PCP Working GroupInternet Engineering Task Force (IETF) M. BoucadairInternet-DraftRequest for Comments: 6970 France TelecomIntended status:Category: Standards Track R. PennoExpires: October 28, 2013ISSN: 2070-1721 D. Wing CiscoApril 26,July 2013 Universal Plug and Play (UPnP) Internet Gateway Device(IGD)-Port- Port Control Protocol(PCP)Interworking Functiondraft-ietf-pcp-upnp-igd-interworking-10(IGD-PCP IWF) Abstract This document specifies the behavior of theUPnP IGD (InternetUniversal Plug and Play (UPnP) Internet GatewayDevice)/PCPDevice - Port Control Protocol InterworkingFunction.Function (IGD-PCP IWF). A UPnP IGD-PCPInterworking Function (IGD-PCP IWF)IWF is required to be embedded inCP (Customer Premises)Customer Premises (CP) routers to allow for transparent NAT control in environments where a UPnP IGD is used on the LAN side and PCP is used on the external side of the CP router.Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].Status of This Memo ThisInternet-Draftissubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsan Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 ofsix monthsRFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on October 28, 2013.http://www.rfc-editor.org/info/rfc6970. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . 2....................................................3 1.1. Requirements Language ......................................3 2. Acronyms. . . . . . . . . . . . . . . . . . . . . . . . . . 3........................................................4 3. Architecture Model. . . . . . . . . . . . . . . . . . . . . 4..............................................4 4. UPnP IGD-PCP IWF: Overview. . . . . . . . . . . . . . . . . 5......................................6 4.1. UPnP IGD-PCP: State Variables. . . . . . . . . . . . . . 6..............................6 4.2. IGD-PCP: Methods. . . . . . . . . . . . . . . . . . . . 7...........................................7 4.3. UPnP IGD-PCP: Errors. . . . . . . . . . . . . . . . . . 8.......................................8 5. Specification of the IGD-PCP IWF. . . . . . . . . . . . . . 9................................9 5.1. PCP Server Discovery. . . . . . . . . . . . . . . . . . 9.......................................9 5.2. Control of the Firewall. . . . . . . . . . . . . . . . . 9...................................10 5.3. Port Mapping Table. . . . . . . . . . . . . . . . . . . 10........................................10 5.4. Interworking FunctionWithoutwithout NAT in the IGD. . . . . . 10..............10 5.5. NAT Embedded in the IGD. . . . . . . . . . . . . . . . . 10...................................11 5.6. Creating a Mapping. . . . . . . . . . . . . . . . . . . 11........................................12 5.6.1. AddAnyPortMapping(). . . . . . . . . . . . . . . . . 11................................12 5.6.2. AddPortMapping(). . . . . . . . . . . . . . . . . . 12...................................13 5.7. Listing One or a Set of Mappings. . . . . . . . . . . . 15..........................16 5.8. Delete One or a Set of Mappings: DeletePortMapping() or DeletePortMappingRange(). . . . . . . . . . . . . . . . 15..................................16 5.9. Renewing a Mapping. . . . . . . . . . . . . . . . . . . 18........................................19 5.10. Rapid Recovery. . . . . . . . . . . . . . . . . . . . . 19...........................................20 6.IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 7.Security Considerations. . . . . . . . . . . . . . . . . . . 20 8.........................................21 7. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . 20 9.................................................21 8. References. . . . . . . . . . . . . . . . . . . . . . . . . 20 9.1......................................................22 8.1. Normative References. . . . . . . . . . . . . . . . . . 21 9.2.......................................22 8.2. Informative References. . . . . . . . . . . . . . . . . 21 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22....................................22 1. IntroductionPCP [I-D.ietf-pcp-base]The Port Control Protocol (PCP) specification [RFC6887] discusses the implementation of NAT control features that rely upon Carrier Grade NAT devices such as aDS-Lite AFTRDual-Stack Lite (DS-Lite) Address Family Transition Router (AFTR) [RFC6333] or NAT64 [RFC6146].Nevertheless, inIn environments whereUPnP IGD (Interneta Universal Plug and Play Internet GatewayDevice)Device (UPnP IGD) is used in the local network, an interworking function between the UPnP IGD and PCP is required to be embedded in the IGD (see the example illustrated in Figure 1). UPnP IGD-PCP UPnP Control Interworking Point Function PCP Server | IGD | | | | | (1)AddPortMappingAddPortMapping() | ||--------------------->||----------------------->| | | | (2) PCP MAP Request | | |-------------------------->| | | | Figure 1: Flow Example Two configurations are considered within this document: o No NAT function is embedded in the IGD (Section 5.4). This isrequiredrequired, forinstanceinstance, in DS-Lite or NAT64deployments;deployments. o The IGD embeds a NAT function (Section 5.5). The UPnP IGD-PCP Interworking Function (UPnP IGD-PCP IWF) maintains a local mapping table that stores all active mappings constructed by internal IGD Control Points. This design choice restricts the amount of PCP messages to be exchanged with the PCPServer.server. Triggers for deactivating the UPnP IGD-PCP IWF from the IGD and relying on a PCP-only mode are out of scopeoffor this document. Considerations related to co-existence of the UPnP IGD-PCP Interworking Function and a PCP Proxy[I-D.ietf-pcp-proxy][PCP-PROXY] are out of scope. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. Acronyms This document makes use of the following abbreviations: DS-Lite - Dual-Stack Lite IGD - Internet Gateway Device IGD:1 - UPnP Forum's nomenclature for version 1 of IGD [IGD1] IGD:2 - UPnP Forum's nomenclature for version 2 of IGD [IGD2] IWF - Interworking Function NAT - Network Address Translation PCP - Port Control Protocol UPnP - Universal Plug and Play 3. Architecture Model As a reminder, Figure 2 illustrates the architecture model as adopted by the UPnP Forum [IGD2]. In Figure 2, the following UPnP terminology is used: o 'Client' refers to a host located in the local network. o 'IGD Control Point' is a device using UPnP to control an IGD (Internet Gateway Device). o 'IGD' is a router supporting a UPnP IGD. It is typically a NAT or a firewall. o 'Host' is a remote peer reachable in the Internet. +-------------+ | IGD Control | | Point |-----+ +-------------+ | +-----+ +------+ +---| | | | | IGD |-------| Host | +---| | | | +-------------+ | +-----+ +------+ | Client |-----+ +-------------+ Figure 2: UPnP IGD Model This model is not valid when PCP is used tocontrolcontrol, forinstanceinstance, a Carrier Grade NAT(a.k.a.,(aka Provider NAT) while internal hosts continue to use a UPnP IGD. In such scenarios, Figure 3 shows the updated model. +-------------+ | IGD Control | | Point |----+ +-------------+ | +-----+ +--------+ +------+ +---| IGD-| |Provider| |Remote| | PCP |------| NAT |--<Internet>---| Host | +---| IWF | | | | | +-------------+ | +-----+ +--------+ +------+ | Local Host |----+ +-------------+ LAN Side External Side <======UPnP IGD==============><=====PCP=====> Figure 3: UPnP IGD-PCP Interworking Model In the updated model depicted in Figure 3, one or two levels of NAT can be encountered in the data path. Indeed, in addition to the Carrier Grade NAT, the IGD may embed a NAT function (Figure 4). +-------------+ | IGD Control | | Point |----+ +-------------+ | +-----+ +--------+ +------+ +---| IGD-| |Provider| |Remote| | PCP |------| NAT |--<Internet>---| Host | +---| IWF | | | | | +-------------+ | +-----+ +--------+ +------+ | Local Host |----+ NAT1 NAT2 +-------------+ Figure 4: Cascaded NATscenarioScenario To ensure successful interworking between a UPnP IGD and PCP, an interworking function is embedded in the IGD. In the model defined in Figure 3, all UPnP IGD server-oriented functions, a PCPClient [I-D.ietf-pcp-base]client [RFC6887], and a UPnP IGD-PCP Interworking Function are embedded in the IGD. In the rest of the document,IGD-PCP IWF"IGD-PCP IWF" refers to the UPnP IGD-PCP Interworking Function, which includes PCPClientclient functionality. Without the involvement of the IGD-PCP IWF, the IGD Control Point would retrieve an external IP address and port numberhaving athat have limited scope andwhichthat cannot be used to communicate with hosts located beyond NAT2 (i.e., assigned by theIGDIGD, and notthe onesthose assigned by NAT2 as depicted in Figure 4). The UPnP IGD-PCP IWF is responsible for generating a well-formed PCP message from a received UPnP IGD message, and vice versa. 4. UPnP IGD-PCP IWF: Overview Three tables are provided to specify the correspondence between a UPnP IGD and PCP: (1) Section 4.1 provides the mapping between WANIPConnectionState Variablesstate variables and PCP parameters; (2) Section 4.2 focuses on the correspondence between supported methods; (3) Section 4.3 lists the PCP error messages and their corresponding IGDones.error messages. Note that some enhancements have been integrated inWANIPConnectionWANIPConnection, as documented in [IGD2]. 4.1. UPnP IGD-PCP: State Variables Below are listed only the UPnP IGD state variables applicable to the IGD-PCP IWF: ExternalIPAddress: External IP Address Read-only variable with the value from the last PCPresponseresponse, or the empty string if none was received yet. This state is stored on aper IGD Control Pointper-IGD-Control-Point basis. PortMappingNumberOfEntries: Managed locally by the UPnP IGD-PCP IWF. PortMappingEnabled: PCP does not support deactivating the dynamic NATmappingmapping, since the initial goal of PCP is to ease the traversal of Carrier Grade NAT. Supporting such per-subscriber function may overload the Carrier Grade NAT. Only "1" is allowed: i.e., the UPnP IGD-PCP Interworking Function MUST send back an error if a value different from 1 is signaled. PortMappingLeaseDuration: Requested Mapping Lifetime In IGD:1[IGD1][IGD1], the value 0 meansinfinite,infinite; inIGD:2IGD:2, it