4.0 Procedures
The IUA layer needs to respond to various primitives it receives from other layers as well as messages it receives from the peer IUA layer. This section describes various procedures involved in response to these events.4.1 Procedures to support service in section 1.4.1
These procedures achieve the IUA layer's "Transport of Q.921/Q.931 boundary" service.4.1.1 Q.921 or Q.931 primitives procedures
On receiving these primitives from the local layer, the IUA layer will send the corresponding QPTM message (Data, Unit Data, Establish, Release) to its peer. While doing so, the IUA layer needs to fill various fields of the common and specific headers correctly. In addition the message needs to be sent on the SCTP stream that corresponds to the D channel (Interface Identifier).4.1.2 QPTM message procedures
On receiving QPTM messages from a peer IUA layer, the IUA layer on an SG or MGC needs to invoke the corresponding layer primitives (DL- ESTABLISH, DL-DATA, DL-UNIT DATA, DL-RELEASE) to the local Q.921 or Q.931 layer.
4.2 Procedures to support service in section 1.4.2
These procedures achieve the IUA layer's "Support for Communication between Layer Managements" service.4.2.1 Layer Management primitives procedures
On receiving these primitives from the local Layer Management, the IUA layer will provide the appropriate response primitive across the internal local Layer Management interface. An M-SCTP ESTABLISH request from Layer Management will initiate the establishment of an SCTP association. An M-SCTP ESTABLISH confirm will be sent to Layer Management when the initiated association set- up is complete. An M-SCTP ESTABLISH indication is sent to Layer Management upon successful completion of an incoming SCTP association set-up from a peer IUA node An M-SCTP RELEASE request from Layer Management will initiate the tear-down of an SCTP association. An M-SCTP RELEASE confirm will be sent by Layer Management when the association teardown is complete. An M-SCTP RELEASE indication is sent to Layer Management upon successful tear-down of an SCTP association initiated by a peer IUA. M-SCTP STATUS request and indication support a Layer Management query of the local status of a particular SCTP association. M-NOTIFY indication and M-ERROR indication indicate to Layer Management the notification or error information contained in a received IUA Notify or Error message respectively. These indications can also be generated based on local IUA events. M-ASP STATUS request/indication and M-AS-STATUS request/indication support a Layer Management query of the local status of a particular ASP or AS. No IUA peer protocol is invoked. M-ASP-UP request, M-ASP-DOWN request, M-ASP-INACTIVE request and M- ASP-ACTIVE request allow Layer Management at an ASP to initiate state changes. These requests result in outgoing IUA ASP UP, ASP DOWN, ASP INACTIVE and ASP ACTIVE messages. M-ASP-UP confirmation, M-ASP-DOWN confirmation, M-ASP-INACTIVE confirmation and M-ASP-ACTIVE confirmation indicate to Layer Management that the previous request has been confirmed.
Upon receipt of a M-TEI Status primitive from Layer Management, the IUA will send the corresponding MGMT message (TEI Status) to its peer. While doing so, the IUA layer needs to fill various fields of the common and specific headers correctly. All MGMT messages are sent on a sequenced stream to ensure ordering. SCTP stream '0' SHOULD be used.4.2.2 Receipt of IUA Peer Management messages
Upon receipt of IUA Management messages, the IUA layer MUST invoke the corresponding Layer Management primitive indications (e.g., M-AS Status ind., M-ASP Status ind., M-ERROR ind., M-TEI STATUS...) to the local layer management. M-NOTIFY indication and M-ERROR indication indicate to Layer Management the notification or error information contained in a received IUA Notify or Error message. These indications can also be generated based on local IUA events. All MGMT messages are sent on a sequenced stream to ensure ordering. SCTP stream '0' SHOULD be used.4.3 Procedures to support service in section 1.4.3
These procedures achieve the IUA layer's "Support for management of active associations between SG and MGC" service.4.3.1 AS and ASP State Maintenance
The IUA layer on the SG needs to maintain the states of each ASP as well as the state of the AS.4.3.1.1 ASP States
