[netbsd-mini2440.git] / crypto / dist / ipsec-tools / src / racoon / rfc / draft-ietf-ipsec-udp-encaps-03.txt
| blob | 4b30d75cf88621ccf9e62c39ef516d9ad3c4530b |
2 IP Security Protocol Working Group (IPSEC) A. Huttunen
3 INTERNET-DRAFT F-Secure Corporation
4 Category: Standards track B. Swander
5 Expires: December 2002 Microsoft
6 M. Stenberg
7 SSH Communications Security Corp
8 V. Volpe
9 Cisco Systems
10 L. DiBurro
11 Nortel Networks
12 June 2002
14 UDP Encapsulation of IPsec Packets
15 draft-ietf-ipsec-udp-encaps-03.txt
17 Status of this Memo
19 This document is an Internet-Draft and is in full conformance with
20 all provisions of Section 10 of RFC2026.
22 Internet-Drafts are working documents of the Internet Engineering
23 Task Force (IETF), its areas, and its working groups. Note that
24 other groups may also distribute working documents as
25 Internet-Drafts.
27 Internet-Drafts are draft documents valid for a maximum of six
28 months and may be updated, replaced, or obsoleted by other documents
29 at any time. It is inappropriate to use Internet-Drafts as reference
30 material or to cite them other than as "work in progress."
32 The list of current Internet-Drafts can be accessed at
33 http://www.ietf.org/ietf/1id-abstracts.txt.
35 The list of Internet-Draft Shadow Directories can be accessed at
36 http://www.ietf.org/shadow.html.
38 This Internet-Draft will expire on December, 2002.
40 Copyright Notice
42 Copyright (C) The Internet Society (2002). All Rights Reserved.
44 Abstract
46 This draft defines methods to encapsulate and decapsulate ESP
47 packets inside UDP packets for the purpose of traversing NATs.
49 ESP encapsulation as defined in this document is capable of being
50 used in both IPv4 and IPv6 scenarios.
52 The encapsulation is used whenever negotiated using IKE, as
53 defined in [Kiv02].
55 Change Log
56 Version -01
57 - removed everything related to the AH-protocol
58 - added instructions on how to use the encapsulation with
59 some other key management protocol than IKE
60 Version -02
61 - changed to using 4-byte non-ESP marker, removed all references
62 to using this with other key management protocols
63 - TCP checksum handling for transport mode related discussion
64 modified
65 - copied tunnel mode security considerations from the
66 earlier draft-huttunen-ipsec-esp-in-udp-00.txt draft,
67 added transport mode considerations
68 Version -03
69 - Clarifications to security considerations
71 1. Introduction
73 This draft defines methods to encapsulate and decapsulate ESP
74 packets inside UDP packets for the purpose of traversing NATs.
75 The UDP port numbers are the same as used by IKE traffic, as
76 defined in [Kiv02].
78 It is up to the need of the clients whether transport mode
79 or tunnel mode is to be supported. L2TP/IPsec clients MUST support
80 transport mode since [RFC 3193] defines that L2TP/IPsec MUST use
81 transport mode], and IPsec tunnel mode clients MUST support tunnel
82 mode.
84 An IKE implementation supporting this draft MUST NOT use the
85 ESP SPI field zero for ESP packets. (XXX To be changed to
86 an IANA allocated SPI value later.) This ensures that
87 IKE packets and ESP packets can be distinguished from each other.
89 UDP encapsulation of ESP packets as defined in this document is
90 written in terms of IPv4 headers. There is no technical reason
91 why an IPv6 header could not be used as the outer header and/or
92 as the inner header.
94 2. Packet Formats
96 2.1 UDP-encapsulated ESP Header Format
98 0 1 2 3
99 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
100 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
101 | Source Port | Destination Port |
102 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
103 | Length | Checksum |
104 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
105 | ESP header [RFC 2406] |
106 ~ ~
107 | |
108 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
110 The UDP header is a standard [RFC 768] header, where
111 - Source Port and Destination Port are the same as used by
112 floated IKE traffic.
113 - Checksum is zero.
115 The SPI field in the ESP header must not be zero. (XXX To be
116 changed to an IANA allocated SPI value later.)
118 2.2 Floated IKE Header Format
120 0 1 2 3
121 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
122 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
123 | Source Port | Destination Port |
124 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
125 | Length | Checksum |
126 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
127 | Non-ESP Marker |
128 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
129 | IKE header [RFC 2409] |
130 ~ ~
131 | |
132 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
134 The UDP header is a standard [RFC 768] header, and is used
135 as defined in [Kiv02].
