Network Working Group A. Morton
Request for Comments: 5618 AT&T Labs
Updates: 5357 K. Hedayat
Category: Standards Track EXFO
August 2009
Network Working Group A. Morton
Request for Comments: 5618 AT&T Labs
Updates: 5357 K. Hedayat
Category: Standards Track EXFO
August 2009
Mixed Security Mode for the Two-Way Active Measurement Protocol (TWAMP)
双向主动测量协议(TWAMP)的混合安全模式
Abstract
摘要
This memo describes a simple extension to TWAMP (the Two-Way Active Measurement Protocol). The extension adds the option to use different security modes in the TWAMP-Control and TWAMP-Test protocols simultaneously. The memo also describes a new IANA registry for additional features, called the TWAMP Modes registry.
本备忘录描述了对TWAMP(双向主动测量协议)的简单扩展。扩展添加了在TWAMP控制和TWAMP测试协议中同时使用不同安全模式的选项。备忘录还描述了一个新的IANA注册表,用于其他功能,称为TWAMP模式注册表。
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托在本文件出版之日生效的与IETF文件有关的法律规定的约束(http://trustee.ietf.org/license-info). 请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Table of Contents
目录
1. Introduction ....................................................2
1.1. Requirements Language ......................................3
2. Purpose and Scope ...............................................3
3. TWAMP Control Extensions ........................................3
3.1. Extended Control Connection Setup ..........................3
4. Extended TWAMP Test .............................................5
4.1. Sender Behavior ............................................5
4.1.1. Packet Timings ......................................5
4.1.2. Packet Format and Content ...........................5
4.2. Reflector Behavior .........................................6
5. Security Considerations .........................................6
6. IANA Considerations .............................................6
6.1. Registry Specification .....................................6
6.2. Registry Management ........................................6
6.3. Experimental Numbers .......................................7
6.4. Initial Registry Contents ..................................7
7. Acknowledgements ................................................7
8. Normative References ............................................7
1. Introduction ....................................................2
1.1. Requirements Language ......................................3
2. Purpose and Scope ...............................................3
3. TWAMP Control Extensions ........................................3
3.1. Extended Control Connection Setup ..........................3
4. Extended TWAMP Test .............................................5
4.1. Sender Behavior ............................................5
4.1.1. Packet Timings ......................................5
4.1.2. Packet Format and Content ...........................5
4.2. Reflector Behavior .........................................6
5. Security Considerations .........................................6
6. IANA Considerations .............................................6
6.1. Registry Specification .....................................6
6.2. Registry Management ........................................6
6.3. Experimental Numbers .......................................7
6.4. Initial Registry Contents ..................................7
7. Acknowledgements ................................................7
8. Normative References ............................................7
The Two-Way Active Measurement Protocol (TWAMP) [RFC5357] is an extension of the One-Way Active Measurement Protocol (OWAMP) [RFC4656]. The TWAMP specification gathered wide review as it approached completion, and the by-products were several recommendations for new features in TWAMP. There is a growing number of TWAMP implementations at present, and widespread usage is expected. There are even devices that are designed to test implementations for protocol compliance.
双向主动测量协议(TWAMP)[RFC5357]是单向主动测量协议(OWAMP)[RFC4656]的扩展。TWAMP规范在接近完成时得到了广泛的审查,副产品是对TWAMP新特性的几项建议。目前有越来越多的TWAMP实现,预计将广泛使用。甚至还有一些设备被设计用来测试协议遵从性的实现。
This memo describes a simple extension for TWAMP: the option to use different security modes in the TWAMP-Control and TWAMP-Test protocols (mixed security mode). It also describes a new IANA registry for additional features, called the TWAMP Modes registry.
本备忘录描述了TWAMP的一个简单扩展:在TWAMP控制和TWAMP测试协议(混合安全模式)中使用不同安全模式的选项。它还描述了一个新的IANA注册中心的附加功能,称为TWAMP模式注册中心。
When the Server and Control-Client have agreed to use the mixed security mode during control connection setup, then the Control-Client, the Server, the Session-Sender, and the Session-Reflector MUST all conform to the requirements of this mode as described in Sections 3, 4, and 5.