The state of the each ASP, in each AS that it is configured, is maintained in the IUA layer on the SG. The state of an ASP changes due to the following type of events: * Reception of messages from peer IUA layer at that ASP * Reception of some messages from the peer IUA layer at other ASPs in the AS * Reception of indications from SCTP layer The ASP state transition diagram is shown in Figure 7. The possible states of an ASP are the following:
ASP-DOWN: Application Server Process is unavailable and/or the related SCTP association is down. Initially, all ASPs will be in this state. An ASP in this state SHOULD NOT be sent any IUA messages. ASP-INACTIVE: The remote IUA peer at the ASP is available (and the related SCTP association is up) but application traffic is stopped. In this state the ASP can be sent any non-QPTM IUA messages (except for TEI Status messages). ASP-ACTIVE: The remote IUA peer at the ASP is available and application traffic is active. Figure 7 ASP State Transition Diagram +-------------+ +----------------------| | | Alternate +-------| ASP-ACTIVE | | ASP | +-------------+ | Takeover | ^ | | | ASP | | ASP | | Active | | Inactive | | | v | | +-------------+ | | | | | +------>| ASP-INACT | | +-------------+ | ^ | ASP Down/ | ASP | | ASP Down / SCTP CDI | Up | | SCTP CDI | | v | +-------------+ +--------------------->| | | ASP-DOWN | +-------------+ SCTP CDI: The local SCTP layer's Communication Down Indication to the Upper Layer Protocol (IUA) on an SG. The local SCTP will send this indication when it detects the loss of connectivity to the ASP's peer SCTP layer. SCTP CDI is understood as either a SHUTDOWN COMPLETE notification and COMMUNICATION LOST notification from the SCTP.4.3.1.2 AS States
The state of the AS is maintained in the IUA layer on the SG. The state of an AS changes due to events. These events include the following:
* ASP state transitions * Recovery timer triggers The possible states of an AS are the following: AS-DOWN: The Application Server is unavailable. This state implies that all related ASPs are in the ASP-DOWN state for this AS. Initially the AS will be in this state. AS-INACTIVE: The Application Server is available but no application traffic is active (i.e., one or more related ASPs are in the ASP- INACTIVE state, but none in the ASP-ACTIVE state). The recovery timer T(r) is not running or has expired. AS-ACTIVE: The Application Server is available and application traffic is active. This state implies that at least one ASP is in the ASP-ACTIVE state. AS-PENDING: An active ASP has transitioned from active to inactive or down and it was the last remaining active ASP in the AS. A recovery timer T(r) will be started and all incoming SCN messages will be queued by the SG. If an ASP becomes active before T(r) expires, the AS will move to AS-ACTIVE state and all the queued messages will be sent to the active ASP. If T(r) expires before an ASP becomes active, the SG stops queuing messages and discards all previously queued messages. The AS will move to AS-INACTIVE if at least one ASP is in ASP-INACTIVE state, otherwise it will move to AS-DOWN state.
Figure 8 AS State Transition Diagram +----------+ one ASP trans ACTIVE +-------------+ | |------------------------>| | | AS-INACT | | AS-ACTIVE | | | | | | |< | | +----------+ \ +-------------+ ^ | \ Tr Trigger ^ | | | \ at least one | | | | \ ASP in UP | | | | \ | | | | \ | | | | \ | | one ASP | | \ one ASP | | Last ACTIVE ASP trans | | all ASP \------\ trans to | | trans to INACT to | | trans to \ ACTIVE | | or DOWN INACT | | DOWN \ | | (start Tr timer) | | \ | | | | \ | | | | \ | | | v \ | v +----------+ \ +-------------+ | | -| | | AS-DOWN | | AS-PENDING | | | | (queueing) | | |<------------------------| | +----------+ Tr Expiry and no +-------------+ ASP in INACTIVE state Tr = Recovery Timer4.3.2 ASPM procedures for primitives
Before the establishment of an SCTP association the ASP state at both the SG and ASP is assumed to be "Down". As the ASP is responsible for initiating the setup of an SCTP association to an SG, the IUA layer at an ASP receives an M-SCTP ESTABLISH request primitive from the Layer Management, the IUA layer will try to establish an SCTP association with the remote IUA peer at an SG. Upon reception of an eventual SCTP-Communication Up confirm primitive from the SCTP, the IUA layer will invoke the primitive M- SCTP ESTABLISH confirm to the Layer Management. At the SG, the IUA layer will receive an SCTP Communication Up indication primitive from the SCTP. The IUA layer will then invoke the primitive M-SCTP ESTABLISH indication to the Layer Management.
