File: rfc3308.txt

package info (click to toggle)
doc-rfc 20181229-2
  • links: PTS, VCS
  • area: non-free
  • in suites: buster
  • size: 570,944 kB
  • sloc: xml: 285,646; sh: 107; python: 90; perl: 42; makefile: 14
file content (563 lines) | stat: -rw-r--r-- 21,536 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563






Network Working Group                                         P. Calhoun
Request for Comments: 3308                          Black Storm Networks
Category: Standards Track                                         W. Luo
                                                     Cisco Systems, Inc.
                                                            D. McPherson
                                                                     TCB
                                                               K. Peirce
                                                   Malibu Networks, Inc.
                                                          November 2002


                  Layer Two Tunneling Protocol (L2TP)
                   Differentiated Services Extension

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document describes mechanisms which enable the Layer Two
   Tunneling Protocol (L2TP) to negotiate desired Per Hop Behavior (PHB)
   code for the L2TP control connection, as well as individual sessions
   within an L2TP tunnel.

   L2TP provides a standard method for tunneling PPP packets.  The
   current specification provides no provisions for supporting
   Differentiated Services (diffserv) over the L2TP control connection
   or subsequent data sessions.  As a result, no standard mechanism
   currently exists within L2TP to provide L2TP protocol negotiations
   for service discrimination.












Calhoun, et. al.            Standards Track                     [Page 1]

RFC 3308                L2TP Diffserv Extension            November 2002


Table of Contents

   1.   Specification of Requirements ...............................  2
   2.   Introduction ................................................  2
   3.   Control Connection Operation ................................  3
   3.1. Control Connection DS AVP (SCCRQ, SCCRP) ....................  4
   4.   Session Operation ...........................................  4
   4.1. Session DS AVP (ICRQ, ICRP, OCRQ, OCRP) .....................  6
   5.   DS AVPs Correlation .........................................  6
   6.   PHB Encoding ................................................  6
   7.   DSCP Selection ..............................................  7
   8.   Packet Reordering and Sequence Numbers ......................  7
   9.   Crossing Differentiated Services Boundaries .................  7
   10.  IANA Considerations .........................................  8
   11.  Security Considerations .....................................  8
   12.  Acknowledgements ............................................  8
   13.  References ..................................................  8
   14.  Authors' Addresses ..........................................  9
   15.  Full Copyright Statement .................................... 10

1. Specification of Requirements

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC 2119].

2. Introduction

   The L2TP specification currently provides no mechanism for supporting
   diffserv (DS).  This document describes mechanisms that enable L2TP
   to indicate desired PHB code, as defined in [RFC 3140], to be
   associated with an L2TP control connection, as well as individual
   sessions within an L2TP tunnel.

   The actual bit interpretation of the DS field is beyond the scope of
   this document, and is purposefully omitted.  This document is
   concerned only with defining a uniform exchange and subsequent
   mapping mechanism for the DS AVPs.













Calhoun, et. al.            Standards Track                     [Page 2]

RFC 3308                L2TP Diffserv Extension            November 2002


3. Control Connection Operation

   As defined in [RFC 2661], a control connection operates in-band over
   a tunnel to control the establishment, release, and maintenance of
   sessions and of the tunnel itself.  As such, this document provides a
   mechanism to enable discrimination of L2TP control messages from
   other packets.  For this purpose, we introduce the Control Connection
   DS (CCDS) AVP.

   The presence of the CCDS AVP serves as an indication to the peer (LAC
   or LNS) that the tunnel initiator wishes both the tunnel initiator
   and terminator to use the per-hop behavior(s) (PHB(s)) indicated by
   the AVP's PHB code for all packets within the tunnel's control
   connection.  A PHB is a description of the externally observable
   forwarding behavior of a DS node applied to a particular DS behavior
   aggregate, as defined in [RFC 2475].  The most simple example of a
   PHB is one which guarantees a minimal bandwidth allocation of a link
   to a behavior aggregate.

   Upon receipt of a Start-Control-Connection-Request (SCCRQ) containing
   the CCDS AVP, if the tunnel terminator provides no support for the
   CCDS AVP it MUST ignore the AVP and send an SCCRP to the tunnel
   initiator without the CCDS AVP.  The tunnel initiator interprets the
   absence of the CCDS AVP in the SCCRP as an indication that the tunnel
   terminator is incapable of supporting CCDS.

