Internet Engineering Task Force (IETF) H. Kaplan Request for Comments: 7332 Oracle Category: Standards Track V. Pascual ISSN: 2070-1721 Quobis August 2014
Internet Engineering Task Force (IETF) H. Kaplan Request for Comments: 7332 Oracle Category: Standards Track V. Pascual ISSN: 2070-1721 Quobis August 2014
Loop Detection Mechanisms for Session Initiation Protocol (SIP) Back-to-Back User Agents (B2BUAs)
会话启动协议(SIP)背靠背用户代理(B2BUAs)的循环检测机制
Abstract
摘要
SIP Back-to-Back User Agents (B2BUAs) can cause unending SIP request routing loops because, as User Agent Clients, they can generate SIP requests with new Max-Forwards values. This document discusses the difficulties associated with loop detection for B2BUAs and the requirements for them to prevent infinite loops.
SIP背对背用户代理(B2BUA)可能导致无休止的SIP请求路由循环,因为作为用户代理客户端,它们可以生成具有新的最大转发值的SIP请求。本文档讨论了B2BUAs循环检测的困难以及防止无限循环的要求。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7332.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7332.
Copyright Notice
版权公告
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. B2BUA Loop-Detection Behavior . . . . . . . . . . . . . . . . 3 5. B2BUA Max-Forwards Behavior . . . . . . . . . . . . . . . . . 4 6. B2BUA Max-Breadth Behavior . . . . . . . . . . . . . . . . . 4 7. Security Considerations . . . . . . . . . . . . . . . . . . . 4 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. B2BUA Loop-Detection Behavior . . . . . . . . . . . . . . . . 3 5. B2BUA Max-Forwards Behavior . . . . . . . . . . . . . . . . . 4 6. B2BUA Max-Breadth Behavior . . . . . . . . . . . . . . . . . 4 7. Security Considerations . . . . . . . . . . . . . . . . . . . 4 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
SIP provides a means of preventing infinite request forwarding loops in [RFC3261], and a means of mitigating parallel forking amplification floods in [RFC5393]. Neither document normatively defines specific behavior for B2BUAs, however.
SIP在[RFC3261]中提供了防止无限请求转发循环的方法,在[RFC5393]中提供了缓解并行分叉放大洪水的方法。然而,这两份文件都没有规范性地定义B2BUA的具体行为。
Unbounded SIP request loops have actually occurred in SIP deployments numerous times. The cause of loops is usually misconfiguration, but the reason they have been unbounded/unending is they crossed B2BUAs that reset the Max-Forwards value in the SIP requests they generated on their User Agent Client (UAC) side. Although such behavior is technically legal per [RFC3261] because a B2BUA is a UAC, the resulting unbounded loops have caused service outages and make troubleshooting difficult.
无边界SIP请求循环实际上在SIP部署中出现过很多次。循环的原因通常是配置错误,但它们之所以没有边界/无休止,是因为它们跨越了B2BUA,从而重置了它们在用户代理客户端(UAC)上生成的SIP请求中的最大转发值。尽管根据[RFC3261]这种行为在技术上是合法的,因为B2BUA是UAC,但由此产生的无界循环已导致服务中断,并使故障排除变得困难。
Furthermore, [RFC5393] also provides a mechanism to mitigate the impact of parallel forking amplification issues, through the use of a "Max-Breadth" header field. If a B2BUA does not pass this header field on, parallel forking amplification is not mitigated with the [RFC5393] mechanism.
此外,[RFC5393]还提供了一种机制,通过使用“最大宽度”标题字段来减轻并行分叉放大问题的影响。如果B2BUA未通过此报头字段,则[RFC5393]机制不会缓解并行分叉放大。
This document defines normative requirements for Max-Forwards and Max-Breadth header field behaviors of B2BUAs, in order to mitigate the effect of loops and parallel forking amplification.
本文件定义了B2BUAs最大正向和最大宽度报头字段行为的规范性要求,以减轻环路和并行分叉放大的影响。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14、RFC 2119[RFC2119]中的说明进行解释。
B2BUA terminology and taxonomy used in this document is based on [RFC7092].
