SIPPING Working Group G. Camarillo Internet-Draft Ericsson Expires: April 20, 2006 K. El Malki Athonet V. Gurbani Lucent Technologies, Inc./Bell Laboratories October 17, 2005 IPv6 Transition in the Session Initiation Protocol (SIP) draft-ietf-sipping-v6-transition-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 20, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document describes how IPv4 Session Initiation Protocol (SIP) nodes can communicate with IPv6 SIP nodes. Additionally, this document also describes how a SIP user agent that supports IPv4 can exchange media with one that supports IPv6. Both single- and dual- Camarillo, et al. Expires April 20, 2006 [Page 1] Internet-Draft IPv6 Transition in SIP October 2005 stack user agents are considered in the discussions. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. The SIP Layer . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1 Outbound Proxy . . . . . . . . . . . . . . . . . . . . . . 3 3.2 Inbound Proxy . . . . . . . . . . . . . . . . . . . . . . 4 3.3 Incoming Requests to a Domain . . . . . . . . . . . . . . 4 3.4 Sending a Request over a New Network: Re-computing Identifiers . . . . . . . . . . . . . . . . . . . . . . . 5 4. The Media Layer . . . . . . . . . . . . . . . . . . . . . . . 6 4.1 Initial Offer . . . . . . . . . . . . . . . . . . . . . . 7 4.2 Connectivity Checks . . . . . . . . . . . . . . . . . . . 7 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1 Normative References . . . . . . . . . . . . . . . . . . . 8 8.2 Informational References . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 10 Intellectual Property and Copyright Statements . . . . . . . . 11 Camarillo, et al. Expires April 20, 2006 [Page 2] Internet-Draft IPv6 Transition in SIP October 2005 1. Introduction SIP [3] is a protocol to establish and manage multimedia sessions. After exchanging SIP traffic, SIP endpoints generally exchange session traffic, which is not transported using SIP, but using a different protocol. For example, audio streams are typically carried using Real-Time Transport Protocol (RTP [15]). Consequently, a complete solution for IPv6 transition needs to handle both the SIP layer and the media layer. While unextended SIP can handle heterogeneous IPv6/v4 networks at the SIP layer as long as proxy servers and their Domain Name Service (DNS) entries are properly configured, user agents using different address spaces need to implement extensions in order to exchange media between them. This document addresses the systems-level issues to make SIP work successfully between IPv4 and IPv6. Section 3 and Section 4 provide discussions on the topics that are pertinent to the signaling layer and media layer, respectively, to establish a successful session between heterogeneous IPv4/IPv6 networks. 2. Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 [1] and indicate requirement levels for compliant implementations. 3. The SIP Layer An autonomous SIP domain sends and receives SIP traffic to and from its user agents as well as to and from other autonomous domains. This section describes the issues related to such traffic exchanges. We assume that the network administrators appropriately configure their networks such that the SIP servers within an autonomous domain can communicate between themselves. While this section contains systems-level issues, it does not address implementation-specific issues (i.e., parser torture tests, application programming interfaces to use in programs, etc). Such topics are outlined in detail in a separate document [19]. 3.1 Outbound Proxy User agents typically send SIP traffic to an outbound proxy, which takes care of routing it forward. In order to support both IPv4-only and IPv6-only user agents, it is RECOMMENDED that domains deploy dual-stack outbound proxy servers or, alternatively, deploy both Camarillo, et al. Expires April 20, 2006 [Page 3] Internet-Draft IPv6 Transition in SIP October 2005 IPv4-only and IPv6-only outbound proxies. Some domains provide automatic means for user agents to discover their proxy servers. It is RECOMMENDED that domains implement appropriate discovery mechanisms to provide user agents with the IPv4 and IPv6 addresses of their outbound proxy servers. For example, a domain may support both the DHCPv4 [14] and the DHCPv6 [13] options for SIP servers. If user agents are configured with the Fully-Qualified Domain Name (FQDN) of their outbound proxy servers (instead of with their IP addresses) there SHOULD be both IPv6 and IPv4 DNS entries for outbound proxy servers. This way, user agents can use DNS to obtain both their IPv6 and IPv4 addresses. 