137 Non-ESP Marker is 4 bytes of zero aligning with the SPI field
138 of an ESP packet. (XXX To be changed to an IANA allocated SPI
139 value later.)
141 2.3 NAT-keepalive Packet Format
143 0 1 2 3
144 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
145 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
146 | Source Port | Destination Port |
147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
148 | Length | Checksum |
149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
150 | 0xFF |
151 +-+-+-+-+-+-+-+-+
153 The UDP header is a standard [RFC 768] header, where
154 - Source Port and Destination Port are the same as used by floated
155 IKE traffic.
156 - Checksum is zero.
158 The sender SHOULD use a one octet long payload with the value 0xFF.
159 The receiver SHOULD ignore a received NAT-keepalive packet.
161 3. Encapsulation and Decapsulation Procedures
163 3.1 Auxiliary Procedures
165 3.1.1 Tunnel Mode Decapsulation NAT Procedure
167 When a tunnel mode has been used to transmit packets, the inner
168 IP header can contain addresses that are not suitable for the
169 current network. This procedure defines how these addresses are
170 to be converted to suitable addresses for the current network.
172 Depending on local policy, one of the following MUST be done:
173 a) If a valid source IP address space has been defined in the policy
174 for the encapsulated packets from the peer, check that the source
175 IP address of the inner packet is valid according to the policy.
176 b) If an address has been assigned for the remote peer, check
177 that the source IP address used in the inner packet is the
178 same as the IP address assigned.
179 c) NAT is performed for the packet, making it suitable for transport
180 in the local network.
182 3.1.2 Transport Mode Decapsulation NAT Procedure
184 When a transport mode has been used to transmit packets, contained
185 TCP or UDP headers will contain incorrect checksums due to the change
186 of parts of the IP header during transit. This procedure defines how
187 to fix these checksums.
189 Depending on local policy, one of the following MUST be done:
190 a) If the protocol header after the ESP header is a TCP/UDP
191 header and the peer's real source IP address has been received
192 according to [Kiv02], incrementally recompute the TCP/UDP checksum:
193 - subtract the IP source address in the received packet
194 from the checksum
195 - add the real IP source address received via IKE to the checksum
196 b) If the protocol header after the ESP header is a TCP/UDP
197 header, recompute the checksum field in the TCP/UDP header.
198 c) If the protocol header after the ESP header is an UDP
199 header, zero the checksum field in the UDP header. If the protocol
200 header after the ESP header is a TCP header, and there is an
201 option to flag to the stack that TCP checksum does not need to
202 be computed, then that flag MAY be used. This SHOULD only be done
203 for transport mode, and if the packet is integrity protected. Tunnel
204 mode TCP checksums MUST be verified.
205 [This is not a violation to the spirit of section 4.2.2.7 in RFC 1122
206 because a checksum is being generated by the sender, and verified
207 by the receiver. That checksum is the integrity over the packet
208 performed by IPsec.]
210 In addition an implementation MAY fix any contained protocols that
211 have been broken by NAT.
213 3.2 Transport Mode ESP Encapsulation
215 BEFORE APPLYING ESP/UDP
216 ----------------------------
217 IPv4 |orig IP hdr | | |
218 |(any options)| TCP | Data |
219 ----------------------------
221 AFTER APPLYING ESP/UDP
222 -------------------------------------------------------
223 IPv4 |orig IP hdr | UDP | ESP | | | ESP | ESP|
224 |(any options)| Hdr | Hdr | TCP | Data | Trailer |Auth|
225 -------------------------------------------------------
226 |<----- encrypted ---->|
227 |<------ authenticated ----->|
229 1) Ordinary ESP encapsulation procedure is used.
230 2) A properly formatted UDP header is inserted where shown.
231 3) The Total Length, Protocol and Header Checksum fields in the
232 IP header are edited to match the resulting IP packet.
234 3.3 Transport Mode ESP Decapsulation
236 1) The UDP header is removed from the packet.
237 2) The Total Length, Protocol and Header Checksum fields in the
238 new IP header are edited to match the resulting IP packet.
239 3) Ordinary ESP decapsulation procedure is used.
240 4) Transport mode decapsulation NAT procedure is used.