本文件中使用的B2BUA术语和分类法基于[RFC7092]。
Within the context of B2BUAs, the scope of the SIP protocol ends at the User Agent Server (UAS) side of the B2BUA, and a new one begins on the UAC side. A B2BUA is thus capable of choosing what it wishes to do on its UAC side independently of its UAS side, and still remains compliant with [RFC3261] and its extensions. For example, any B2BUA type defined in [RFC7092] other than Proxy-B2BUA may create the SIP request on its UAC side without copying any of the Via header field values received on its UAS side. Indeed there are valid reasons for it to do so; however, this prevents the Via-based loop-detection mechanism defined in [RFC3261] and updated by [RFC5393] from detecting SIP request loops any earlier than by reaching a Max-Forwards limit.
在B2BUAs的上下文中,SIP协议的范围在B2BUA的用户代理服务器(UAS)端结束,新的范围从UAC端开始。因此,B2BUA能够独立于其UAS端选择其希望在UAC端执行的操作,并且仍然符合[RFC3261]及其扩展。例如,[RFC7092]中定义的除Proxy-B2BUA之外的任何B2BUA类型都可以在其UAC侧创建SIP请求,而无需复制在其UAS侧接收的任何Via头字段值。事实上,它这样做是有正当理由的;然而,这防止了[RFC3261]中定义并由[RFC5393]更新的基于通孔的环路检测机制在达到最大转发限制之前检测SIP请求环路。
Some attempts have been made by B2BUA vendors to detect request loops in other ways: by keeping track of the number of outstanding dialog-forming requests for a given caller/called URI pair; or by detecting when they receive and send their own media addressing information too many times in certain cases when they are a signaling/media-plane B2BUA; or by encoding a request instance identifier in some field they believe will pass through other nodes, and detecting when they see the same value too many times.
B2BUA供应商曾尝试以其他方式检测请求循环:跟踪给定调用方/被调用URI对的未完成对话请求数量;或者在某些情况下,当它们是信令/媒体平面B2BUA时,通过检测它们何时接收和发送自己的媒体寻址信息过多;或者在他们认为将通过其他节点的某个字段中对请求实例标识符进行编码,并在多次看到相同值时进行检测。
All of these methods are brittle and prone to error, however. They are brittle because it is very hard to accurately define when a value has been seen "too many times". Requests can and do fork before and after B2BUAs process them, and requests legitimately spiral in some cases, leading to incorrect determination of loops. The mechanisms are prone to error because there can be other B2BUAs in the loop's path that interfere with the particular mechanism being used.
然而,所有这些方法都很脆弱,容易出错。它们是脆弱的,因为很难准确地定义何时“多次”看到某个值。请求可以在B2BUAs处理它们之前和之后进行分叉,并且请求在某些情况下合法地螺旋上升,从而导致循环的错误确定。这些机制容易出错,因为循环路径中可能存在其他B2BUA干扰正在使用的特定机制。
Ultimately, the last defense against loops becoming unbounded is to limit how many SIP hops any request can traverse, which is the purpose of the SIP Max-Forwards field value. If B2BUAs were to at least copy and decrement the Max-Forwards header field value from their UAS to the UAC side, loops would not continue indefinitely.
最后,防止循环变得无界的最后一种防御措施是限制任何请求可以穿越的SIP跃点数量,这是SIP Max FORVERDS字段值的目的。如果B2BUA至少从其UAS向UAC端复制并减少最大转发头字段值,循环将不会无限期地继续。
It is RECOMMENDED that B2BUAs implement the loop-detection mechanism for the Via header field, as defined for a proxy in [RFC5393].
建议B2BUAs为Via标头字段实现循环检测机制,如[RFC5393]中为代理定义的那样。
This section applies for dialog-forming and out-of-dialog SIP requests. B2BUAs MAY perform the same actions for in-dialog requests, but doing so may cause issues with devices that set Max-Forwards values based upon the number of received Via or Record-Route headers.
本节适用于对话形成和对话外SIP请求。B2BUAs可能会对对话内请求执行相同的操作,但这样做可能会导致设备出现问题,这些设备会根据接收到的Via或记录路由头数设置最大转发值。
All B2BUA types MUST copy the received Max-Forwards header field from the received SIP request on their UAS side, to any request(s) they generate on their UAC side, and decrement the value, as if they were a proxy following the requirements described in [RFC3261].
所有B2BUA类型必须将接收到的最大转发报头字段从其UAS端的接收到的SIP请求复制到其UAC端生成的任何请求,并递减该值,就像它们是符合[RFC3261]中所述要求的代理一样。
Being a UAS, B2BUAs MUST also check the received Max-Forwards header field and reject or respond to the request if the value is zero, as defined in [RFC3261].