Once the SCTP association is established and assuming that the local IUA-User is ready, the local ASP IUA Application Server Process Maintenance (ASPM) function will initiate the ASPM procedures, using the ASP Up/-Down/-Active/-Inactive messages to convey the ASP state to the SG - see Section 4.3.3. The Layer Management and the IUA layer on SG can communicate the status of the application server using the M-AS STATUS primitives. The Layer Management and the IUA layer on both the SG and ASP can communicate the status of an SCTP association using the M-SCTP STATUS primitives. If the Layer Management on SG or ASP wants to bring down an SCTP association for management reasons, they would send M-SCTP RELEASE request primitive to the local IUA layer. The IUA layer would release the SCTP association and upon receiving the SCTP Communication Down indication from the underlying SCTP layer, it would inform the local Layer Management using M-SCTP RELEASE confirm primitive. If the IUA layer receives an SCTP-Communication Down indication from the underlying SCTP layer, it will inform the Layer Management by invoking the M-SCTP RELEASE indication primitive. The state of the ASP will be moved to "Down" at both the SG and ASP. At an ASP, the Layer Management MAY try to reestablish the SCTP association using M-SCTP ESTABLISH request primitive.4.3.3 ASPM procedures for peer-to-peer messages
All ASPM messages are sent on a sequenced stream to ensure ordering. SCTP stream '0' SHOULD be used.4.3.3.1 ASP Up
After an ASP has successfully established an SCTP association to an SG, the SG waits for the ASP to send an ASP Up message, indicating that the ASP IUA peer is available. The ASP is always the initiator of the ASP Up exchange. When an ASP Up message is received at an SG and internally the remote ASP is not considered locked-out for local management reasons, the SG marks the remote ASP as "Inactive". The SG responds with an ASP Up Ack message in acknowledgement. The SG sends an ASP-Up Ack message in response to a received ASP Up message even if the ASP is already marked as "Inactive" at the SG.
If for any local reason the SG cannot respond with an ASP Up, the SG responds to a ASP Up with a with an ASP-Down Ack message with Reason "Management Blocking". At the ASP, the ASP Up Ack message received from the SG is not acknowledged by the ASP. If the ASP does not receive a response from the SG, or an ASP Down Ack is received, the ASP MAY resend ASP Up messages every 2 seconds until it receives a ASP Up Ack message from the SG. The ASP MAY decide to reduce the frequency (say to every 5 seconds) if an ASP Up Ack is not received after a few tries. The ASP MUST wait for the ASP Up Ack message from the SG before sending any ASP traffic control messages (ASPAC or ASPIA) or Data messages or it will risk message loss. If the SG receives QPTM, ASP Active or ASP Inactive messages before an ASP Up is received, the SG SHOULD discard these messages.4.3.3.2 ASP Down
The ASP will send an ASP Down to an SG when the ASP is to be removed from the list of ASPs in all Application Servers that it is a member and no longer receive any IUA traffic or management messages. Whether the ASP is permanently removed from an AS is a function of configuration management. The SG marks the ASP as "Down" and returns an ASP Down Ack message to the ASP if one of the following events occur: - to acknowledge an ASP Down message from an ASP, - to reply to ASPM messages from an ASP which is locked out for management reasons. The SG sends an ASP Down Ack message in response to a received ASP Down message from the ASP even if the ASP is already marked as "Down" at the SG. If the ASP does not receive a response from the SG, the ASP MAY send ASP Down messages every 2 seconds until it receives an ASP Down Ack message from the SG or the SCTP association goes down. The ASP MAY decide to reduce the frequency (say to every 5 seconds) if an ASP Down Ack is not received after a few tries.4.3.3.3 IUA Version Control
If a ASP Up message with an unsupported version is received, the receiving end responds with an Error message, indicating the version the receiving node supports and notifies Layer Management.