is remapped to the IGD maximum of 604800 seconds [IGD2]. PCP allows for a maximum value of 4294967296 seconds. The UPnP IGD-PCP Interworking Function simulates long and even infinite lifetimes using renewals (see Section 5.9). The behavior of the UPnP IGD-PCP IWF in the case of a failing renewal is currently undefined (see Section 5.9). IGD:1 doesn't define the behavior in the case of stateloss,loss; IGD:2 doesn't requireto keepthat state be kept in stable storage, i.e., to allow the state to survive resets/reboots. The UPnP IGD-PCP Interworking Function MUST support IGD:2 behavior. RemoteHost: Remote Peer IP Address Note that IGD:2 allows a domain name, which has to be resolved to an IP address. Mapped to the Remote Peer IP Address field of the FILTER option. ExternalPort: External Port Number Mapped to the Suggested External Port field in MAP messages. InternalPort: Internal Port Number Mapped to the Internal Port field in MAP messages. PortMappingProtocol: Protocol Mapped to the Protocol field in MAP messages. Note that a UPnP IGD only supports TCP and UDP. InternalClient: Internal IP Address Note that IGD:2 allows a domain name, which has to be resolved to an IP address. Mapped to the Internal IP Address field of the THIRD_PARTY option. PortMappingDescription: Not supported in base PCP. If the local PCPClientclient supports a PCPOptionoption to convey the description (e.g.,[I-D.ietf-pcp-description-option]),[PCP-DESCR-OPT]), this option SHOULD be used to relay the mapping description. SystemUpdateID (IGD:2 only): Managed locally by the UPnP IGD-PCP IWF. A_ARG_TYPE_PortListing (IGD:2 only): Managed locally by the UPnP IGD-PCP IWF. 4.2. IGD-PCP: MethodsBothIGD:1 and IGD:2 methods applicable to the UPnP IGD-PCP Interworking Function are both listed here.GetGenericPortMappingEntry:GetGenericPortMappingEntry(): This request is not relayed to the PCPServer.server. The IGD-PCP Interworking Function maintains a list of active mappings instantiated in the PCPServerserver by internal hosts. See Section 5.7 for more information.GetSpecificPortMappingEntry:GetSpecificPortMappingEntry(): MAP with PREFER_FAILUREOptionoption. This request is relayed to the PCPServerserver by issuing a MAP request with the PREFER_FAILUREOption.option. It is RECOMMENDED to use a short lifetime (e.g., 60 seconds).AddPortMapping:AddPortMapping(): MAP See Section 5.6.2.AddAnyPortMappingAddAnyPortMapping() (IGD:2 only): MAP See Section 5.6.1.DeletePortMapping:DeletePortMapping(): MAP with Requested Lifetime set to 0. See Section 5.8.DeletePortMappingRangeDeletePortMappingRange() (IGD:2 only): MAP with Requested Lifetime set to 0. Individual requests are issued by the IGD-PCP IWF. See Section 5.8 for more details.GetExternalIPAddress:GetExternalIPAddress(): MAP This can be learned from any active mapping. If there are no active mappings, the IGD-PCP IWF MAY request a short-lived mapping (e.g., to the Discard service (TCP/9 or UDP/9) or some other port). However, once that mappingexpiresexpires, a subsequent implicit or explicit dynamic mapping might be mapped to a different external IP address. SeesectionSection 11.6 of[I-D.ietf-pcp-base][RFC6887] for more discussion.GetListOfPortMappings:GetListOfPortMappings(): See Section 5.7 for more information. The IGD-PCP Interworking Function maintains a list of active mappings instantiated in the PCPServer.server. The IGD-PCP Interworking Function handles this request locally. 4.3. UPnP IGD-PCP: Errors This section lists PCPerrorserror codes and the corresponding UPnP IGDones.codes. Error codes specific to IGD:2 are tagged accordingly. 1 UNSUPP_VERSION: 501 "ActionFailed" 2 NOT_AUTHORIZED: IGD:1 718 "ConflictInMappingEntry" / IGD:2 606 "Action not authorized" 3 MALFORMED_REQUEST: 501 "ActionFailed" 4 UNSUPP_OPCODE: 501 "ActionFailed"[I-D.ietf-pcp-base][RFC6887] allows the PCP server to be configured to disable support for the MAPopcode,Opcode, but the IGD-PCP IWF cannot work in this situation. 5 UNSUPP_OPTION: 501 "ActionFailed" This error code can be received if PREFER_FAILURE is not supported on the PCP server. Note that PREFER_FAILURE is not mandatory to support, but AddPortMapping() cannot be implemented without it. 6 MALFORMED_OPTION: 501 "ActionFailed" 7 NETWORK_FAILURE: 501 "ActionFailed" 8 NO_RESOURCES: IGD:1 501 "ActionFailed" / IGD:2 728 "NoPortMapsAvailable" Cannot be distinguished from USER_EX_QUOTA. 9 UNSUPP_PROTOCOL: 501 "ActionFailed" 10 USER_EX_QUOTA: IGD:1 501 "ActionFailed" / IGD:2 728 "NoPortMapsAvailable" Cannot be distinguished from NO_RESOURCES. 11 CANNOT_PROVIDE_EXTERNAL: 718 "ConflictInMappingEntry" (see Section5.7.2)5.6.2) or 714 "NoSuchEntryInArray" (see Section 5.8). 12 ADDRESS_MISMATCH: 501 "ActionFailed" 13 EXCESSIVE_REMOTE_PEERS: 501 "ActionFailed" 5. Specification of the IGD-PCP IWF This section coversthescenarios with or without NAT in the IGD. This specification assumes that the PCPServerserver is configured to accept the MAPOpCode.Opcode. The IGD-PCP IWF handles the "Mapping Nonce" the same way as any PCPClient [I-D.ietf-pcp-base].client [RFC6887]. 