Internet Draft
Network Working Group Chao-Chun Wang, NEC
Internet Draft
Expiration Date: Aug 1999 Tom Worster, GDC
TCP Encapsulation for GSMP Messages
<draft-wang-gsmp-tcp-encapsulation-00.txt>
Status of this Memo
This document is an Internet-Draft and is in full
conformance with all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet
Engineering Task Force (IETF), its areas, and its working
groups. Note that other groups may also distribute working
documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of
six months and may be updated, replaced, or obsoleted by
other documents at any time. It is inappropriate to use
Internet- Drafts as reference material or to cite them
other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be
accessed at http://www.ietf.org/shadow.html.
Abstract
The GSMP charter calls for a draft to propose how to
encapsulate GSMP messages in IP packet . This memo recommends using TCP as
the transport to carry GSMP message over IP.
Wang et al. Expires Aug 1999 [Page 1]
�
INTERNET DRAFT TCP Encapsulation for GSMP Messages Feb 1999
1. Introduction
The General Switch Management Protocol (GSMP) Version 2
(RFC 2297) [1] is a general-purpose protocol which controls
an ATM switch. GSMP allows a controller to manage the
connection state of a switch. The switch may communicate
with the controller asynchronously to report events. In
GSMP there is a one-to-one relationship between controller
and switch. However, there is no restriction preventing
either a system from being the controller of more than one
switch or a switch from supporting control sessions with
more than one controller.
GSMP V2 specifies the encapsulation of GSMP messages over
an ATM connection between controller and switch as well as
a direct ethernet encapsulation. The current GSMP
applicability draft [2] and the GSMP working group charter
both suggest that GSMP should extended to support non-ATM
label switches and to have the option to control the switch
remotely. In some applications remote control over ATM is
inappropriate so there is a requirement for an option of
encapsulation of GSMP messages over IP.
Since remote switch control over an IP network is
potentially less reliable and more susceptible to security
attack, it is required that the IP encapsulation mechanism
should provide reliability, flow control and security.
Another rule for the selection of an IP encapsulation is
that it should not affect the GSMP protocol and should not
include any extension. Simply put, we should leave the
protocol work to the GSMP protocol draft.
We consider two possible solutions for the IP
encapsulation. One is to use IP stack only and implements
the necessary support in the GSMP applications. Another one
is to use the TCP/IP stack and have the transport protocol
takes care the additional requirements and the application
can be kept as simple as possible.
The first solution which uses RAW IP support requires that
GSMP client and server applications keep track of the
status of the link and the state of each messages exchange.
The benefits of this approach include a thin and efficient
IP layer and less resource is demanded by the protocol
processing. Even though it does not require an extensive
changes to the protocol to provide the necessary support
for the above requirements and does not significantly
affect the switch application design, it does make the
controller application more complex and thus might hinder
the effort of fast deployment of GSMP.
Wang et al. Expires Aug 1999 [Page 2]
�
INTERNET DRAFT TCP Encapsulation for GSMP Messages Feb 1999
The other option is to use TCP which is reliable and will
minimise changes to the controller application. Even though
the protocol stack will consume more resource, the cost of
hardware is diminishing while the cost of software is
increasing. A simple solution for the application is more
attractive.
Based on these arguments, this memo proposes to use TCP
(RFC 793)[3] as its transport protocol to encapsulate GSMP
messages over IP. TCP provides reliable delivery of GSMP
messages with both network and end-system flow control. As
for security and authentication, we propose a two-layer
security mechanism. It is recommended that vendor should
support at least one of them. Both mechanisms are taken
from existing IETF security mechanisms.
This memo does not introduce changes to GSMP messages. The
IP encapsulation only provided as a vehicle for GSMP
messages and any changes or extension of the protocol are
not in the scope of this document.
2. Summary of operation
In GSMP, the controller is the master and switch is the
slave. For TCP encapsulations of GSMP messages, the
controller runs the client code and the switch runs the
server code.
Upon initialization, the server is listening on GSMP's
(proposed) well known port number. The controller
establishes a TCP connection with each switch it manages.
Adjacency protocol messages, which are used to synchronise
the controller and switch and maintain handshakes, are sent
by the controller to the switch after the TCP connection is
established. Regular GSMP messages may be sent only after
the adjacency protocol has achieved synchronization.
3. TCP Encapsulation of GSMP packets
GSMP V2 includes an Ethernet encapsulation for which GSMP
message is encapsulated in the Ethernet frame. A four-byte
"Sender Instance" field and a four-byte "Receiver Instance"
field are appended to the non-adjacency GSMP message to
offer extra level of protection against the corruption of
state. There is an assigned Ethertype for GSMP message
which is 0x880C. It is possible that some users might
choose to implemented a GSMP enabled IP network.
This creates the possibility of two type of network, one is
a "GSMP enabled IP network" and the other is a regular IP
Wang et al. Expires Aug 1999 [Page 3]
�
INTERNET DRAFT TCP Encapsulation for GSMP Messages Feb 1999
network. The Ethertype for GSMP Ethernet encapsulation is
0x880c and Ethertype for IP is 0x0800. A typical
ether_input routine only recognise ETHERTYPE_IP or
ETHERTYPE_ARP and drops the rest ETHERTYPE packets. A GSMP
enabled IP network is a network with protocol stack which
recognises the 0x880c. Whether there is a separate routine
to handle GSMP messages is not our concern. We only state
the possibility. The TCP encapsulation of the GSMP messages
should be able to be transported on either type of network.