This is useful when protocol version upgrades are being performed in a network. A node upgraded to a newer version SHOULD support the older versions used on other nodes it is communicating with. Because ASPs initiate the ASP Up procedure it is assumed that the Error message would normally come from the SG.4.3.3.4 ASP Active
Any time after the ASP has received a ASP Up Ack from the SG, the ASP sends an ASP-Active (ASPAC) to the SG indicating that the ASP is ready to start processing traffic. In the case where an ASP is configured/registered to process the traffic for more than one Application Server across an SCTP association, the ASPAC contains one or more Interface Identifiers to indicate for which Application Servers the ASPAC applies. When an ASP Active (ASPAC) message is received, the SG responds to the ASP with a ASPAC Ack message acknowledging that the ASPAC was received and starts sending traffic for the associated Application Server(s) to that ASP. The ASP MUST wait for the ASP-Active Ack message from the SG before sending any Data messages or it will risk message loss. If the SG receives QPTM messages before an ASP Active is received, the SG SHOULD discard these messages. There are two modes of Application Server traffic handling in the SG IUA - Over-ride and Load-sharing. The Type parameter in the ASPAC message indicates the mode used in a particular Application Server. If the SG determines that the mode indicates in an ASPAC is incompatible with the traffic handling mode currently used in the AS, the SG responds with an Error message indicating Unsupported Traffic Handling Mode. In the case of an Over-ride mode AS, reception of an ASPAC message at an SG causes the redirection of all traffic for the AS to the ASP that sent the ASPAC. The SG responds to the ASPAC with an ASP-Active Ack message to the ASP. Any previously active ASP in the AS is now considered Inactive and will no longer receive traffic from the SG within the AS. The SG sends a Notify (Alternate ASP-Active) to the previously active ASP in the AS, after stopping all traffic to that ASP. In the case of a load-share mode AS, reception of an ASPAC message at an SG causes the direction of traffic to the ASP sending the ASPAC, in addition to all the other ASPs that are currently active in the AS. The algorithm at the SG for load-sharing traffic within an AS to all the active ASPs is implementation dependent. The algorithm
could, for example be round-robin or based on information in the Data message, such as Interface Identifier, depending on the requirements of the application and the call state handling assumptions of the collection of ASPs in the AS. The SG responds to the ASPAC with a ASP-Active Ack message to the ASP.4.3.3.5 ASP Inactive
When an ASP wishes to withdraw from receiving traffic within an AS, the ASP sends an ASP Inactive (ASPIA) to the SG. In the case where an ASP is configured/registered to process the traffic for more than one Application Server across an SCTP association, the ASPIA contains one or more Interface Identifiers to indicate for which Application Servers the ASPIA applies. There are two modes of Application Server traffic handling in the SG IUA when withdrawing an ASP from service - Over-ride and Load- sharing. The Type parameter in the ASPIA message indicates the mode used in a particular Application Server. If the SG determines that the mode indicates in an ASPAC is incompatible with the traffic handling mode currently used in the AS, the SG responds with an Error message indicating Unsupported Traffic Handling Mode. In the case of an Over-ride mode AS, where normally another ASP has already taken over the traffic within the AS with an Over-ride ASPAC, the ASP which sends the ASPIA is already considered by the SG to be "Inactive". An ASPIA Ack message is sent to the ASP, after ensuring that all traffic is stopped to the ASP. In the case of a Load-share mode AS, the SG moves the ASP to the "Inactive" state and the AS traffic is re-allocated across the remaining "active" ASPs per the load-sharing algorithm currently used within the AS. An ASPIA Ack message is sent to the ASP after all traffic is halted to the ASP. A NTFY (Insufficient ASPs) MAY be sent to all inactive ASPs, if required. If no other ASPs are Active in the Application Server, the SG sends a NTFY (AS-Pending) to all inactive ASPs of the AS and either discards all incoming messages for the AS or starts buffering the incoming messages for T(r)seconds, after which messages will be discarded. T(r) is configurable by the network operator. If the SG receives an ASPAC from an ASP in the AS before expiry of T(r), the buffered traffic is directed to the ASP and the timer is cancelled. If T(r) expires, the AS is moved to the "Inactive" state.