3.2 Inbound Proxy User agents receive SIP traffic from their domains through an inbound proxy (which is sometimes co-located with the registrar of the domain). It is RECOMMENDED that domains deploy dual-stack inbound proxies or, alternatively, deploy both IPv4-only and IPv6-only inbound proxy servers. As an example, a portion of a sample DNS zone file entry is reproduced below that has both IPv4 and IPv6 addresses. This entry corresponds to a proxy server for the domain "example.com". The proxy server supports the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) transport for both IPv4 and IPv6 networks. ... _sip._tcp SRV 20 0 5060 sip1.example.com SRV 0 0 5060 sip2.example.com _sip._udp SRV 20 0 5060 sip1.example.com SRV 0 0 5060 sip2.example.com sip1 IN A 192.0.2.1 sip1 IN AAAA 2001:db8::1 sip2 IN A 192.0.2.2 sip2 IN AAAA 2001:db8::2 ... 3.3 Incoming Requests to a Domain A SIP user agent is typically reachable through the SIP server that handles its domain. If the publicly available SIP URI for a Camarillo, et al. Expires April 20, 2006 [Page 4] Internet-Draft IPv6 Transition in SIP October 2005 particular user, referred to as the user's AoR (Address of Record), is 'sip:user@example.com', requests sent to that user will be routed to the SIP server at 'example.com'. The proxy or user agent sending the request will perform a DNS lookup for 'example.com' in order to obtain the IP address of the SIP server. Therefore, it is RECOMMENDED that domains have both IPv4 and IPv6 DNS entries for SIP servers. This way, the domain will be able to receive requests from IPv4-only and from IPv6-only hosts. Of course, the domain SHOULD have dual-stack proxy servers or both IPv4-only and IPv6-only proxy servers to handle the incoming SIP traffic. A SIP proxy server that receives a request using IPv6 and relays it to the user agent using IPv4, or vice versa, needs to remain in the path traversed by subsequent requests between both user agents. Therefore, such a SIP proxy server MUST be configured to Record-Route in that situation. Note that while this is the recommended practice, some problems may still arise if a RFC2543 [16] endpoint is involved in signaling. Since the ABNF in RFC2543 did not include production rules to parse IPv6 network identifiers, there is a good chance that a RFC2543-only compliant endpoint is not able to parse or regenerate IPv6 network identifiers in headers. Thus, despite a dual-stack proxy inserting itself into the session establishment, the endpoint itself may not succeed in the signaling establishment phase. This is generally not a problem with RFC3261 endpoints; even if such an endpoint runs on an IPv4-only host, it still is able to parse and regenerate IPv6 network identifiers. 3.4 Sending a Request over a New Network: Re-computing Identifiers SIP uses DNS procedures to allow a client to resolve a SIP URI into the equivalent IP address, port, and transport protocol of the next hop to contact lookups [8]. When a SIP client queries the DNS, it gets an ordered set of IP addresses, ports, and transports to use. If the server it is seeking is dual-stacked and has a DNS A and AAAA RR, then the client will need to be prepared to contact the server on all the transports over both of the networks (i.e., IPv4 and IPv6). More specifically, when a dual-stack client is prepared to send a request to a dual-stack next hop server, it must determine whether to first send it to the IPv4 address of the server, or to the IPv6 address. If SRV RRs have been used to derive the addresses of the server, the "Priority" field of the SRV RR can aid in such a decision. Another technique to aid in this decision is outlined in RFC 3484 [17]. Regardless of which network is tried first, each search corresponds to a different branch, and as such, mandates that Camarillo, et al. Expires April 20, 2006 [Page 5] Internet-Draft IPv6 Transition in SIP October 2005 the normative