In order to assure compatibility with the ethernet
encapsulation, the TCP encapsulation appends two addition
fields, the four-byte "Sender Instance" field and a four-
byte "Receiver Instance" field to all non-adjacency gsmp
messages.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ TCP Header ~
| |
|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ GSMP Message ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender Instance |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Receiver Instance |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
When sending the TCP encapsulated GSMP adjacency messages
via a GSMP enabled IP network, the Ethernet frame should
used the Unicast 48-bit IEEE MAC address of the destination
in the SYN message.
NOTE: Even if this been converted to the Broadcast address,
it should still be possible to deliver the message to the
correct protocol layer based on the destination IP address.
4. Security consideration
To ensure the authenticity and security of GSMP messages
which are transported through an IP network we recommend
use of IETF security measures. We propose a two-layer
securities mechanism standardised by the IETF. The first
layer of security mechanism is applied to network layer
using IP-Sec (RFC 2401) [4]. This option is not described
any further in this memo.
Wang et al. Expires Aug 1999 [Page 4]
�
INTERNET DRAFT TCP Encapsulation for GSMP Messages Feb 1999
The second layer is simpler mechanism which applies to the
transport layer to protect TCP packet from spoofing which
is based on the authentication mechanism used by BGP4 [5].
This option is described further below.
We recommended that at least one of the above measures
should be adopted to protect the GSMP message.
4.1 TCP security extension
RFC 2385 [5] proposes a TCP extension to enhance security
for BGP4 using an MD5 authentication signature. Since the
extension is not limited to BGP we recommend adopting the
same TCP extension to significantly reduce the danger from
certain security attacks such as spoofing. Following is a
brief summary of this extension.
Every segment sent on a TCP connection is protected by a
16-byte MD5 digest which is produced by applying the MD5
algorithm to the field in TCP header in the following
order:
A. the TCP pseudo-header (in the order: source IP
address, destination IP address, zero-padded
protocol number, and segment length),
B. the TCP header, excluding options, and assuming a
checksum of zero,
C. the TCP segment data (if any),
D. an independently-specified key or password, known to
both TCPs and presumably connection-specific.
A key exchange mechanism is opened for further study. We
recommend the mechanism defined in RFC 2409 "The Internet
Key Exchange (IKE)" [6].
The proposed option has the following format:
Wang et al. Expires Aug 1999 [Page 5]
�
INTERNET DRAFT TCP Encapsulation for GSMP Messages Feb 1999
+---------+---------+-------------------+
| Kind=19 |Length=18| MD5 digest... |
+---------+---------+-------------------+
| |
+---------------------------------------+
| |
+---------------------------------------+
| |
+-------------------+-------------------+
| |
+-------------------+
The proposed TCP extension still satisfies the constraint
set to TCP options fields. The most loaded options which
with 4 bytes MSS, 4 bytes window scale, 12 bytes timestamp,
18 bytes for MD5 digest and 2 bytes for end-of-option-list
just make it 40 bytes.
5. The relationship between controllers and switches
GSMP V2 does not explicitly specify the relationship
between the controller and switch and various different
implementations are possible. Some users might, for various
reasons, choose to design a switch which supports multiple
GSMP control sessions. In the future, GSMP may explicitly
specify a many-to many mapping. Therefore, we recommended
that switch's GSMP TCP server must support concurrent
sessions to the same server port number.
6. GSMP message and message header format
The message and message header format are defined in the
GSMP V2 and unaffected by the IP encapsulation.
7. GSMP Adjacency Protocol
We recommended setting MSG_OOB option, which sets TCP URG
bit, when sending the adjacency protocol message. Since no
GSMP message can be accepted before the switch and switch
controller synchronised with each other, the adjacency
protocol message should be processed with highest priority.
8. Conclusion
This memo proposes to use TCP as the transport to carry
GSMP messages over an IP network. This approach puts
minimum burden on the application and has the transport
Wang et al. Expires Aug 1999 [Page 6]
�
INTERNET DRAFT TCP Encapsulation for GSMP Messages Feb 1999
protocol layer takes care the issues of reliability and
flow control required by the GSMP messages. The TCP
extension adopted from RFC 2385 and IPSEC from RFC 2401
provides the authentication and security for the GSMP
messages.
References
[1] Newman, P, Edwards, W., Hinden, R., Hoffman, E., Ching
Liaw, F., Lyon, T. and Minshall, G., "Ipsilon's
General Switch Management Protocol Specification,"
Version 2.0, RFC 2297, Mar 1998.
[2] A. Doria, T. Worster, and K. Sundell, "Applicability
of GSMP as an IETF Protocol," Internet Draft, draft-
doria-gsmp-applicability-00, Oct 1998.
[3] J. Postel, "Transmission Control Protocol," RFC 793,
Sep 1981.
[4] S. Kent and R. Atkinson "Security Architecture for the
Internet Protocol," RFC 2401, November 1998.
[5] A. Heffernan, "Protection of BGP Sessions via the TCP
MD5 Signature Option," RFC 2385, August 1998.
[6] D. Harkins, D. Carrel, "The Internet Key Exchange
(IKE)," RFC 2409, November 1998.
Authors Addresses
Chao-Chun Wang,
NEC C&C Research Labs.
110 Rio Robles Dr., M/S SJ100
San Jose, CA95134
Phone: (408)943-3028
Fax: (408)943-3099
ccwang@ccrl.sj.nec.com
Tom Worster
General DataComm, Inc.
199 W Newton St,
Boston, MA 02116 USA
Phone: +1 617 247 2624
tom.worster@gdc.com
Wang et al. Expires Aug 1999 [Page 7]