4.3.3.6 Notify
A Notify message reflecting a change in the AS state is sent to all ASPs in the AS, except those in the "Down" state, with appropriate Status Identification. In the case where a Notify (AS-Pending) message is sent by an SG that now has no ASPs active to service the traffic, or a NTFY (Insufficient ASPs) is sent in the Load-share mode, the Notify does not explicitly force the ASP(s) receiving the message to become active. The ASPs remain in control of what (and when) action is taken.4.3.3.7 Heartbeat
The optional Heartbeat procedures MAY be used when operating over transport layers that do not have their own heartbeat mechanism for detecting loss of the transport association (i.e., other than the SCTP). After receiving an ASP Up Ack message from the SG in response to an ASP Up message, the ASP MAY optionally send Beat messages periodically, subject to a provisionable timer T(beat). The SG IUA, upon receiving a BEAT message from the ASP, responds with a BEAT ACK message. If no BEAT message (or any other IUA message) is received from the SG within the timer 2*T(beat), the SG will consider the remote IUA as "Down". The SG will also send an ASP Down Ack message to the ASP. At the ASP, if no BEAT ACK message (or any other IUA message) is received from the SG within 2*T(beat), the SG is considered unavailable. Transmission of BEAT messages is stopped and ASP Up procedures are used to re-establish communication with the SG IUA peer. The BEAT message MAY optionally contain an opaque Heartbeat Data parameter that MUST be echoed back unchanged in the related Beat Ack message. The ASP upon examining the contents of the returned BEAT Ack message MAY choose to consider the remote ASP as unavailable. The contents/format of the Heartbeat Data parameter is implementation-dependent and only of local interest to the original sender. The contents MAY be used, for example, to support a Heartbeat sequence algorithm (to detect missing Heartbeats), and/or a timestamp mechanism (to evaluate delays). Note: Heartbeat related events are not shown in Figure 4 "ASP state transition diagram".
5.0 Examples
5.1 Establishment of Association and Traffic between SGs and ASPs
5.1.1 Single ASP in an Application Server (1+0 sparing)
This scenario shows the example IUA message flows for the establishment of traffic between an SG and an ASP, where only one ASP is configured within an AS (no backup). It is assumed that the SCTP association is already set-up. SG ASP1 | |<---------ASP Up----------| |--------ASP Up Ack------->| | | |<-------ASP Active--------| |------ASP Active Ack----->| | |5.1.2 Two ASPs in Application Server (1+1 sparing)
This scenario shows the example IUA message flows for the establishment of traffic between an SG and two ASPs in the same Application Server, where ASP1 is configured to be Active and ASP2 a standby in the event of communication failure or the withdrawal from service of ASP1. ASP2 MAY act as a hot, warm, or cold standby depending on the extent to which ASP1 and ASP2 share call state or can communicate call state under failure/withdrawal events. The example message flow is the same whether the ASP-Active messages are Over-ride or Load-share mode although typically this example would use an Over-ride mode. SG ASP1 ASP2 | | | |<--------ASP Up----------| | |-------ASP Up Ack------->| | | | | |<-----------------------------ASP Up----------------| |----------------------------ASP Up Ack------------->| | | | | | | |<-------ASP Active-------| | |-----ASP Active Ack----->| | | | |
5.1.3 Two ASPs in an Application Server (1+1 sparing, load-sharing case)
This scenario shows a similar case to Section 5.1.2 but where the two ASPs are brought to active and load-share the traffic load. In this case, one ASP is sufficient to handle the total traffic load. SG ASP1 ASP2 | | | |<---------ASP Up---------| | |--------ASP Up Ack------>| | | | | |<------------------------------ASP Up---------------| |-----------------------------ASP Up Ack------------>| | | | | | | |<--ASP Active (Ldshr)----| | |----ASP Active Ack------>| | | | | |<----------------------------ASP Active (Ldshr)-----| |-----------------------------ASP Active Ack-------->| | | |5.1.4 Three ASPs in an Application Server (n+k sparing, load-sharing case)
This scenario shows the example IUA message flows for the establishment of traffic between an SG and three ASPs in the same Application Server, where two of the ASPs are brought to active and share the load. In this case, a minimum of two ASPs are required to handle the total traffic load (2+1 sparing).
