1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
|
<pre>Network Working Group A. Morton
Request for Comments: 5618 AT&T Labs
Updates: <a href="./rfc5357">5357</a> K. Hedayat
Category: Standards Track EXFO
August 2009
Mixed Security Mode for the Two-Way Active Measurement Protocol (TWAMP)
Abstract
This memo describes a simple extension to TWAMP (the Two-Way Active
Measurement Protocol). The extension adds the option to use
different security modes in the TWAMP-Control and TWAMP-Test
protocols simultaneously. The memo also describes a new IANA
registry for additional features, called the TWAMP Modes registry.
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
<span class="grey">Morton & Hedayat Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc5618">RFC 5618</a> TWAMP Extensions August 2009</span>
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-2">2</a>
<a href="#section-1.1">1.1</a>. Requirements Language ......................................<a href="#page-3">3</a>
<a href="#section-2">2</a>. Purpose and Scope ...............................................<a href="#page-3">3</a>
<a href="#section-3">3</a>. TWAMP Control Extensions ........................................<a href="#page-3">3</a>
<a href="#section-3.1">3.1</a>. Extended Control Connection Setup ..........................<a href="#page-3">3</a>
<a href="#section-4">4</a>. Extended TWAMP Test .............................................<a href="#page-5">5</a>
<a href="#section-4.1">4.1</a>. Sender Behavior ............................................<a href="#page-5">5</a>
<a href="#section-4.1.1">4.1.1</a>. Packet Timings ......................................<a href="#page-5">5</a>
<a href="#section-4.1.2">4.1.2</a>. Packet Format and Content ...........................<a href="#page-5">5</a>
<a href="#section-4.2">4.2</a>. Reflector Behavior .........................................<a href="#page-6">6</a>
<a href="#section-5">5</a>. Security Considerations .........................................<a href="#page-6">6</a>
<a href="#section-6">6</a>. IANA Considerations .............................................<a href="#page-6">6</a>
<a href="#section-6.1">6.1</a>. Registry Specification .....................................<a href="#page-6">6</a>
<a href="#section-6.2">6.2</a>. Registry Management ........................................<a href="#page-6">6</a>
<a href="#section-6.3">6.3</a>. Experimental Numbers .......................................<a href="#page-7">7</a>
<a href="#section-6.4">6.4</a>. Initial Registry Contents ..................................<a href="#page-7">7</a>
<a href="#section-7">7</a>. Acknowledgements ................................................<a href="#page-7">7</a>
<a href="#section-8">8</a>. Normative References ............................................<a href="#page-7">7</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
The Two-Way Active Measurement Protocol (TWAMP) [<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>] is an
extension of the One-Way Active Measurement Protocol (OWAMP)
[<a href="./rfc4656" title=""A One-way Active Measurement Protocol (OWAMP)"">RFC4656</a>]. The TWAMP specification gathered wide review as it
approached completion, and the by-products were several
recommendations for new features in TWAMP. There is a growing number
of TWAMP implementations at present, and widespread usage is
expected. There are even devices that are designed to test
implementations for protocol compliance.
This memo describes a simple extension for TWAMP: the option to use
different security modes in the TWAMP-Control and TWAMP-Test
protocols (mixed security mode). It also describes a new IANA
registry for additional features, called the TWAMP Modes registry.
When the Server and Control-Client have agreed to use the mixed
security mode during control connection setup, then the Control-
Client, the Server, the Session-Sender, and the Session-Reflector
MUST all conform to the requirements of this mode as described in
Sections <a href="#section-3">3</a>, <a href="#section-4">4</a>, and <a href="#section-5">5</a>.
This memo updates [<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>].
<span class="grey">Morton & Hedayat Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc5618">RFC 5618</a> TWAMP Extensions August 2009</span>
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Requirements Language</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <a href="./rfc2119">RFC 2119</a> [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Purpose and Scope</span>
The purpose of this memo is to describe and specify an extension for
TWAMP [<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>], and to request the establishment of a registry for
future TWAMP extensions.