当服务器和控制客户端同意在控制连接设置过程中使用混合安全模式时,控制客户端、服务器、会话发送器和会话反射器都必须符合第3、4和5节中所述的该模式的要求。
This memo updates [RFC5357].
此备忘录更新了[RFC5357]。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
The purpose of this memo is to describe and specify an extension for TWAMP [RFC5357], and to request the establishment of a registry for future TWAMP extensions.
本备忘录的目的是描述和指定TWAMP[RFC5357]的扩展,并请求为未来的TWAMP扩展建立注册中心。
The scope of the memo is limited to specifications of the following:
备忘录的范围仅限于以下规范:
o Extension of the modes of operation through assignment of one new value in the Modes field (see Section 3.1 of [RFC4656]), while retaining backward compatibility with TWAMP [RFC5357] implementations. This value adds the OPTIONAL ability to use different security modes in the TWAMP-Control and TWAMP-Test protocols. The motivation for this extension is to permit the low-packet-rate TWAMP-Control protocol to utilize a stronger mode of integrity protection than that used in the TWAMP-Test protocol.
o 通过在模式字段中分配一个新值(参见[RFC4656]第3.1节)扩展操作模式,同时保留与TWAMP[RFC5357]实现的向后兼容性。此值添加了在TWAMP控制和TWAMP测试协议中使用不同安全模式的可选功能。此扩展的动机是允许低分组速率TWAMP控制协议使用比TWAMP测试协议中使用的更强大的完整性保护模式。
The TWAMP-Control protocol is a derivative of the OWAMP-Control protocol, and coordinates a two-way measurement capability. All TWAMP-Control messages are similar in format and follow similar guidelines to those defined in Section 3 of [RFC4656], with the exceptions described in TWAMP [RFC5357] and in the following sections.
TWAMP控制协议是OWAMP控制协议的衍生产品,并协调双向测量能力。除TWAMP[RFC5357]和以下章节中所述的例外情况外,所有TWAMP控制信息的格式和遵循的指南与[RFC4656]第3节中定义的类似。
All OWAMP-Control messages apply to TWAMP-Control, except for the Fetch-Session command.
除Fetch Session命令外,所有OWAMP控制消息均应用于TWAMP控制。
TWAMP-Control connection establishment follows the same procedure defined in Section 3.1 of [RFC4656]. This extended mode assigns one new bit position (and value) to allow the Test protocol security mode to operate in Unauthenticated mode, while the Control protocol operates in Encrypted mode. With this extension, the complete set of TWAMP Mode values are as follows:
TWAMP控制连接的建立遵循[RFC4656]第3.1节中定义的相同程序。此扩展模式分配一个新的位位置(和值),以允许测试协议安全模式在未经验证的模式下运行,而控制协议在加密模式下运行。通过此扩展,完整的TWAMP模式值集如下所示:
Value Description Reference/Explanation
价值描述参考/解释
0 Reserved
0保留
1 Unauthenticated RFC 4656, Section 3.1
1未经认证的RFC 4656,第3.1节
2 Authenticated RFC 4656, Section 3.1
2认证RFC 4656,第3.1节
4 Encrypted RFC 4656, Section 3.1
4加密RFC 4656,第3.1节
8 Unauth. TEST protocol, new bit position (3) Encrypted CONTROL
8未经批准。测试协议,新位位置(3)加密控制
In the original OWAMP and TWAMP Modes field, setting bit position 0, 1, or 2 indicated the security mode of the Control protocol, and the Test protocol inherited the same mode (see Section 4 of [RFC4656]).