SG ASP1 ASP2 ASP3 | | | | |<------ASP Up-------| | | |-----ASP Up Ack---->| | | | | | | |<--------------------------ASP Up-------| | |------------------------ASPUp Ack)----->| | | | | | |<---------------------------------------------ASP Up--------| |--------------------------------------------ASP Up Ack----->| | | | | | | | | |<-ASP Act (Ldshr)---| | | |----ASP Act Ack---->| | | | | | | |<---------------------ASP Act (Ldshr)---| | |----------------------ASP Act Ack------>| | | | | |5.2 ASP Traffic Fail-over Examples
5.2.1 (1+1 Sparing, withdrawal of ASP, Back-up Over-ride)
The following example shows a case in which an ASP withdraws from service: SG ASP1 ASP2 | | | |<-----ASP Inactive-------| | |----ASP Inactive Ack---->| | |-------------------NTFY(AS-Pending) --------------->| | | | |<------------------------------ ASP Active----------| |-----------------------------ASP Active Ack)------->| | | In this case, the SG notifies ASP2 that the AS has moved to the Down state. The SG could have also (optionally) sent a Notify message when the AS moved to the Pending state. Note: If the SG detects loss of the IUA peer (IUA heartbeat loss or detection of SCTP failure), the initial SG-ASP1 ASP Inactive message exchange would not occur.5.2.2 (1+1 Sparing, Back-up Over-ride)
The following example shows a case in which ASP2 wishes to over-ride ASP1 and take over the traffic:
SG ASP1 ASP2 | | | |<-------------------------------ASP Active----------| |-----------------------------ASP Active Ack-------->| |----NTFY( Alt ASP-Act)-->| | | | In this case, the SG notifies ASP1 that an alternative ASP has overridden it.5.2.3 (n+k Sparing, Load-sharing case, withdrawal of ASP)
Following on from the example in Section 5.1.4, and ASP1 withdraws from service SG ASP1 ASP2 ASP3 | | | | |<----ASP Inact------| | | |---ASP Inact Ack--->| | | | | | | |---------------------------------NTFY(Ins. ASPs)----------->| | | | | |<-----------------------------------------ASP Act (Ldshr)---| |-------------------------------------------ASP Act (Ack)--->| | | | | In this case, the SG has knowledge of the minimum ASP resources required (implementation dependent) for example if the SG knows that n+k = 2+1 for a load-share AS and n currently equals 1. Note: If the SG detects loss of the ASP1 IUA peer (IUA heartbeat loss or detection of SCTP failure), the first SG-ASP1 ASP Inactive message exchange would not occur.5.3 Q.921/Q.931 primitives backhaul Examples
When the IUA layer on the ASP has a QPTM message to send to the SG, it will do the following: - Determine the correct SG - Find the SCTP association to the chosen SG - Determine the correct stream in the SCTP association based on the D channel - Fill in the QPTM message, fill in IUA Message Header, fill in Common Header
- Send the QPTM message to the remote IUA peer in the SG, over the SCTP association When the IUA layer on the SG has a QPTM message to send to the ASP, it will do the following: - Determine the AS for the Interface Identifier - Determine the Active ASP (SCTP association) within the AS - Determine the correct stream in the SCTP association based on the D channel - Fill in the QPTM message, fill in IUA Message Header, fill in Common Header - Send the QPTM message to the remote IUA peer in the ASP, over the SCTP association An example of the message flows for establishing a data link on a signaling channel, passing PDUs and releasing a data link on a signaling channel is shown below. An active association between MGC and SG is established (Section 5.1) prior to the following message flows. SG ASP <----------- Establish Request Establish Confirm ----------> <----------- Data Request Data Indication -----------> <----------- Data Request Data Indication -----------> <----------- Data Request <----------- Data Request Data Indication -----------> <----------- Release Request (RELEASE_MGMT) Release Confirm ----------> An example of the message flows for a failed attempt to establish a data link on the signaling channel is shown below. In this case, the gateway has a problem with its physical connection (e.g., Red Alarm), so it cannot establish a data link on the signaling channel.