5.1. PCP Server Discovery The IGD-PCP IWF implements one of the discovery methods identified in[I-D.ietf-pcp-base][RFC6887] (e.g., DHCP[I-D.ietf-pcp-dhcp]).[PCP-DHCP-OPT]). The IGD-PCP Interworking Function behaves as a PCPClientclient when communicating with provisioned PCPServer(s).server(s). If no IPv4address / IPv6address/IPv6 prefix is assigned to the IGD or the IGD is unable to determine whether it should contact an upstream PCPServer,server, the IGD-PCP Interworking Function MUST NOT be invoked. If the IGD determines that it should establish communication with an upstream PCP server (e.g., because of DHCP configuration or having previouslybeen talking tocommunicated with a PCP server), a "501 ActionFailed" error message is returned to the requesting IGD Control Pointin caseif the IGD-PCP IWF fails to establish communication with that PCPServer. Note,server. Note that the IGD-PCP IWF proceeds to PCPmessagesmessage validation and retransmission the same way as any PCPClient [I-D.ietf-pcp-base].client [RFC6887]. 5.2. Control of the Firewall In order to configure security policies to be applied to inbound and outbound traffic, a UPnP IGD can be used to control a local firewall engine. No IGD-PCP IWF is therefore required for that purpose. The use of the IGD-PCP IWF to control an upstream PCP-controlled firewall is out of scopeoffor this document. 5.3. Port Mapping Table The IGD-PCP IWF MUST store locally all the mappings instantiated by internal IGD Control Points in the PCPServer.server. All mappings SHOULD be stored in permanent storage. Upon receipt of a PCP MAPResponseresponse from the PCPServer,server, the IGD-PCP Interworking Function MUST extract the enclosed mapping and MUST store it in the local mapping table. The local mapping table is an image of the mapping table as maintained by the PCPServerserver for a given subscriber. Each mapping entry stored in the local mapping table is associated with a lifetime as discussed in[I-D.ietf-pcp-base].[RFC6887]. Additional considerations specific to the IGD-PCP Interworking Function are discussed in Section 5.9. 5.4. Interworking FunctionWithoutwithout NAT in the IGD When no NAT is embedded in the IGD, thecontentcontents of received WANIPConnection and PCP messagesisare not altered by the IGD-PCP Interworking Function (i.e., thecontentcontents of WANIPConnection messages are mapped to PCP messages (and mappedback)back), according to Section 4.1). 5.5. NAT Embedded in the IGD When NAT is embedded in the IGD, the IGD-PCP IWF updates thecontentcontents of mapping messages received from the IGD Control Point. These messages will contain an IP address and/or port numberwhichthat belong to an internal host. The IGD-PCP IWF MUST update such messages with the IP address and/or port number belonging to the external interface of the IGD (i.e., after the NAT1 operation as depicted in Figure 4). The IGD-PCP IWF intercepts all WANIPConnection messages issued by the IGD Control Point. For each such message, the IGD-PCP IWF then generates one or more corresponding requests (seeSectionSections 4.1,Section 4.24.2, andSection4.3) and sends them to the provisioned PCPServer.server. Each request sent by the IGD-PCP IWF to the PCPServerserver MUST reflect the mapping information as enforced in the first NAT. Particularly, the internal IP address and/or port number of the requests are replaced with the IP address and/or port number as assigned by the NAT of the IGD. For the reverse path, the IGD-PCP IWF intercepts PCP response messages and generates WANIPConnection response messages. Thecontentcontents of the generated WANIPConnection response messages are set as follows: o The internal IP address and/or port number as initially set by the IGD Control Point and stored in the IGD NAT are used to update the corresponding fields in received PCP responses. o The external IP address and port number are not altered by the IGD-PCP Interworking Function. o The NAT mapping entry in the IGD is updated with the result of each PCP request. The lifetime of the mappings instantiated in the IGD SHOULD be the one assigned by the terminating PCPServer.server. In any case, the lifetime MUST NOT be lower than the one assigned by the terminating PCPServer.server. 5.6. Creating a Mapping Two methods can be used to create a mapping: AddAnyPortMapping()orand AddPortMapping(). 5.6.1. AddAnyPortMapping() Whenaan IGD Control Point issues anAddAnyPortMapping(),AddAnyPortMapping() call, this request is received by the IGD. The request is then relayed to the IGD-PCPIWFIWF, which generates a PCP MAP request (see Section 4.1 for mapping between WANIPConnection and PCP parameters). If the IGD-PCP IWF fails to send the MAP request to its PCPServer,server, it follows the behavior defined in Section 5.1. Upon receipt of a PCP MAP response from the PCPServer,server, the corresponding UPnP IGD method is returned to the requesting IGD Control Point (thecontentcontents of the messagesfollowsfollow the recommendations listed in Section 5.5 or Section5.45.4, according to the deployed scenario). A flow example is depicted in Figure 5. If a PCP error is received from