The scope of the memo is limited to specifications of the following:
o Extension of the modes of operation through assignment of one new
value in the Modes field (see <a href="./rfc4656#section-3.1">Section 3.1 of [RFC4656]</a>), while
retaining backward compatibility with TWAMP [<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>]
implementations. This value adds the OPTIONAL ability to use
different security modes in the TWAMP-Control and TWAMP-Test
protocols. The motivation for this extension is to permit the
low-packet-rate TWAMP-Control protocol to utilize a stronger mode
of integrity protection than that used in the TWAMP-Test protocol.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. TWAMP Control Extensions</span>
The TWAMP-Control protocol is a derivative of the OWAMP-Control
protocol, and coordinates a two-way measurement capability. All
TWAMP-Control messages are similar in format and follow similar
guidelines to those defined in <a href="./rfc4656#section-3">Section 3 of [RFC4656]</a>, with the
exceptions described in TWAMP [<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>] and in the following
sections.
All OWAMP-Control messages apply to TWAMP-Control, except for the
Fetch-Session command.
<span class="h3"><a class="selflink" id="section-3.1" href="#section-3.1">3.1</a>. Extended Control Connection Setup</span>
TWAMP-Control connection establishment follows the same procedure
defined in <a href="./rfc4656#section-3.1">Section 3.1 of [RFC4656]</a>. This extended mode assigns one
new bit position (and value) to allow the Test protocol security mode
to operate in Unauthenticated mode, while the Control protocol
operates in Encrypted mode. With this extension, the complete set of
TWAMP Mode values are as follows:
<span class="grey">Morton & Hedayat Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc5618">RFC 5618</a> TWAMP Extensions August 2009</span>
Value Description Reference/Explanation
0 Reserved
1 Unauthenticated <a href="./rfc4656#section-3.1">RFC 4656, Section 3.1</a>
2 Authenticated <a href="./rfc4656#section-3.1">RFC 4656, Section 3.1</a>
4 Encrypted <a href="./rfc4656#section-3.1">RFC 4656, Section 3.1</a>
8 Unauth. TEST protocol, new bit position (3)
Encrypted CONTROL
In the original OWAMP and TWAMP Modes field, setting bit position 0,
1, or 2 indicated the security mode of the Control protocol, and the
Test protocol inherited the same mode (see <a href="./rfc4656#section-4">Section 4 of [RFC4656]</a>).
In this extension to TWAMP, when the Control-Client sets Modes Field
bit position 3, it SHALL discontinue the inheritance of the security
mode in the Test protocol, and each protocol's mode SHALL be as
specified below. When the desired TWAMP-Test protocol mode is
identical to the Control Session mode, the corresponding Modes Field
bit (position 0, 1, or 2) SHALL be set by the Control-Client. The
table below gives the various combinations of integrity protection
that are permissible in TWAMP (with this extension). The TWAMP-
Control and TWAMP-Test protocols SHALL use the mode in each column
corresponding to the bit position set in the Modes Field.
--------------------------------------------------------
Protocol | Permissible Mode Combinations (Modes bit set)
--------------------------------------------------------
Control | Unauth.(0)| Auth. == Encrypted (1,2,3)
--------------------------------------------------------
| Unauth.(0)| Unauth. (3)
-----------------------------------------------
Test | | Auth.(1)
-----------------------------------------------
| | Encrypted (2)
--------------------------------------------------------
Note that the TWAMP-Control protocol security measures are identical
in the Authenticated and Encrypted Modes. Therefore, only one new
bit position (3) is needed to convey the single mixed security mode.
The value of the Modes Field sent by the Server in the Server-
Greeting message is the bit-wise OR of the modes (bit positions) that
it is willing to support during this session. Thus, the last four
<span class="grey">Morton & Hedayat Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc5618">RFC 5618</a> TWAMP Extensions August 2009</span>
bits of the 32-bit Modes Field are used. When no other features are
activated, the first 28 bits MUST be zero. A client conforming to
this extension of [<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>] MAY ignore the values in the first 28
bits of the Modes Field, or it MAY support other features that are
communicated in these bit positions.