243 3.4 Tunnel Mode ESP Encapsulation
245 BEFORE APPLYING ESP/UDP
246 ----------------------------
247 IPv4 |orig IP hdr | | |
248 |(any options)| TCP | Data |
249 ----------------------------
251 AFTER APPLYING ESP/UDP
252 --------------------------------------------------------------
253 IPv4 |new h.| UDP | ESP |orig IP hdr | | | ESP | ESP|
254 |(opts)| Hdr | Hdr |(any options)| TCP | Data | Trailer |Auth|
255 --------------------------------------------------------------
256 |<------------ encrypted ----------->|
257 |<------------- authenticated ------------>|
259 1) Ordinary ESP encapsulation procedure is used.
260 2) A properly formatted UDP header is inserted where shown.
261 3) The Total Length, Protocol and Header Checksum fields in the
262 new IP header are edited to match the resulting IP packet.
265 3.5 Tunnel Mode ESP Decapsulation
267 1) The UDP header is removed from the packet.
268 2) The Total Length, Protocol and Header Checksum fields in the
269 new IP header are edited to match the resulting IP packet.
270 3) Ordinary ESP decapsulation procedure is used.
271 4) Tunnel mode decapsulation NAT procedure is used.
273 4. NAT Keepalive Procedure
275 The sole purpose of sending NAT-keepalive packets is to keep
276 NAT mappings alive for the duration of a connection between
277 the peers. Reception of NAT-keepalive packets MUST NOT be
278 used to detect liveness of a connection.
280 A peer MAY send a NAT-keepalive packet if there exists one
281 or more phase I or phase II SAs between the peers, or such
282 an SA has existed at most N minutes earlier. N is a locally
283 configurable parameter with a default value of 5 minutes.
285 A peer SHOULD send a NAT-keepalive packet if a need to send such
286 packets is detected according to [Kiv02] and if no other packet to
287 the peer has been sent in M seconds. M is a locally configurable
288 parameter with a default value of 20 seconds.
290 5. Security Considerations
292 5.1 DoS
294 On some systems ESPUDP may have DoS attack consequences,
295 especially if ordinary operating system UDP-functionality is
296 being used. It may be recommended not to open an ordinary UDP-port
297 for this.
299 5.2 Tunnel Mode Conflict
301 Implementors are warned that it is possible for remote peers to
302 negotiate entries that overlap in a GW, an issue affecting tunnel
303 mode.
305 +----+ \ /
306 | |-------------|----\
307 +----+ / \ \
308 Ari's NAT 1 \
309 Laptop \
310 10.1.2.3 \
311 +----+ \ / \ +----+ +----+
312 | |-------------|----------+------| |----------| |
313 +----+ / \ +----+ +----+
314 Bob's NAT 2 GW Suzy's
315 Laptop Server
316 10.1.2.3
318 Because GW will now see two possible SAs that lead to 10.1.2.3, it
319 can become confused where to send packets coming from Suzy's server.
320 Implementators MUST devise ways of preventing such a thing from
321 occurring.
323 It is recommended that GW either assign locally unique IP addresses
324 to A and B using a protocol such as DHCP over IPsec, or uses NAT to
325 change A's and B's source IP addresses to such locally unique
326 addresses before sending packets forward to S.
328 5.3 Transport Mode Conflict
330 Another similar issue may occur in transport mode, with 2 clients,
331 Ari and Bob, behind the same NAT talking securely to the same server.
333 Cliff wants to talk in the clear to the same server.
335 +----+
336 | |
337 +----+ \
338 Ari's \
339 Laptop \
340 10.1.2.3 \
341 +----+ \ / +----+
342 | |-----+-----------------| |
343 +----+ / \ +----+
344 Bob's NAT Server
345 Laptop /
346 10.1.2.4 /
347 /
348 +----+ /
349 | |/
350 +----+
351 Cliff's
352 Laptop
353 10.1.2.5
357 Now, transport SAs on the server will look like:
358 To Ari: S to NAT, <traffic desc1>, UDP encap <4500, Y>
359 To Bob: S to NAT, <traffic desc2>, UDP encap <4500, Z>
361 Cliff's traffic is in the clear, so there is no SA.
363 <traffic desc> is the protocol and port information.
364 The UDP encap ports are the ports used in UDP encapsulated
365 ESP format of section 2.1. Y,Z are the dynamic ports assigned
366 by the NAT during the IKE negotiation. So IKE traffic from
367 Ari's laptop goes out on UDP <4500,4500>. It reaches the server
368 as UDP <Y,4500>, where Y is the dynamically assigned port.