   Upon receipt of an SCCRP that contains no CCDS AVP in response to a
   SCCRQ that contained a CCDS AVP, if the tunnel initiator wants to
   continue tunnel establishment it sends an SCCCN.  Otherwise, it sends
   a StopCCN to the tunnel terminator to end the connection.  The
   StopCCN control message MUST contain the Result Code 8 that indicates
   CCDS AVP value (47) as the reason for sending the StopCCN.

   If the tunnel terminator provides support for CCDS, it SHOULD use the
   Host Name AVP embedded in SCCRQ to consult its local policy, and to
   determine whether local policy permits the requested PHB code to be
   used on this control connection.  If it is unwilling or unable to
   support the requested PHB code after consulting the local policy, the
   tunnel terminator MUST send an SCCRP control message containing a
   CCDS AVP indicating the value it is willing to use.  If the CCDS AVP
   value is the same as the one in the SCCRQ, it signals the acceptance
   of the requested PHB code.  If the value is different it serves as a
   counter-offer by the tunnel terminator.








Calhoun, et. al.            Standards Track                     [Page 3]

RFC 3308                L2TP Diffserv Extension            November 2002


   If the tunnel initiator receives an SCCRP that contains a CCDS AVP
   with a value other than that requested in the SCCRQ, the tunnel
   initiator SHOULD check the PHB code against its own policy.  If it is
   unwilling to use the value, the tunnel initiator MUST send a StopCCN
   control message containing the Result Code 8 that indicates CCDS AVP
   value (47) as the reason for sending the StopCCN.

3.1. Control Connection DS AVP (SCCRQ, SCCRP)

   The CCDS AVP is encoded as Vendor ID 0, and the Attribute Type is 47.

   Each CCDS AVP is encoded as follows:

     Vendor ID = 0
     Attribute = 47

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |M|H|0|0|0|0|    Length         |              0                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              47               |           PHB Code            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   This AVP MAY be present in the following message types:  SCCRQ and
   SCCRP.  This AVP MAY be hidden (the H-bit set to 0 or 1) and is
   optional (M-bit not set).  The length (before hiding) of this AVP
   MUST be 8 octets.  The encoding of the PHB code is described in
   Section 6.

4. Session Operation

   As defined in [RFC 2661], an L2TP session is connection-oriented. The
   LAC and LNS maintain states for each call that is initiated or
   answered by an LAC.  An L2TP session is created between the LAC and
   LNS when an end-to-end connection is established between a Remote
   System and the LNS.  Datagrams related to the connection are sent
   over the tunnel between the LAC and LNS.  As such, this document
   provides a mechanism to enable discrimination for packets within a
   particular session from those in other sessions.  For this purpose,
   we introduce the Session DS (SDS) AVP.

   The presence of the SDS AVP serves as an indication to the peer (LAC
   or LNS) that the session initiator wishes both the session initiator
   and terminator to use the per-hop behavior(s) (PHB(s)) indicated by
   the AVP's PHB code for all packets within the session.





Calhoun, et. al.            Standards Track                     [Page 4]

RFC 3308                L2TP Diffserv Extension            November 2002


   Upon receipt of an Incoming-Call-Request (ICRQ) or Outgoing-Call-
   Request (OCRQ) containing the SDS AVP if the session terminator
   provides no support for the requested PHB code, the session
   terminator MUST ignore the SDS AVP and send an ICRP or OCRP to the
   session initiator without the SDS AVP.  The session initiator
   interprets the absence of the SDS AVP in the ICRP or OCRP as an
   indication that the session terminator is incapable of supporting
   SDS.

   Upon receipt of an ICRP or OCRP that contains no SDS AVP in response
   to an ICRQ or OCRQ that contained an SDS AVP, if the session
   initiator is willing to omit employing SDS AVP it continues session
   establishment as defined in [RFC 2661].  Otherwise, it sends a CDN to
   the session terminator to end the connection.  The CDN control
   message MUST contain the Result Code 12 that indicates SDS AVP value
   (48) as the reason for sending the CDN.