在原始OWAMP和TWAMP模式字段中,设置位位置0、1或2表示控制协议的安全模式,测试协议继承相同模式(参见[RFC4656]第4节)。
In this extension to TWAMP, when the Control-Client sets Modes Field bit position 3, it SHALL discontinue the inheritance of the security mode in the Test protocol, and each protocol's mode SHALL be as specified below. When the desired TWAMP-Test protocol mode is identical to the Control Session mode, the corresponding Modes Field bit (position 0, 1, or 2) SHALL be set by the Control-Client. The table below gives the various combinations of integrity protection that are permissible in TWAMP (with this extension). The TWAMP-Control and TWAMP-Test protocols SHALL use the mode in each column corresponding to the bit position set in the Modes Field.
在对TWAMP的扩展中,当控制客户端设置模式字段位位置3时,它应中断测试协议中安全模式的继承,每个协议的模式应如下所述。当所需的TWAMP测试协议模式与控制会话模式相同时,控制客户端应设置相应的模式字段位(位置0、1或2)。下表给出了TWAMP(具有此扩展)中允许的各种完整性保护组合。TWAMP控制和TWAMP测试协议应使用与模式字段中设置的位位置相对应的每列模式。
--------------------------------------------------------
Protocol | Permissible Mode Combinations (Modes bit set)
--------------------------------------------------------
Control | Unauth.(0)| Auth. == Encrypted (1,2,3)
--------------------------------------------------------
| Unauth.(0)| Unauth. (3)
-----------------------------------------------
Test | | Auth.(1)
-----------------------------------------------
| | Encrypted (2)
--------------------------------------------------------
--------------------------------------------------------
Protocol | Permissible Mode Combinations (Modes bit set)
--------------------------------------------------------
Control | Unauth.(0)| Auth. == Encrypted (1,2,3)
--------------------------------------------------------
| Unauth.(0)| Unauth. (3)
-----------------------------------------------
Test | | Auth.(1)
-----------------------------------------------
| | Encrypted (2)
--------------------------------------------------------
Note that the TWAMP-Control protocol security measures are identical in the Authenticated and Encrypted Modes. Therefore, only one new bit position (3) is needed to convey the single mixed security mode.
请注意,TWAMP控制协议安全措施在认证和加密模式下是相同的。因此,仅需要一个新的比特位置(3)来传送单一混合安全模式。
The value of the Modes Field sent by the Server in the Server-Greeting message is the bit-wise OR of the modes (bit positions) that it is willing to support during this session. Thus, the last four
服务器在服务器问候语消息中发送的模式字段的值是按位或在此会话期间它愿意支持的模式(位位置)的值。因此,最后四个
bits of the 32-bit Modes Field are used. When no other features are activated, the first 28 bits MUST be zero. A client conforming to this extension of [RFC5357] MAY ignore the values in the first 28 bits of the Modes Field, or it MAY support other features that are communicated in these bit positions.
使用32位模式字段的位。当没有激活其他功能时,前28位必须为零。符合[RFC5357]扩展的客户机可以忽略模式字段前28位的值,也可以支持在这些位位置通信的其他功能。
Other ways in which TWAMP extends OWAMP are described in [RFC5357].
[RFC5357]中描述了TWAMP扩展OWAMP的其他方式。
The TWAMP-Test protocol is similar to the OWAMP-Test protocol [RFC4656] with the exception that the Session-Reflector transmits test packets to the Session-Sender in response to each test packet it receives. TWAMP [RFC5357] defines two different test packet formats: one for packets transmitted by the Session-Sender and one for packets transmitted by the Session-Reflector. As with the OWAMP-Test protocol, there are three security modes that also determine the test packet format: unauthenticated, authenticated, and encrypted. This TWAMP extension makes it possible to use TWAMP-Test Unauthenticated mode regardless of the mode used in the TWAMP-Control protocol.