behavior in RFC3261 to handle requests sent on a branch be followed. When a request is to be sent on a branch, certain identifiers are computed. Specifically, a branch ID is computed and inserted in the topmost Via header, and certain headers are used to generate signatures for Identity [20] and Authenticated Identity Body (AIB [18]). The headers that are used to generate signatures can contain either raw IP addresses or FQDNs; consequently, an implementation may choose to insert a raw IP address in such headers. This choice has ramifications, as discussed next. When a request is re-targeted to a new branch because the old one did not elicit a response, and the request is now destined to a new network (i.e., old request went to an IPv4 downstream server while the new one is destined towards an IPv6 downstream server) care must be taken in re-computing the identifiers. More specifically, implementations MUST ensure that, at the very least, the branch id is recomputed. Additionally, if raw IP addresses were used to generate the signatures for the Identity header and AIB, these signatures MUST be recomputed. To avoid recomputing the signatures used in the Identity header or the AIB, it is RECOMMENDED that SIP entities use FQDNs in those headers that are used as the basis for the Identity header and the AIB. 4. The Media Layer SIP establishes media sessions using the offer/answer model [4]. One endpoint, the offerer, sends a session description (the offer) to the other endpoint, the answerer. The offer contains all the media parameters needed to exchange media with the offerer: codecs, transport addresses, protocols to transfer media, etc. When the answerer receives an offer, it elaborates an answer and sends it back to the offerer. The answer contains the media parameters that the answerer is willing to use for that particular session. Offer and answer are written using a session description protocol. The most widespread protocol to describe sessions at present is called, aptly enough, the Session Description Protocol (SDP[2]). A direct offer/answer exchange between an IPv4-only user agent and an IPv6-only user agent does not result in the establishment of a session. The IPv6-only user agent wishes to receive media on one or more IPv6 addresses, but the IPv4-only user agent cannot send media to these addresses and generally does not even understand their Camarillo, et al. Expires April 20, 2006 [Page 6] Internet-Draft IPv6 Transition in SIP October 2005 format. This IP version incompatibility problem would not exist if hosts implementing IPv6 also implemented IPv4. However there will be deployments where the IPv6-only host solution is applicable, such as: 1. Networks where public IPv4 addresses are scarce and it is preferable to make large deployments only on IPv6. 2. Networks utilizing Layer-2s that do not support contemporary IPv4 and IPv6 usage on the same link (e.g., the 3rd Generation Partnership Project, 3GPP). Consequently, user agents need a means to obtain both IPv4 and IPv6 addresses (either locally or using relays) to receive media and to place them in offers and answers. The following sections describe how user agents can gather addresses following the ICE (Interactive Connectivity Establishment) [12] procedures and how they can encode them in an SDP session description using the ANAT semantics [7] for the SDP grouping framework [5]. 4.1 Initial Offer It is RECOMMENDED that user agents gather IPv4 and IPv6 addresses using the ICE procedures to generate all their offers. This way, both IPv4-only and IPv6-only answerers will be able to generate an answer that establishes a session. Note that, in case of forking, the same offer carried in an INVITE request can arrive to an IPv4- only user agent and to an IPv6-only user agent at roughly the same time. Having placed both IPv4 and IPv6 addresses in the offer reduces the session establishment time because both all types of answerers find the offer valid. When following the ICE procedures, in addition to local addresses, user agents need to obtain addresses from relays. For example, and IPv4 user agent would obtain an IPv6 address from a relay. The relay would forward the traffic received on this IPv6 address to the user agent using IPv4. Such user agents MAY use any mechanism to obtain addresses in relays, but, following the recommendations in ICE, it is RECOMMENDED that user agents support TURN [10] [11] for this purpose. User agents that use SDP SHOULD support the ANAT semantics for the SDP grouping framework. ANAT allows user agents to include both IPv4 and IPv6 addresses in their SDP session descriptions. The SIP usage of the ANAT semantics is discussed in [9]. 