   In order to help the session terminator to distinguish one session
   from another when consulting the local policy of the PHB code, the
   session initiator MAY use the identifier or a combination of
   identifiers embedded in AVPs such as Proxy Authen Name AVP, Calling
   Number AVP, Called Number AVP, and Sub-Address AVP.  When Proxy
   Authen Name AVP is used as a distinguishor, it SHOULD be present in
   the ICRQ or OCRQ.  The designated DS identifier(s) used for looking
   up the PHB code SHOULD be configurable.

   If the session terminator provides support for SDS, it SHOULD use the
   the designated DS identification AVP (via out-of-band agreement
   between the administrators of the LAC and LNS) to consult the local
   policy and determinate whether the local policy permits the requested
   PHB code to be used on this session.  If it is unwilling or unable to
   support the requested PHB code the session terminator MUST do one of
   the following:

   1) Send a CDN message containing the Result Code 12 that indicates
      SDS AVP value (48) as the reason for sending the CDN.

   2) Send an Incoming-Call-Reply (ICRP) or Outgoing-Call-Reply (OCRP)
      message containing an SDS AVP indicating the PHB code the
      terminator is willing to use for the session.

   If the session terminator supports the PHB code in the SDS AVP
   session establishment MUST continue as defined in [RFC 2661].

   If the session initiator receives an ICRP or OCRP that contains an
   SDS AVP with a value other than that requested in the ICRQ or OCRQ,
   and the session initiator is unwilling to use the value, the session
   initiator MUST send a CDN message containing the Result Code 12 that



Calhoun, et. al.            Standards Track                     [Page 5]

RFC 3308                L2TP Diffserv Extension            November 2002


   indicates SDS AVP value (48) as the reason for sending the CDN.  If
   the session initiator receives an ICRP or OCRP that contains an SDS
   AVP with a value other than that requested in the ICRQ or OCRQ, and
   the session initiator is willing to use the value, the session
   initiator MUST proceed as indicated in [RFC 2661].

4.1. Session DS AVP (ICRQ, ICRP, OCRQ, OCRP)

   The SDS AVP is encoded as Vendor ID 0, and the Attribute Value is 48.

   Each SDS AVP is encoded as follows:

     Vendor ID = 0
     Attribute = 48

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |M|H|0|0|0|0|    Length         |              0                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              48               |           PHB Code            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   This AVP MAY be present in the following message types:  ICRQ, ICRP,
   OCRQ and OCRP.  This AVP MAY be hidden (the H-bit set to 0 or 1) and
   is optional (M-bit is not set 0).  The length (before hiding) of this
   AVP MUST be 8 octets.  The encoding of the PHB code is described in
   Section 6.

5. DS AVPs Correlation

   CCDS AVP and SDS AVP are independent of each other.  CCDS AVP is used
   to signal diffserv for the control connection between two L2TP peers,
   while SDS AVP is used for data connection.  The PHB code signaled in
   one AVP SHOULD NOT have any implication on the PHB code signaled in
   the other AVP.  Implementations MAY choose to implement either or
   both DS AVPs, and operations MAY choose to enable diffserv on either
   or both types of connections.

6. PHB Encoding

   The PHB code is a left-justified 16-bit field using Per Hop Behavior
   (PHB) encoding defined in [RFC 3140].  Note that [RFC 3140] and its
   successor are the ultimate authority defining PHB encoding.







Calhoun, et. al.            Standards Track                     [Page 6]

RFC 3308                L2TP Diffserv Extension            November 2002


   Upon successful establishment of an L2TP tunnel control connection or
   individual L2TP session employing the appropriate DS AVP defined in
   this document, both LAC and LNS MUST use their own PHB-to-DSCP
   mappings of their present DS domains to map the PHB to a DSCP and
   place it in the DS field of the outer IP header of packets
   transmitted on the connection.

7. DSCP Selection

   The requirements or rules of each service and DSCP mapping are set
   through administrative policy mechanisms which are outside the scope
   of this document.

8. Packet Reordering and Sequence Numbers

   [RFC 2474] RECOMMENDS that PHB implementations not cause reordering
   of packets within an individual connection.  [RFC 3140] requires that
   a set of PHBs signaled using a single PHB ID MUST NOT cause
   additional packet reordering within an individual connection vs.
   using a single PHB.  Since the CCDS and SDS AVPs contain one PHB ID,
   use of diffserv PHBs in accordance with this specification should not
   cause additional packet reordering within an L2TP control or data
   connection.