the PCPServer,server, a corresponding WANIPConnection error code (see Section 4.3) is generated by theIGD- PCPIGD-PCP IWF and sent to the requesting IGD Control Point. If ashort lifetimeshort-lifetime error is returned (e.g., NETWORK_FAILURE, NO_RESOURCES), the PCP IWF MAY resend the same request to the PCPServerserver after 30 seconds. If a negative answer is received, the error is then relayed to the requesting IGD Control Point. Discussion: Some applications (e.g., uTorrent, Vuze, eMule) wait 90 seconds or more for a response after sendingana UPnP request. If ashort lifetimeshort-lifetime error occurs, resending the request may lead to a positive response from the PCP server. IGD Control Points are therefore not aware of transient errors. UPnP-PCP UPnP Control Interworking Point Function PCP Server | | ||(1) AddAnyPortMapping| (1) AddAnyPortMapping() | | | ExternalPort=8080 | ||--------------------->||------------------------>| | | | (2) PCP MAP Request | | |Suggested External Port=8080 | | |---------------------------->| | | | | | (3) PCP MAP Response | | | Assigned External Port=6598 | | |<----------------------------||(4) AddAnyPortMapping| (4) AddAnyPortMapping() | | | ReservedPort=6598 | ||<---------------------||<------------------------| | Figure 5: Flowexample whenExample: AddAnyPortMapping()is used5.6.2. AddPortMapping() A dedicated option calledPREFER_FAILURE"PREFER_FAILURE" is defined in[I-D.ietf-pcp-base][RFC6887] to toggle the behavior in a PCPRequestrequest message. This option is inserted by the IGD-PCP IWF when issuing its requests to the PCPServerserver only if a specific external port is requested by the IGD Control Point. Upon receipt of AddPortMapping() from an IGD Control Point, theIGD- PCPIGD-PCP IWF MUST generate a PCP MAPRequestrequest with all requested mapping information as indicated by the IGD Control Point if no NAT is embedded in the IGD or updated as specified in Section 5.5. In addition, the IGD-PCP IWF MUST insert a PREFER_FAILUREOptionoption in the generated PCP request. If the IGD-PCP IWF fails to send the MAP request to its PCPServer,server, it follows the behavior defined in Section 5.1. If the requested external port is not available, the PCP server will send a CANNOT_PROVIDE_EXTERNAL error response: 1. If ashort lifetimeshort-lifetime error is returned, the IGD-PCP IWF MAY resend the same request to the PCPServerserver after 30 seconds without relaying the error to the IGD Control Point. The IGD-PCP IWF MAY repeat this process until a positive answer is received or some maximum retry limit is reached. When the maximum retry limit is reached, the IGD-PCP IWF relays a negative message to the IGD Control Point with ConflictInMappingEntry as the error code. The maximum retry limit is implementation-specific; its default value is 2. 2. If along lifetimelong-lifetime error is returned, the IGD-PCP IWF relays a negative message to the IGD Control Point with ConflictInMappingEntry as the error code. The IGD Control Point may issue a new request with a different requested external port number. This process is typically repeated by the IGD Control Point until a positive answer is received or some maximum retry limit is reached. If the PCPServerserver is able to create or renew a mapping with the requested external port, it sends a positive response to the IGD-PCP IWF. Upon receipt of the response from the PCPServer,server, the IGD-PCP IWF stores the returned mapping in its local mappingtable,table and sends the corresponding positive answer to the requesting IGD Control Point. This answer terminatesthisthe exchange. Figure 6 shows an example of the flow exchange that occurs when the PCPServerserver satisfies the request from the IGD-PCP IWF. Figure 7 shows themessagesmessage exchange when the requested external port is not available. UPnP-PCP UPnP Control Interworking Point Function PCP Server | | | | (1)AddPortMappingAddPortMapping() | | | ExternalPort=8080 | ||--------------------->||----------------------->| | | | (2) PCP MAPrequestRequest | | |Suggested External Port=8080 | | | PREFER_FAILURE | | |---------------------------->| | | | | | (3) PCP MAPresponseResponse | | | Assigned External Port=8080 | | |<----------------------------| | (4)AddPortMappingAddPortMapping() | | | ExternalPort=8080 | ||<---------------------||<-----------------------| | Figure 6: Flow Example (Positive Answer) UPnP-PCP UPnP Control Interworking Point Function PCP Server | | | | (1)AddPortMappingAddPortMapping() | | | ExternalPort=8080 | ||--------------------->||----------------------->| | | | (2) PCP MAP Request | | |Suggested External Port=8080 | | | PREFER_FAILURE | | |---------------------------->| | | (3) PCP MAP Response | | | CANNOT_PROVIDE_EXTERNAL | | |<----------------------------| | (4) Error: | ||ConflictInMappingEntry|||<---------------------|ConflictInMappingEntry | | |<-----------------------| | | (5)AddPortMappingAddPortMapping() | | | ExternalPort=5485 | ||--------------------->||----------------------->| | | | (6) PCP MAP Request | | |Suggested External Port=5485 | | | PREFER_FAILURE | | |---------------------------->| | | (7) PCP MAP Response | | | CANNOT_PROVIDE_EXTERNAL | | |<----------------------------| | (8) Error: | ||ConflictInMappingEntry|||<---------------------|ConflictInMappingEntry | | |<-----------------------| | .... | (a)AddPortMappingAddPortMapping() | | | ExternalPort=6591 | ||--------------------->||----------------------->| | | | (b) PCP MAP Request | | |Suggested External Port=6591 | | | PREFER_FAILURE | | |---------------------------->| | | (c) PCP MAP Response | | | CANNOT_PROVIDE_EXTERNAL | | |<----------------------------| | (d) Error: | ||ConflictInMappingEntry|||<---------------------|ConflictInMappingEntry | | |<-----------------------| | Figure 7: Flow Example (Negative Answer) Note: According to some experiments, some UPnP 1.0 Control Point implementations, e.g., uTorrent, simply try the same external port a number of times (usually 4 times) and then fail if the port is in use. Also note that some applications use GetSpecificPortMappingEntry() tocheckdetermine whether a mapping exists. 5.7. Listing One or a Set of Mappings In order to list active mappings,aan IGD Control Point may issue GetGenericPortMappingEntry(), GetSpecificPortMappingEntry(), or GetListOfPortMappings(). GetGenericPortMappingEntry() and GetListOfPortMappings() methods MUST NOT be proxied to the PCPServerserver, since a local mapping is maintained by the IGD-PCP IWF. Upon receipt of GetSpecificPortMappingEntry() fromaan IGD Control Point, the IGD-PCP IWF MUST check first to see if the external port number is used by the requesting IGD Control Point. If the external port is already in use by the requesting IGD Control Point, the IGD-PCP IWF MUST send back the mapping entry matching the request. If not, the IGD-PCP IWF MUST relay to the PCPServerserver a MAP request, with short lifetime (e.g., 60 seconds), including a PREFER_FAILUREOption.option. If the IGD-PCP IWF fails to send the MAP request to its PCPServer,server, it follows the behavior defined in Section 5.1. If the requested external port is in use, a PCP error message will be sent by the PCPServerserver to the IGD-PCP IWF indicating CANNOT_PROVIDE_EXTERNAL as the error cause. Then, the IGD-PCP IWF relays a negative message to the IGD Control Point. If the port is not in use, the mapping will be created by the PCPServerserver and a positive response will be sent back to the IGD-PCP IWF. Once received by the IGD-PCP IWF, it MUST relay a negative message to the IGD Control Point indicating NoSuchEntryInArray as the error code so that the IGD Control Point knows the queried mapping doesn't exist. 5.8. Delete One or a Set of Mappings: DeletePortMapping() or DeletePortMappingRange()AAn IGD Control Point requests the deletion of one or a list of mappings by issuing DeletePortMapping() or DeletePortMappingRange(). In IGD:2, we assume that the IGD applies the appropriate security policies to determine whether a Control Point has the rights to delete one or a set of mappings. When authorization fails, the "606 Action Not Authorized" error code is returned to the requesting Control Point. When DeletePortMapping() or DeletePortMappingRange() is received by the IGD-PCP IWF, it first checks if the requested mappings to be removed are present in the local mapping table. If no mapping matching the request is found in the local table, an error code is sent back to the IGD Control Point: "714 NoSuchEntryInArray" for DeletePortMapping() or "730 PortMappingNotFound" for DeletePortMappingRange(). Figure 8 shows an example ofaan IGD Control Point asking to delete a mappingwhichthat is not instantiated in the local table of the IWF. UPnP-PCP UPnP Control Interworking Point Function PCP Server | | ||(1) DeletePortMapping| (1) DeletePortMapping() ||--------------------->|| |------------------------>| | | | | | (2) Error: | | | NoSuchEntryInArray | ||<---------------------||<------------------------| | | | | Figure 8: Local Delete (IGD-PCP IWF) If a mapping matches in the local table, a PCP MAP delete request is generated. If no NAT is enabled in the IGD, the IGD-PCP IWF uses the input arguments as included in DeletePortMapping(). If a NAT is enabled in the IGD, the IGD-PCP IWF instead uses the corresponding IP address and port number as assigned by the local NAT. If the IGD-PCP IWF fails to send the MAP request to its PCPServer,server, it follows the behavior defined in Section 5.1. When a positive answer is received from the PCPServer,server, the IGD-PCP IWF updates its local mapping table (i.e., removes the corresponding entry) and notifies the IGD Control Pointaboutof the result of the removal operation. Once the PCP MAP delete request is received by the PCPServer,server, it removes the corresponding entry. A PCP MAP SUCCESS response is sent back if the removal of the corresponding entry was successful; if not, a PCPError is sent back to the IGD-PCP IWF includingerror message containing the corresponding error cause (see Section4.3).4.3) is sent back to the IGD-PCP IWF. If DeletePortMappingRange() is used, the IGD-PCP IWF does a lookup in its local mapping table to retrieve