Other ways in which TWAMP extends OWAMP are described in [<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>].
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Extended TWAMP Test</span>
The TWAMP-Test protocol is similar to the OWAMP-Test protocol
[<a href="./rfc4656" title=""A One-way Active Measurement Protocol (OWAMP)"">RFC4656</a>] with the exception that the Session-Reflector transmits
test packets to the Session-Sender in response to each test packet it
receives. TWAMP [<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>] defines two different test packet formats:
one for packets transmitted by the Session-Sender and one for packets
transmitted by the Session-Reflector. As with the OWAMP-Test
protocol, there are three security modes that also determine the test
packet format: unauthenticated, authenticated, and encrypted. This
TWAMP extension makes it possible to use TWAMP-Test Unauthenticated
mode regardless of the mode used in the TWAMP-Control protocol.
When the Server has identified the ability to support the mixed
security mode, the Control-Client has selected the mixed security
mode in its Set-Up-Response, and the Server has responded with a zero
Accept field in the Server-Start message, these extensions are
REQUIRED.
<span class="h3"><a class="selflink" id="section-4.1" href="#section-4.1">4.1</a>. Sender Behavior</span>
This section describes extensions to the behavior of the TWAMP
Session-Sender.
<span class="h4"><a class="selflink" id="section-4.1.1" href="#section-4.1.1">4.1.1</a>. Packet Timings</span>
The send schedule is not utilized in TWAMP, and there are no
extensions defined in this memo.
<span class="h4"><a class="selflink" id="section-4.1.2" href="#section-4.1.2">4.1.2</a>. Packet Format and Content</span>
The Session-Sender packet format and content MUST follow the same
procedure and guidelines as defined in <a href="./rfc4656#section-4.1.2">Section 4.1.2 of [RFC4656]</a> and
<a href="./rfc5357#section-4.1.2">Section 4.1.2 of [RFC5357]</a>, with the following exceptions:
o the send schedule is not used, and
o the Session-Sender MUST support the mixed security mode
(Unauthenticated TEST, Encrypted CONTROL, value 8, bit position 3)
defined in <a href="#section-3.1">Section 3.1</a> of this memo.
<span class="grey">Morton & Hedayat Standards Track [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc5618">RFC 5618</a> TWAMP Extensions August 2009</span>
<span class="h3"><a class="selflink" id="section-4.2" href="#section-4.2">4.2</a>. Reflector Behavior</span>
The TWAMP Session-Reflector is REQUIRED to follow the procedures and
guidelines in <a href="./rfc5357#section-4.2">Section 4.2 of [RFC5357]</a>, with the following
extensions:
o the Session-Reflector MUST support the mixed security mode
(Unauthenticated TEST, Encrypted CONTROL, value 8, bit position 3)
defined in <a href="#section-3.1">Section 3.1</a> of this memo.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Security Considerations</span>
The extended mixed mode of operation permits stronger security/
integrity protection on the TWAMP-Control protocol while
simultaneously emphasizing accuracy or efficiency on the TWAMP-Test
protocol, thus making it possible to increase overall security when
compared to the previous options (when resource constraints would
have forced less security for TWAMP-Control and conditions are such
that use of unauthenticated TWAMP-Test is not a significant concern).
The security considerations that apply to any active measurement of
live networks are relevant here as well. See [<a href="./rfc4656" title=""A One-way Active Measurement Protocol (OWAMP)"">RFC4656</a>] and
[<a href="./rfc5357" title=""A Two-Way Active Measurement Protocol (TWAMP)"">RFC5357</a>].
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. IANA Considerations</span>
This memo adds one security mode bit position/value beyond those in
the OWAMP-Control specification [<a href="./rfc4656" title=""A One-way Active Measurement Protocol (OWAMP)"">RFC4656</a>], and describes behavior
when the new mode is used. According to this document, IANA created
a registry for the TWAMP Modes field. This field is a recognized
extension mechanism for TWAMP.