4.2 Connectivity Checks Once the answerer has generated an answer following the ICE Camarillo, et al. Expires April 20, 2006 [Page 7] Internet-Draft IPv6 Transition in SIP October 2005 procedures, both user agents SHOULD perform the STUN-based [6] connectivity checks specified by ICE. This checks help prevent some types of flooding attacks and allow user agents to discover new addresses that can be useful in the presence of NATs (Network Address Translators). 5. IANA Considerations This document does not contain any actions for the IANA. 6. Security Considerations TBD. 7. Acknowledgment TBD. 8. References 8.1 Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997. [2] Handley, M. and V. Jacobson, "SDP: Session Description Protocol", RFC 2327, April 1998. [3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [4] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with the Session Description Protocol (SDP)", RFC 3264, June 2002. [5] Camarillo, G., Holler, J., and H. Schulzrinne, "Grouping of Media Lines in the Session Description Protocol (SDP)", RFC 3388, December 2002. [6] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)", RFC 3489, March 2003. [7] Camarillo, G. and J. Rosenberg, "The Alternative Network Address Types (ANAT) Semantics for the Session Description Protocol (SDP) Grouping Framework", RFC 4091, June 2005. [8] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol Camarillo, et al. Expires April 20, 2006 [Page 8] Internet-Draft IPv6 Transition in SIP October 2005 (SIP): Locating SIP Servers", RFC 3263, June 2002. [9] Camarillo, G. and J. Rosenberg, "Usage of the Session Description Protocol (SDP) Alternative Network Address Types (ANAT) Semantics in the Session Initiation Protocol (SIP)", RFC 4092, June 2005. [10] Rosenberg, J., Huitema, C., and R. Mahy, "Traversal Using Relay NAT (TURN)", draft-rosenberg-midcom-turn-08 (work in progress), September 2005. [11] Camarillo, G. and O. Novo, "Traversal Using Relay NAT (TURN) Extension for IPv4/IPv6 Transition", draft-camarillo-midcom-turn-ipv6-00 (work in progress), October 2005. [12] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", draft-ietf-mmusic-ice-05 (work in progress), July 2005. 8.2 Informational References [13] Schulzrinne, H., "Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation Protocol (SIP) Servers", RFC 3319, July 2003. [14] Schulzrinne, H., "Dynamic Host Configuration Protocol (DHCP- for-IPv4) Option for Session Initiation Protocol (SIP) Servers", RFC 3361, August 2002. [15] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", RFC 3550, July 2003. [16] Handley, M., Schulzrinne, H., Schooler, E., and J. Rosenberg, "SIP: Session Initiation Protocol", RFC 2543, March 1999. [17] Draves, R., "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC 3484, Feb 2003. [18] Peterson, J., "Session Initiation Protocol (SIP) Authenticated Identity Body (AIB) Format", RFC 3893, September 2004. [19] Gurbani, V. and C. Boulton, "Recommendations on the use of IPv6 in the Session Initiation Protocol (SIP)", draft-gurbani-sipping-ipv6-sip-01 (work in progress), October 2005. Camarillo, et al. Expires April 20, 2006 [Page 9] Internet-Draft IPv6 Transition in SIP October 2005 [20] Peterson, J. and C. Jennings, "Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)", draft-ietf-sip-identity-05 (work in progress), MArch 2005. Authors' Addresses Gonzalo Camarillo Ericsson Hirsalantie 11 Jorvas 02420 Finland Email: Gonzalo.Camarillo@ericsson.com Karim El Malki Athonet Email: karim@athonet.com Vijay K. Gurbani Lucent Technologies, Inc./Bell Laboratories 2000 Lucent Lane Rm 6G-440 Naperville, IL 60566 USA Phone: +1 630 224 0216 Email: vkg@lucent.com Camarillo, et al. Expires April 20, 2006 [Page 10] Internet-Draft IPv6 Transition in SIP October 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Camarillo, et al. Expires April 20, 2006 [Page 11]