individualmappingsmappings, instantiated by the requesting Control Point (i.e., authorizationchecks) and matchingchecks), that match the signaled port range (i.e., the external port is within the "StartPort" and "EndPort" arguments of DeletePortMappingRange()). If no mapping is found, the "730 PortMappingNotFound" error code is sent to the IGD Control Point (Figure 9). If one or more mappings are found, the IGD-PCP IWF generates individual PCP MAP delete requests corresponding to these mappings (see the example shown in Figure 10). The IGD-PCP IWF MAY send a positive answer to the requesting IGD Control Point without waiting to receive all the answers from the PCPServer.server. UPnP-PCP UPnP Control Interworking Point Function PCP Server | | ||(1)DeletePortMappingRange()| (1) DeletePortMappingRange() | | | StartPort=8596 | | | EndPort =9000 | | | Protocol =UDP | ||--------------------------->||----------------------------->| | | | | | (2) Error: | | | PortMappingNotFound | ||<---------------------------||<-----------------------------| | | | | Figure 9: Flowexample when an error encounteredExample: Error Encountered whenprocessingProcessing DeletePortMappingRange()This exampleFigure 10 illustrates the exchanges that occur when the IWF receives DeletePortMappingRange(). In this example, only two mappings having the external port number in the 6000-6050 range are maintained in the local table. The IWF issues two MAP requests to delete these mappings. UPnP-PCP UPnP Control Interworking Point Function PCP Server | | ||(1)DeletePortMappingRange()| (1) DeletePortMappingRange() | | | StartPort=6000 | | | EndPort =6050 | | | Protocol =UDP | ||--------------------------->||----------------------------->| | | | | | |(2a)PCP(2a) PCP MAP Request | | |protocol=UDPProtocol=UDP | | | internal-ip-address | | | internal-port | | | external-ip-address | | |external-port= 6030external-port=6030 | | |Requested-lifetime= 0Requested-lifetime=0 | ||-------------------------->||------------------------->| | | | | |(2c)PCP(2b) PCP MAP Request | | |protocol=UDPProtocol=UDP | | | internal-ip-address | | | internal-port | | | external-ip-address | | |external-port= 6045external-port=6045 | | |Requested-lifetime= 0Requested-lifetime=0 | ||-------------------------->||------------------------->| | | | |(2b)Positive(3) Positive answer | ||<---------------------------||<-----------------------------| | | | | Figure 10: Example of DeletePortMappingRange() 5.9. Renewing a Mapping Because of the incompatibility of mapping lifetimes between a UPnP IGD and PCP, the IGD-PCP IWF MUST simulate long and even infinite lifetimes. Indeed, for requests having a requested infinite PortMappingLeaseDuration, the IGD-PCP IWF MUST set the Requested Lifetime of the corresponding PCP request to 4294967296. If PortMappingLeaseDuration is not infinite, the IGD-PCP IWF MUST set the Requested Lifetime of the corresponding PCP request to the same value as PortMappingLeaseDuration. Furthermore, the IGD-PCP Interworking Function MUST maintain an additional timer set to the initial requested PortMappingLeaseDuration. Upon receipt of a positive answer from the PCP server, the IGD-PCP IWF relays the corresponding UPnP IGD response to the requesting IGD Control Point with PortMappingLeaseDuration set to the same value asthe onethat of the initial request. Then, the IGD-PCP IWF MUST periodically renew the constructed PCP mapping until the expiry of PortMappingLeaseDuration. Responses received when renewing the mapping MUST NOT be relayed to the IGD Control Point.In caseIf an error is encountered during mapping renewal, the IGD-PCP Interworking Function has no meansto informof informing the IGD ControlPoint.Point of the error. 5.10. Rapid Recovery When the IGD-PCP IWF is co-located with the DHCP server, the state maintained by the IGD-PCP IWF MUST be updated using the state in the local DHCP server. Particularly, if an IP address expires or is released by an internal host, the IGD-PCP IWF MUST delete all the mappings bound to that internal IP address. Upon change of the external IP address of the IGD-PCP IWF, theIGD- PCPIGD-PCP IWF MAY renew the mappings it maintained. This can be achieved only if a full state table is maintained by the IGD-PCP IWF. If the port quota is not exceeded in the PCP server, the IGD-PCP IWF will receive a new external IP address and port numbers. The IGD-PCP IWF has no meansto notifyof notifying internal IGD Control Points of the change of the external IP address and portto internal IGD Control Points.numbers. Stale mappings will be maintained by the PCPServerserver until their lifetime expires. Note: If an address change occurs, protocols that are sensitive to address changes (e.g., TCP) will experiencedisruption (e.g., TCP). [I-D.ietf-pcp-base]disruption. [RFC6887] defines a procedure for the PCPServerserver to notify PCPClients aboutclients of changes related to the mappings it maintains. When an unsolicited ANNOUNCE is received, the IGD-PCP IWF makes one or more MAP requests with the PREFER_FAILURE option to re-install its mappings. If the PCP server cannot create the requested mappings (signaled with the CANNOT_PROVIDE_EXTERNAL error response), theIGD- PCPIGD-PCP IWF has no meansto notify the changeof notifying internal IGD Control Points of any changes of the external IP address and portto internal IGD Control Points.numbers. Unsolicited PCP MAP responses received from a PCPServerserver are handled as any normal MAP response. If a response indicates that the external IP address or port has changed, the IGD-PCP IWF has no meansto notifyof notifying the internal IGD Control Point of this change. Further analysis of PCP failure scenarios for the IGD-PCP Interworking Function are discussed in[I-D.boucadair-pcp-failure].