   Sequence numbers are required to be present in all control messages
   and are used to provide reliable delivery on the control connection,
   as defined in [RFC 2661].  While packet reordering is inevitably as
   much a function of the network as it is local traffic conditioning,
   the probability of it occurring when employing the CCDS AVP is same
   as when not employing the AVP.  Data messages MAY use sequence
   numbers to reorder packets and detect lost packets.

9. Crossing Differentiated Services Boundaries

   With the potential that an L2TP connection traverses an arbitrary
   number of DS domains, signaling PHBs via L2TP is more appropriate
   than signaling DSCPs, because it maintains a consistent end-to-end
   differentiated service for the L2TP connection.  As per [RFC 2983],
   the negotiated PHBs are mapped to locally defined DSCPs of the
   current DS domain at the tunnel ingress node.  At the DS domain
   boundary nodes, the DSCPs can be rewritten in the DS field of the
   outer IP header, so that the DSCPs are always with respect to
   whatever DS domain the packet happens to be in.

   As a result, it is perfectly acceptable that the outermost DS field
   of packets arriving on a given control connection or session are not
   marked with the same DSCP value that was used by the tunnel ingress
   node.



Calhoun, et. al.            Standards Track                     [Page 7]

RFC 3308                L2TP Diffserv Extension            November 2002


10. IANA Considerations

   This document defines 2 L2TP Differentiated Services Extension AVPs.
   The IANA has assigned the value of 47 for the "CCDS AVP" defined in
   section 5.1 and the value of 48 for SDS AVP defined in section 6.1.

   IANA has also assigned L2TP Result Code values of 8 for disconnecting
   control connection due to mismatching CCDS value (StopCCN), and 12
   for disconnecting call due to mismatching SDS value (CDN).

11. Security Considerations

   This encoding in itself raises no security issues.  However, users of
   this encoding should consider that modifying a DSCP MAY constitute
   theft or denial of service, so protocols using this encoding MUST be
   adequately protected.  No new security issues beyond those discussed
   in [RFC 2474] and [RFC 2475] are introduced here.

12. Acknowledgements

   Many thanks to David Black, W. Mark Townsley, Nishit Vasavada, Andy
   Koscinski and John Shriver for their review and insightful feedback.

13. References

   [RFC 1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51,
              RFC 1661, July 1994.

   [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC 2474] Nichols, K., Blake, S., Baker, F. and D. Black "Definition
              of the Differentiated Services Field (DS Field) in the
              IPv4 and IPv6 Headers", RFC 2474, December 1998.

   [RFC 2475] Blake, S., Black, D., Carlson, Z., Davies, E., Wang, Z.
              and W. Weiss, "An Architecture for Differentiated
              Services", RFC 2475, December 1998.

   [RFC 2661] Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G.
              and B. Palter, "Layer 2 Tunnel Protocol (L2TP)", RFC 2661,
              August 1999.

   [RFC 2983] Black, D., "Differentiated Services and Tunnels", RFC
              2983, October 2000.






Calhoun, et. al.            Standards Track                     [Page 8]

RFC 3308                L2TP Diffserv Extension            November 2002


   [RFC 3140] Black, D., Brim, S., Carpenter, B. and F. Le Faucheur,
              "Per Hop Behavior Identification Codes", RFC 3140, June
              2001.

14. Authors' Addresses

   Pat R. Calhoun
   110 Nortech Parkway
   San Jose, CA 95134-2307

   Phone: +1 408.941.0500
   EMail: pcalhoun@bstormnetworks.com


   Wei Luo
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA 95134

   Phone: +1 408.525.6906
   EMail: luo@cisco.com


   Danny McPherson
   TCB

   Phone: +1 303.470.9257
   EMail: danny@tcb.net


   Ken Peirce
   Malibu Networks, Inc.
   1107 Investment Blvd, Suite 250
   El Dorado Hills, CA 95762

   Phone: +1 916.941.8814
   EMail: Ken@malibunetworks.com














Calhoun, et. al.            Standards Track                     [Page 9]

RFC 3308                L2TP Diffserv Extension            November 2002


15. Full Copyright Statement

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Calhoun, et. al.            Standards Track                    [Page 10]