<span class="h3"><a class="selflink" id="section-6.1" href="#section-6.1">6.1</a>. Registry Specification</span>
IANA created a TWAMP Modes registry. TWAMP Modes are specified in
TWAMP Server Greeting messages and Set-up Response messages
consistent with <a href="./rfc4656#section-3.1">Section 3.1 of [RFC4656]</a> and <a href="./rfc5357#section-3.1">Section 3.1 of
[RFC5357]</a>, and extended by this memo. Modes are currently indicated
by setting single bits in the 32-bit Modes Field. However, more
complex encoding may be used in the future. Thus, this registry can
contain a total of 2^32 possible assignments.
<span class="h3"><a class="selflink" id="section-6.2" href="#section-6.2">6.2</a>. Registry Management</span>
Because the TWAMP Modes registry can contain a maximum of 2^32
values, and because TWAMP is an IETF protocol, this registry must be
updated only by "IETF Review" as specified in [<a href="./rfc5226" title="">RFC5226</a>] (an RFC
documenting registry use that is approved by the IESG). For the
<span class="grey">Morton & Hedayat Standards Track [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc5618">RFC 5618</a> TWAMP Extensions August 2009</span>
TWAMP Modes registry, we expect that new features will be assigned
using monotonically increasing single bit positions and in the range
[0-31], unless there is a good reason to do otherwise (more complex
encoding than single bit positions may be used in the future, to
access the 2^32 value space).
<span class="h3"><a class="selflink" id="section-6.3" href="#section-6.3">6.3</a>. Experimental Numbers</span>
No experimental values are currently assigned for the Modes Registry.
<span class="h3"><a class="selflink" id="section-6.4" href="#section-6.4">6.4</a>. Initial Registry Contents</span>
TWAMP Modes Registry
Value Description Semantics Definition
0 Reserved <a href="./rfc5618">RFC 5618</a>
1 Unauthenticated <a href="./rfc4656#section-3.1">RFC 4656, Section 3.1</a>
2 Authenticated <a href="./rfc4656#section-3.1">RFC 4656, Section 3.1</a>
4 Encrypted <a href="./rfc4656#section-3.1">RFC 4656, Section 3.1</a>
8 Unauth. TEST protocol, <a href="./rfc5618#section-3.1">RFC 5618, Section 3.1</a>
Encrypted CONTROL
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Acknowledgements</span>
The authors would like to thank Len Ciavattone and Joel Jaeggli for
helpful review and comments.
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. Normative References</span>
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC4656">RFC4656</a>] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M.
Zekauskas, "A One-way Active Measurement Protocol
(OWAMP)", <a href="./rfc4656">RFC 4656</a>, September 2006.
[<a id="ref-RFC5226">RFC5226</a>] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", <a href="https://www.rfc-editor.org/bcp/bcp26">BCP 26</a>, <a href="./rfc5226">RFC 5226</a>,
May 2008.
[<a id="ref-RFC5357">RFC5357</a>] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J.
Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)",
<a href="./rfc5357">RFC 5357</a>, October 2008.
<span class="grey">Morton & Hedayat Standards Track [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc5618">RFC 5618</a> TWAMP Extensions August 2009</span>
Authors' Addresses
Al Morton
AT&T Labs
200 Laurel Avenue South
Middletown, NJ 07748
USA
Phone: +1 732 420 1571
Fax: +1 732 368 1192
EMail: acmorton@att.com
URI: <a href="http://home.comcast.net/~acmacm/">http://home.comcast.net/~acmacm/</a>
Kaynam Hedayat
EXFO
285 Mill Road
Chelmsford, MA 01824
USA
Phone: +1 978 367 5611
Fax: +1 978 367 5700
EMail: kaynam.hedayat@exfo.com
URI: <a href="http://www.exfo.com/">http://www.exfo.com/</a>
Morton & Hedayat Standards Track [Page 8]
</pre>
|