[PCP-FAILURE]. 6.IANA Considerations This document makes no request of IANA. Note to RFC Editor: this section may be removed on publication as an RFC. 7.Security Considerations IGD:2 access control requirements and authorization levels SHOULD be applied by default [IGD2]. When IGD:2 is used, operation onthebehalf of a third party SHOULD be allowed only if authentication and authorization are used [IGD2]. When only IGD:1 is available, operation onthebehalf of a third party SHOULD NOT be allowed. This document defines a procedure to create PCP mappings forthirdthird- party devices belonging to the same subscriber.Means to preventThe means for preventing a malicious user from creating mappings on behalf of a third party must be enabled as discussed in Section 13.1 of[I-D.ietf-pcp-base].[RFC6887]. In particular, the THIRD_PARTY option MUST NOT be enabled unless the network on which the PCP messages are to be sent is fullytrusted. For example iftrusted -- for example, access control listsare(ACLs) installed on the PCP client, the PCP server, and the network between them, so that those ACLs allow only communications from a trusted PCP client to the PCP server. An IGD Control Pointwhichthat issues AddPortMapping(), AddAnyPortMapping(), or GetSpecificPortMappingEntry() requests in a shorter time frame will create a lot of mapping entries on the PCP server.Means to avoid exhaustingThe means for avoiding the exhaustion of port resources (e.g., portquotaquota, as discussed in Section 17.2 of[I-D.ietf-pcp-base])[RFC6887]) SHOULD be enabled. The security considerations discussed in[I-D.ietf-pcp-base][RFC6887] and [Sec_DCP] should be taken into account.8.7. AcknowledgmentsAuthorsThe authors would like to thank F. Fontaine, C. Jacquenet, X. Deng, G. Montenegro, D. Thaler, R. Tirumaleswar, P. Selkirk, T. Lemon, V. Gurbani, and P. Yee for their review and comments. F. Dupont contributed to previous versions of this document. Thanks go to him for his thorough reviews andcontribution. 9.contributions. 8. References9.1.8.1. Normative References[I-D.ietf-pcp-base] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", draft-ietf-pcp- base-29 (work in progress), November 2012.[IGD1] UPnP Forum,,"WANIPConnection:1 Service(http:// www.upnp.org/specs/gw/UPnP-gw- WANIPConnection-v1-Service.pdf)",Template Version 1.01", November2001.2001, <http://upnp.org/specs/ gw/UPnP-gw-WANIPConnection-v1-Service.pdf>. [IGD2] UPnP Forum,,"WANIPConnection:2Service (http://upnp.org/ specs/gw/UPnP-gw-WANIPConnection-v2-Service.pdf)",Service", September2010.2010, <http://upnp.org/specs/gw/ UPnP-gw-WANIPConnection-v2-Service.pdf>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.9.2. Informative References [I-D.boucadair-pcp-failure][RFC6887] Wing, D., Cheshire, S., Boucadair,M. and R.M., Penno, R., and P. Selkirk, "Port Control Protocol(PCP) Failure Scenarios", draft-boucadair-pcp-failure-05 (work in progress), February(PCP)", RFC 6887, April 2013.[I-D.ietf-pcp-description-option]8.2. Informative References [PCP-DESCR-OPT] Boucadair, M., Penno, R., and D. Wing, "PCP Description Option",draft-ietf-pcp-description-option-00 (workWork inprogress), MarchProgress, May 2013.[I-D.ietf-pcp-dhcp][PCP-DHCP-OPT] Boucadair, M., Penno, R., and D. Wing, "DHCP Options for the Port Control Protocol (PCP)",draft-ietf-pcp-dhcp-07 (workWork inprogress),Progress, March 2013.[I-D.ietf-pcp-proxy][PCP-FAILURE] Boucadair, M. and R. Penno, "Analysis of Port Control Protocol (PCP) Failure Scenarios", Work in Progress, May 2013. [PCP-PROXY] Boucadair, M., Penno, R., and D. Wing, "Port Control Protocol (PCP) Proxy Function",draft-ietf-pcp-proxy-02 (workWork inprogress), FebruaryProgress, June 2013. [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers", RFC 6146, April 2011. [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee,"Dual- Stack"Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion", RFC 6333, August 2011. [Sec_DCP] UPnP Forum,,"DeviceProtection:1",Protection:1 Service", February 2011,<(http://upnp.org/specs/gw/UPnP-gw- DeviceProtection-v1-Service.pdf>.<http://upnp.org/specs/gw/ UPnP-gw-DeviceProtection-v1-Service.pdf>. Authors' Addresses Mohamed Boucadair France Telecom Rennes 35000 FranceEmail:EMail: mohamed.boucadair@orange.com Reinaldo Penno Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134 USAEmail:EMail: repenno@cisco.com Dan Wing Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134 USAEmail:EMail: dwing@cisco.com