response is received. The PCP client retries 4 times to elicit a
response from 192.0.2.1 and finally gives up on that address and sends a
PCP message to 2001::db8:1111:1. That path is working, and a response is
received. Thereafter, the PCP client should continue using that
responsive IP address for PCP-Server-A (2001:db8:1111::1). In this
particular case, it will have to use THIRD_PARTY option for IPv4
mappings.PCP related security considerations are discussed in .This document does
not specify how PCP server addresses are provisioned on the PCP client.
It is the responsibility of PCP server provisioning document(s) to
elaborate on security considerations to discover legitimate PCP
servers.This document does not request any action from IANA.Many thanks to Dave Thaler, Simon Perreault, Hassnaa Moustafa, Ted
Lemon, and Chris Inacio for their reviews and comments.The main problem of a PCP multi-homing situation can be succinctly
described as 'one PCP client, multiple PCP servers'. As described in
, if a PCP client discovers multiple PCP
servers, it should send requests to all of them with assumptions
described in .The following sub-sections describe multi-homing examples to
illustrate the PCP client behavior.In this example of an IPv6 multi-homed network, two or more routers
co-located with firewalls are present on a single link shared with the
host(s). Each router is in turn connected to a different service
provider network and the host in this environment would be offered
multiple prefixes and advertised multiple DNS servers. Consider a
scenario in which firewalls within an IPv6 multi-homing environment
also implement a PCP server. The PCP client learns the available PCP
servers using DHCP or any other
provisioning mechanism. In reference to , a typical model is to embed DHCP servers in
rtr1 and rtr2. A host located behind rtr1 and rtr2 can contact these
two DHCP servers and retrieve from each server the IP address(es) of
the corresponding PCP server.The PCP client will send PCP requests in parallel to each of the
PCP servers.In this example an IPv4 multi-homed network described in 'NAT- or
RFC2260-based multi-homing' (Section 3.3 of ), the gateway router is connected to
different service provider networks. This method uses
Provider-Aggregatable (PA) addresses assigned by each transit provider
to which the site is connected. The site uses NAT to translate the
various provider addresses into a single set of private-use addresses
within the site. In such a case, two PCP servers might have to be
present to configure NAT to each of the transit providers. The PCP
client learns the available PCP servers using DHCP or any other provisioning mechanism. In
reference to , a typical model is to
embed the DHCP server and the PCP servers in rtr1. A host located
behind rtr1 can contact the DHCP server to obtain IP addresses of the
PCP servers. The PCP client will send PCP requests in parallel to each
of the PCP servers.