370 If the <traffic desc1> overlaps <traffic desc2>, then
371 simple filter lookups may not be sufficient to determine
372 which SA needs to be used to send traffic. Implementations
373 MUST handle this situation, either by disallowing
374 conflicting connections, or by other means.
376 Assume now that Cliff wants to connect to the server S in the
377 clear. This is going to be difficult to configure since
378 the server already has a policy from S to the NAT's external
379 address, for securing <traffic desc>. For totally non-overlapping
380 traffic descriptions, this is possible.
382 Sample server policy could be:
383 To Ari: S to NAT, All UDP, secure
384 To Bob: S to NAT, All TCP, secure
385 To Cliff: S to NAT, ALL ICMP, clear text
387 Note, this policy also lets Ari and Bob send cleartext ICMP to the
388 server.
390 The server sees all clients behind the NAT as the same IP address,
391 so setting up different policies for the same traffic descriptor
392 is in principle impossible.
394 A problematic example configuration on the server is:
396 S to NAT, TCP, secure (for Ari and Bob)
397 S to NAT, TCP, clear (for Cliff)
399 The problem is that the server cannot enforce his policy, since it
400 is possible that misbehaving Bob sends traffic in the clear. This
401 is indistinguishable from Cliff sending traffic in the clear.
402 So it is impossible to guarantee security from some clients behind
403 a NAT, and also allow clear text from different clients behind the
404 SAME NAT. If the server's security policy allows, however, it can
405 do best effort security: if the client from behind the NAT
406 initiates security, his connection will be secured. If he sends
407 in the clear, the server will still accept that clear text.
409 So, for security guarantees, the above problematic scenario MUST NOT
410 be allowed on servers. For best effort security, this scenario MAY
411 be used.
413 6. Intellectual Property Rights
415 The IETF has been notified of intellectual property rights claimed in
416 regard to some or all of the specification contained in this document.
417 For more information consult the online list of claimed rights.
419 SSH Communications Security Corp has notified the working group of one
420 or more patents or patent applications that may be relevant to this
421 internet-draft. SSH Communications Security Corp has already given a
422 licence for those patents to the IETF. For more information consult the
423 online list of claimed rights.
425 7. Acknowledgments
427 Thanks to Tero Kivinen and William Dixon who contributed actively
428 to this document.
430 Thanks to Joern Sierwald, Tamir Zegman, Tatu Ylonen and
431 Santeri Paavolainen who contributed to the previous drafts
432 about NAT traversal.
434 8. References
436 [RFC 768] Postel, J., "User Datagram Protocol", August 1980
438 [RFC 1122] R. Braden (Editor), "Requirements for Internet Hosts
439 -- Communication Layers", October 1989
441 [RFC-2119] Bradner, S., "Key words for use in RFCs to indicate
442 Requirement Levels", March 1997
444 [RFC 2406] Kent, S., "IP Encapsulating Security Payload (ESP)",
445 November 1998
447 [RFC 2409] D. Harkins, D. Carrel, "The Internet Key Exchange
448 (IKE)", November 1998
450 [RFC 3193] Patel, B. et. al, "Securing L2TP using IPsec",
451 November 2001
453 [Kiv02] Kivinen, T. et. al., draft-ietf-ipsec-nat-t-ike-02.txt,
454 "Negotiation of NAT-Traversal in the IKE", April 2002
457 9. Authors' Addresses
459 Ari Huttunen
460 F-Secure Corporation
461 Tammasaarenkatu 7
462 FIN-00181 HELSINKI
463 Finland
464 E-mail: Ari.Huttunen@F-Secure.com
466 Brian Swander
467 Microsoft
468 One Microsoft Way
469 Redmond WA 98052
470 E-mail: briansw@microsoft.com
472 Markus Stenberg
473 SSH Communications Security Corp
474 Fredrikinkatu 42
475 FIN-00100 HELSINKI
476 Finland
477 E-mail: mstenber@ssh.com
479 Victor Volpe
480 Cisco Systems
481 124 Grove Street
482 Suite 205
483 Franklin, MA 02038
484 E-mail: vvolpe@cisco.com
486 Larry DiBurro
487 Nortel Networks
488 80 Central Street
489 Boxborough, MA 01719
490 ldiburro@nortelnetworks.com