1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
|
<pre>Internet Engineering Task Force (IETF) H. Kaplan
Request for Comments: 7332 Oracle
Category: Standards Track V. Pascual
ISSN: 2070-1721 Quobis
August 2014
<span class="h1">Loop Detection Mechanisms for Session Initiation Protocol (SIP)</span>
<span class="h1">Back-to-Back User Agents (B2BUAs)</span>
Abstract
SIP Back-to-Back User Agents (B2BUAs) can cause unending SIP request
routing loops because, as User Agent Clients, they can generate SIP
requests with new Max-Forwards values. This document discusses the
difficulties associated with loop detection for B2BUAs and the
requirements for them to prevent infinite loops.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc7332">http://www.rfc-editor.org/info/rfc7332</a>.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
<span class="grey">Kaplan & Pascual Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc7332">RFC 7332</a> Loop Detection for B2BUAs August 2014</span>
Table of Contents
<a href="#section-1">1</a>. Introduction . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-2">2</a>
<a href="#section-2">2</a>. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-2">2</a>
<a href="#section-3">3</a>. Background . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-4">4</a>. B2BUA Loop-Detection Behavior . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-5">5</a>. B2BUA Max-Forwards Behavior . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-6">6</a>. B2BUA Max-Breadth Behavior . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-7">7</a>. Security Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-8">8</a>. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-9">9</a>. References . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
SIP provides a means of preventing infinite request forwarding loops
in [<a href="./rfc3261" title=""SIP: Session Initiation Protocol"">RFC3261</a>], and a means of mitigating parallel forking
amplification floods in [<a href="./rfc5393" title=""Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies"">RFC5393</a>]. Neither document normatively
defines specific behavior for B2BUAs, however.
Unbounded SIP request loops have actually occurred in SIP deployments
numerous times. The cause of loops is usually misconfiguration, but
the reason they have been unbounded/unending is they crossed B2BUAs
that reset the Max-Forwards value in the SIP requests they generated
on their User Agent Client (UAC) side. Although such behavior is
technically legal per [<a href="./rfc3261" title=""SIP: Session Initiation Protocol"">RFC3261</a>] because a B2BUA is a UAC, the
resulting unbounded loops have caused service outages and make
troubleshooting difficult.
Furthermore, [<a href="./rfc5393" title=""Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies"">RFC5393</a>] also provides a mechanism to mitigate the
impact of parallel forking amplification issues, through the use of a
"Max-Breadth" header field. If a B2BUA does not pass this header
field on, parallel forking amplification is not mitigated with the
[<a href="./rfc5393" title=""Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies"">RFC5393</a>] mechanism.
This document defines normative requirements for Max-Forwards and
Max-Breadth header field behaviors of B2BUAs, in order to mitigate
the effect of loops and parallel forking amplification.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Conventions</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>
[<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
B2BUA terminology and taxonomy used in this document is based on
[<a href="./rfc7092" title=""A Taxonomy of Session Initiation Protocol (SIP) Back-to-Back User Agents"">RFC7092</a>].
<span class="grey">Kaplan & Pascual Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc7332">RFC 7332</a> Loop Detection for B2BUAs August 2014</span>
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Background</span>
Within the context of B2BUAs, the scope of the SIP protocol ends at
the User Agent Server (UAS) side of the B2BUA, and a new one begins
on the UAC side. A B2BUA is thus capable of choosing what it wishes
to do on its UAC side independently of its UAS side, and still
remains compliant with [<a href="./rfc3261" title=""SIP: Session Initiation Protocol"">RFC3261</a>] and its extensions. For example,
any B2BUA type defined in [<a href="./rfc7092" title=""A Taxonomy of Session Initiation Protocol (SIP) Back-to-Back User Agents"">RFC7092</a>] other than Proxy-B2BUA may create
the SIP request on its UAC side without copying any of the Via header
field values received on its UAS side. Indeed there are valid
reasons for it to do so; however, this prevents the Via-based loop-
detection mechanism defined in [<a href="./rfc3261" title=""SIP: Session Initiation Protocol"">RFC3261</a>] and updated by [<a href="./rfc5393" title=""Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies"">RFC5393</a>]
from detecting SIP request loops any earlier than by reaching a Max-
Forwards limit.
Some attempts have been made by B2BUA vendors to detect request loops
in other ways: by keeping track of the number of outstanding dialog-
forming requests for a given caller/called URI pair; or by detecting
when they receive and send their own media addressing information too
many times in certain cases when they are a signaling/media-plane
B2BUA; or by encoding a request instance identifier in some field
they believe will pass through other nodes, and detecting when they
see the same value too many times.
All of these methods are brittle and prone to error, however. They
are brittle because it is very hard to accurately define when a value
has been seen "too many times". Requests can and do fork before and
after B2BUAs process them, and requests legitimately spiral in some
cases, leading to incorrect determination of loops. The mechanisms
are prone to error because there can be other B2BUAs in the loop's
path that interfere with the particular mechanism being used.