TWAMP测试协议类似于OWAMP测试协议[RFC4656],不同之处在于会话反射器将测试数据包发送给会话发送器,以响应其接收到的每个测试数据包。TWAMP[RFC5357]定义了两种不同的测试数据包格式:一种用于会话发送器传输的数据包,另一种用于会话反射器传输的数据包。与OWAMP测试协议一样,有三种安全模式也决定了测试数据包的格式:未经验证、已验证和已加密。此TWAMP扩展使使用未经验证的TWAMP测试模式成为可能,而与TWAMP控制协议中使用的模式无关。
When the Server has identified the ability to support the mixed security mode, the Control-Client has selected the mixed security mode in its Set-Up-Response, and the Server has responded with a zero Accept field in the Server-Start message, these extensions are REQUIRED.
当服务器识别出支持混合安全模式的能力,控制客户端在其设置响应中选择了混合安全模式,并且服务器在服务器启动消息中使用零接受字段进行响应时,这些扩展是必需的。
This section describes extensions to the behavior of the TWAMP Session-Sender.
本节介绍对TWAMP会话发送方行为的扩展。
The send schedule is not utilized in TWAMP, and there are no extensions defined in this memo.
TWAMP中未使用发送计划,并且此备忘录中未定义扩展。
The Session-Sender packet format and content MUST follow the same procedure and guidelines as defined in Section 4.1.2 of [RFC4656] and Section 4.1.2 of [RFC5357], with the following exceptions:
会话发送方数据包格式和内容必须遵循[RFC4656]第4.1.2节和[RFC5357]第4.1.2节中定义的相同程序和指南,但以下情况除外:
o the send schedule is not used, and
o 未使用发送计划,并且
o the Session-Sender MUST support the mixed security mode (Unauthenticated TEST, Encrypted CONTROL, value 8, bit position 3) defined in Section 3.1 of this memo.
o 会话发送方必须支持本备忘录第3.1节中定义的混合安全模式(未经验证的测试、加密控制、值8、位3)。
The TWAMP Session-Reflector is REQUIRED to follow the procedures and guidelines in Section 4.2 of [RFC5357], with the following extensions:
TWAMP会话反射器需要遵循[RFC5357]第4.2节中的程序和指南,并进行以下扩展:
o the Session-Reflector MUST support the mixed security mode (Unauthenticated TEST, Encrypted CONTROL, value 8, bit position 3) defined in Section 3.1 of this memo.
o 会话反射器必须支持本备忘录第3.1节中定义的混合安全模式(未经验证的测试、加密控制、值8、位3)。
The extended mixed mode of operation permits stronger security/ integrity protection on the TWAMP-Control protocol while simultaneously emphasizing accuracy or efficiency on the TWAMP-Test protocol, thus making it possible to increase overall security when compared to the previous options (when resource constraints would have forced less security for TWAMP-Control and conditions are such that use of unauthenticated TWAMP-Test is not a significant concern).
扩展的混合操作模式允许在TWAMP控制协议上提供更强的安全性/完整性保护,同时强调TWAMP测试协议的准确性或效率,因此与以前的选项相比,可以提高整体安全性(当资源限制会迫使TWAMP控制的安全性降低,并且条件是使用未经验证的TWAMP测试不是一个重大问题时)。
The security considerations that apply to any active measurement of live networks are relevant here as well. See [RFC4656] and [RFC5357].
适用于实时网络的任何主动测量的安全注意事项也与此相关。参见[RFC4656]和[RFC5357]。
This memo adds one security mode bit position/value beyond those in the OWAMP-Control specification [RFC4656], and describes behavior when the new mode is used. According to this document, IANA created a registry for the TWAMP Modes field. This field is a recognized extension mechanism for TWAMP.
此备忘录在OWAMP控制规范[RFC4656]中增加了一个安全模式位位置/值,并描述了使用新模式时的行为。根据本文档,IANA为TWAMP模式字段创建了一个注册表。此字段是公认的TWAMP扩展机制。
IANA created a TWAMP Modes registry. TWAMP Modes are specified in TWAMP Server Greeting messages and Set-up Response messages consistent with Section 3.1 of [RFC4656] and Section 3.1 of [RFC5357], and extended by this memo. Modes are currently indicated by setting single bits in the 32-bit Modes Field. However, more complex encoding may be used in the future. Thus, this registry can contain a total of 2^32 possible assignments.