作为UAS,B2BUAs还必须检查接收的最大转发报头字段,如果值为零,则拒绝或响应请求,如[RFC3261]中所定义。
If the received request did not contain a Max-Forwards header field, one MUST be created in any request generated in the UAC side, as described for proxies in Section 16.6, Step 3 of [RFC3261]. As in that specification, the value of the new Max-Forwards header SHOULD be 70.
如果收到的请求不包含Max Forwards标头字段,则必须在UAC端生成的任何请求中创建一个标头字段,如[RFC3261]第16.6节第3步中针对代理所述。在该规范中,新的Max-Forwards报头的值应为70。
All B2BUA types MUST copy the received Max-Breadth header field from the received SIP request on their UAS side, to any request(s) they generate on their UAC side, as if they were a proxy following the requirements described in [RFC5393].
所有B2BUA类型必须将接收到的最大宽度标头字段从其UAS端的接收SIP请求复制到其UAC端生成的任何请求,就像它们是符合[RFC5393]中所述要求的代理一样。
B2BUAs of all types MUST follow the requirements imposed on Proxies as described in Section 5.3.3 of [RFC5393], including generating the header field if none is received, limiting its maximum value, etc.
所有类型的B2BUA必须遵守[RFC5393]第5.3.3节所述的对代理的要求,包括在未收到任何代理时生成标题字段、限制其最大值等。
B2BUAs that generate parallel requests on their UAC side for a single incoming request on the UAS side MUST also follow the rules for Max-Breadth handling in [RFC5393] as if they were a parallel forking proxy.
在UAC端为UAS端的单个传入请求生成并行请求的B2BUA也必须遵循[RFC5393]中的最大宽度处理规则,就像它们是并行分叉代理一样。
The security implications for parallel forking amplification are documented in Section 7 of [RFC5393]. This document does not introduce any additional issues beyond those discussed in [RFC5393].
[RFC5393]第7节记录了平行分叉放大的安全含义。除[RFC5393]中讨论的问题外,本文件不介绍任何其他问题。
Some B2BUAs reset the Max-Forwards and Max-Breadth header field values in order to obfuscate the number of hops a request has already traversed, as a privacy or security concern. Such goals are at odds
出于隐私或安全考虑,一些B2BUA重置最大转发和最大宽度报头字段值,以混淆请求已通过的跃点数。这样的目标是不一致的
with the mechanisms in this document, and administrators can decide which they consider more important: obfuscation vs. loop detection. In order to comply with this RFC, manufacturers MUST comply with the normative rules defined herein by default, but MAY provide user-configurable overrides as they see fit.
通过该文档中的机制,管理员可以决定他们认为更重要的:混淆与循环检测。为了遵守本RFC,制造商必须默认遵守本RFC中定义的规范性规则,但可以根据需要提供用户可配置的覆盖。
Thanks to Brett Tate (Broadsoft), Andrew Hutton (Unify), and Anton Roman (Quobis) for their review of the document.
感谢Brett Tate(Broadsoft)、Andrew Hutton(Unify)和Anton Roman(Quobis)对该文件的审阅。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.
[RFC3261]Rosenberg,J.,Schulzrinne,H.,Camarillo,G.,Johnston,A.,Peterson,J.,Sparks,R.,Handley,M.,和E.Schooler,“SIP:会话启动协议”,RFC 3261,2002年6月。
[RFC5393] Sparks, R., Lawrence, S., Hawrylyshen, A., and B. Campen, "Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies", RFC 5393, December 2008.
[RFC5393]Sparks,R.,Lawrence,S.,Hawrylyshen,A.,和B.Campen,“解决会话启动协议(SIP)分叉代理中的放大漏洞”,RFC 5393,2008年12月。
[RFC7092] Kaplan, H. and V. Pascual, "A Taxonomy of Session Initiation Protocol (SIP) Back-to-Back User Agents", RFC 7092, December 2013.
[RFC7092]Kaplan,H.和V.Pascual,“会话启动协议(SIP)背对背用户代理的分类”,RFC 7092,2013年12月。
Authors' Addresses
作者地址
Hadriel Kaplan Oracle
哈德里尔·卡普兰神谕
EMail: hadrielk@yahoo.com
EMail: hadrielk@yahoo.com
Victor Pascual Quobis
维克多·帕斯夸尔·库比斯
EMail: victor.pascual@quobis.com
EMail: victor.pascual@quobis.com