Ultimately, the last defense against loops becoming unbounded is to
limit how many SIP hops any request can traverse, which is the
purpose of the SIP Max-Forwards field value. If B2BUAs were to at
least copy and decrement the Max-Forwards header field value from
their UAS to the UAC side, loops would not continue indefinitely.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. B2BUA Loop-Detection Behavior</span>
It is RECOMMENDED that B2BUAs implement the loop-detection mechanism
for the Via header field, as defined for a proxy in [<a href="./rfc5393" title=""Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies"">RFC5393</a>].
<span class="grey">Kaplan & Pascual Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc7332">RFC 7332</a> Loop Detection for B2BUAs August 2014</span>
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. B2BUA Max-Forwards Behavior</span>
This section applies for dialog-forming and out-of-dialog SIP
requests. B2BUAs MAY perform the same actions for in-dialog
requests, but doing so may cause issues with devices that set Max-
Forwards values based upon the number of received Via or Record-Route
headers.
All B2BUA types MUST copy the received Max-Forwards header field from
the received SIP request on their UAS side, to any request(s) they
generate on their UAC side, and decrement the value, as if they were
a proxy following the requirements described in [<a href="./rfc3261" title=""SIP: Session Initiation Protocol"">RFC3261</a>].
Being a UAS, B2BUAs MUST also check the received Max-Forwards header
field and reject or respond to the request if the value is zero, as
defined in [<a href="./rfc3261" title=""SIP: Session Initiation Protocol"">RFC3261</a>].
If the received request did not contain a Max-Forwards header field,
one MUST be created in any request generated in the UAC side, as
described for proxies in <a href="#section-16.6">Section 16.6</a>, Step 3 of [<a href="./rfc3261" title=""SIP: Session Initiation Protocol"">RFC3261</a>]. As in
that specification, the value of the new Max-Forwards header SHOULD
be 70.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. B2BUA Max-Breadth Behavior</span>
All B2BUA types MUST copy the received Max-Breadth header field from
the received SIP request on their UAS side, to any request(s) they
generate on their UAC side, as if they were a proxy following the
requirements described in [<a href="./rfc5393" title=""Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies"">RFC5393</a>].
B2BUAs of all types MUST follow the requirements imposed on Proxies
as described in <a href="./rfc5393#section-5.3.3">Section 5.3.3 of [RFC5393]</a>, including generating the
header field if none is received, limiting its maximum value, etc.
B2BUAs that generate parallel requests on their UAC side for a single
incoming request on the UAS side MUST also follow the rules for Max-
Breadth handling in [<a href="./rfc5393" title=""Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies"">RFC5393</a>] as if they were a parallel forking
proxy.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Security Considerations</span>
The security implications for parallel forking amplification are
documented in <a href="./rfc5393#section-7">Section 7 of [RFC5393]</a>. This document does not
introduce any additional issues beyond those discussed in [<a href="./rfc5393" title=""Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies"">RFC5393</a>].
Some B2BUAs reset the Max-Forwards and Max-Breadth header field
values in order to obfuscate the number of hops a request has already
traversed, as a privacy or security concern. Such goals are at odds
<span class="grey">Kaplan & Pascual Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc7332">RFC 7332</a> Loop Detection for B2BUAs August 2014</span>
with the mechanisms in this document, and administrators can decide
which they consider more important: obfuscation vs. loop detection.
In order to comply with this RFC, manufacturers MUST comply with the
normative rules defined herein by default, but MAY provide user-
configurable overrides as they see fit.
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. Acknowledgments</span>
Thanks to Brett Tate (Broadsoft), Andrew Hutton (Unify), and Anton
Roman (Quobis) for their review of the document.
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. References</span>
<span class="h3"><a class="selflink" id="section-9.1" href="#section-9.1">9.1</a>. Normative References</span>
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC3261">RFC3261</a>] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", <a href="./rfc3261">RFC 3261</a>,
June 2002.
[<a id="ref-RFC5393">RFC5393</a>] Sparks, R., Lawrence, S., Hawrylyshen, A., and B. Campen,
"Addressing an Amplification Vulnerability in Session
Initiation Protocol (SIP) Forking Proxies", <a href="./rfc5393">RFC 5393</a>,
December 2008.
<span class="h3"><a class="selflink" id="section-9.2" href="#section-9.2">9.2</a>. Informative References</span>
[<a id="ref-RFC7092">RFC7092</a>] Kaplan, H. and V. Pascual, "A Taxonomy of Session
Initiation Protocol (SIP) Back-to-Back User Agents", <a href="./rfc7092">RFC</a>
<a href="./rfc7092">7092</a>, December 2013.
Authors' Addresses
Hadriel Kaplan
Oracle
EMail: hadrielk@yahoo.com
Victor Pascual
Quobis
EMail: victor.pascual@quobis.com
Kaplan & Pascual Standards Track [Page 5]
</pre>
|