IANA创建了一个TWAMP模式注册表。TWAMP模式在符合[RFC4656]第3.1节和[RFC5357]第3.1节的TWAMP服务器问候信息和设置响应信息中指定,并通过本备忘录进行扩展。当前通过在32位模式字段中设置单个位来指示模式。然而,将来可能会使用更复杂的编码。因此,此注册表总共可以包含2^32个可能的分配。
Because the TWAMP Modes registry can contain a maximum of 2^32 values, and because TWAMP is an IETF protocol, this registry must be updated only by "IETF Review" as specified in [RFC5226] (an RFC documenting registry use that is approved by the IESG). For the
由于TWAMP模式注册表最多可包含2^32个值,并且由于TWAMP是一个IETF协议,因此只能通过[RFC5226]中指定的“IETF审查”来更新该注册表(由IESG批准的记录注册表使用的RFC)。对于
TWAMP Modes registry, we expect that new features will be assigned using monotonically increasing single bit positions and in the range [0-31], unless there is a good reason to do otherwise (more complex encoding than single bit positions may be used in the future, to access the 2^32 value space).
在TWAMP模式注册表中,我们预计新功能将在[0-31]范围内使用单调递增的单位位置分配,除非有充分理由这样做(将来可能会使用比单位位置更复杂的编码来访问2^32值空间)。
No experimental values are currently assigned for the Modes Registry.
当前没有为模式注册表指定任何实验值。
TWAMP Modes Registry Value Description Semantics Definition 0 Reserved RFC 5618
TWAMP模式注册表值描述语义定义0保留RFC 5618
1 Unauthenticated RFC 4656, Section 3.1
1未经认证的RFC 4656,第3.1节
2 Authenticated RFC 4656, Section 3.1
2认证RFC 4656,第3.1节
4 Encrypted RFC 4656, Section 3.1
4加密RFC 4656,第3.1节
8 Unauth. TEST protocol, RFC 5618, Section 3.1 Encrypted CONTROL
8未经批准。测试协议,RFC 5618,第3.1节加密控制
The authors would like to thank Len Ciavattone and Joel Jaeggli for helpful review and comments.
作者要感谢Len Ciavattone和Joel Jaeggli的有益评论和评论。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. Zekauskas, "A One-way Active Measurement Protocol (OWAMP)", RFC 4656, September 2006.
[RFC4656]Shalunov,S.,Teitelbaum,B.,Karp,A.,Boote,J.,和M.Zekauskas,“单向主动测量协议(OWAMP)”,RFC 46562006年9月。
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.
[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月。
[RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", RFC 5357, October 2008.
[RFC5357]Hedayat,K.,Krzanowski,R.,Morton,A.,Yum,K.,和J.Babiarz,“双向主动测量协议(TWAMP)”,RFC 5357,2008年10月。
Authors' Addresses
作者地址
Al Morton AT&T Labs 200 Laurel Avenue South Middletown, NJ 07748 USA
美国新泽西州劳雷尔大道南米德尔顿200号阿尔莫顿AT&T实验室,邮编:07748
Phone: +1 732 420 1571
Fax: +1 732 368 1192
EMail: acmorton@att.com
URI: http://home.comcast.net/~acmacm/
Phone: +1 732 420 1571
Fax: +1 732 368 1192
EMail: acmorton@att.com
URI: http://home.comcast.net/~acmacm/
Kaynam Hedayat EXFO 285 Mill Road Chelmsford, MA 01824 USA
美国马萨诸塞州切姆斯福德密尔路285号Kaynam Hedayat EXFO 01824
Phone: +1 978 367 5611
Fax: +1 978 367 5700
EMail: kaynam.hedayat@exfo.com
URI: http://www.exfo.com/
Phone: +1 978 367 5611
Fax: +1 978 367 5700
EMail: kaynam.hedayat@exfo.com
URI: http://www.exfo.com/