SG ASP <----------- Establish Request (ESTABLISH_START) Release Indication ----------> (RELEASE_PHYS)5.4 Layer Management Communication Examples
An example of the message flows for communication between Layer Management modules between SG and ASP is shown below. An active association between ASP and SG is established (Section 5.1) prior to the following message flows. SG ASP <----------- Data Request Error Indication ----------> (INVALID_TEI) <----------- TEI Status Request TEI Status Confirm ----------> (Unassigned)6.0 Security
IUA is designed to carry signaling messages for telephony services. As such, IUA MUST involve the security needs of several parties the end users of the services; the network providers and the applications involved. Additional requirements MAY come from local regulation. While having some overlapping security needs, any security solution SHOULD fulfill all of the different parties' needs.6.1 Threats
There is no quick fix, one-size-fits-all solution for security. As a transport protocol, IUA has the following security objectives: * Availability of reliable and timely user data transport. * Integrity of user data transport. * Confidentiality of user data. IUA runs on top of SCTP. SCTP [3] provides certain transport related security features, such as * Blind Denial of Service Attacks * Flooding * Masquerade * Improper Monopolization of Services
When IUA is running in professionally managed corporate or service provider network, it is reasonable to expect that this network includes an appropriate security policy framework. The "Site Security Handbook" [5] SHOULD be consulted for guidance. When the network in which IUA runs in involves more than one party, it MAY NOT be reasonable to expect that all parties have implemented security in a sufficient manner. In such a case, it is recommended that IPSEC is used to ensure confidentiality of user payload. Consult [6] for more information on configuring IPSEC services.6.2 Protecting Confidentiality
Particularly for mobile users, the requirement for confidentiality MAY include the masking of IP addresses and ports. In this case application level encryption is not sufficient; IPSEC ESP SHOULD be used instead. Regardless of which level performs the encryption, the IPSEC ISAKMP service SHOULD be used for key management.7.0 IANA Considerations
7.1 SCTP Payload Protocol Identifier
A request will be made to IANA to assign an IUA value for the Payload Protocol Identifier in SCTP Payload Data chunk. The following SCTP Payload Protocol Identifier will be registered: IUA "1" The SCTP Payload Protocol Identifier is included in each SCTP Data chunk, to indicate which protocol the SCTP is carrying. This Payload Protocol Identifier is not directly used by SCTP but MAY be used by certain network entities to identify the type of information being carried in a Data chunk. The User Adaptation peer MAY use the Payload Protocol Identifier as a way of determining additional information about the data being presented to it by SCTP.7.2 IUA Protocol Extensions
This protocol may also be extended through IANA in three ways: -- through definition of additional message classes, -- through definition of additional message types, and -- through definition of additional message parameters.
The definition and use of new message classes, types and parameters is an integral part of SIGTRAN adaptation layers. Thus, these extensions are assigned by IANA through an IETF Consensus action as defined in [RFC2434]. The proposed extension must in no way adversely affect the general working of the protocol.7.2.1 IETF Defined Message Classes
The documentation for a new message class MUST include the following information: (a) A long and short name for the message class. (b) A detailed description of the purpose of the message class.7.2.2 IETF Defined Message Types
Documentation of the message type MUST contain the following information: (a) A long and short name for the new message type. (b) A detailed description of the structure of the message. (c) A detailed definition and description of intended use of each field within the message. ti3 (d) A detailed procedural description of the use of the new message type within the operation of the protocol. (e) A detailed description of error conditions when receiving this message type. When an implementation receives a message type which it does not support, it MUST respond with an Error (ERR) message with an Error Code of Unsupported Message Type.7.2.3 IETF-defined TLV Parameter Extension
Documentation of the message parameter MUST contain the following information: (a) Name of the parameter type. (b) Detailed description of the structure of the parameter field. This structure MUST conform to the general type-length-value format described in Section 3.1.5. (c) Detailed definition of each component of the parameter value. (d) Detailed description of the intended use of this parameter type, and an indication of whether and under what circumstances multiple instances of this parameter type may be found within the same message type.
8.0 Acknowledgements
The authors would like to thank Alex Audu, Maria Sonia Vazquez Arevalillo, Ming-te Chao, Keith Drage, Norm Glaude, Nikhil Jain, Bernard Kuc, Ming Lin, Stephen Lorusso, John Loughney, Barry Nagelberg, Neil Olson, Lyndon Ong, Heinz Prantner, Jose Luis Jimenez Ramirez, Ian Rytina, Michael Tuexen and Hank Wang for their valuable comments and suggestions.9.0 References
[1] ITU-T Recommendation Q.920, 'Digital Subscriber signaling System No. 1 (DSS1) - ISDN User-Network Interface Data Link Layer - General Aspects' [2] T1S1.7/99-220 Contribution, 'Back-hauling of DSS1 protocol in a Voice over Packet Network' [3] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M., Zhang, L. and V. Paxson, "Stream Control Transmission Protocol", RFC 2960, October 2000. [4] Ong, L., Rytina, I., Garcia, M., Schwarzbauer, H., Coene, L., Lin, H., Juhasz, I., Holdrege, M., and C. Sharp, "Architectural Framework for Signaling Transport", RFC 2719, October 1999. [5] Fraser, B., "Site Security Handbook", FYI 8, RFC 2196, September 1997. [6] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998. [7] Bradner, s., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [8] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
10.0 Authors' Addresses
Ken Morneault Cisco Systems Inc. 13615 Dulles Technology Drive Herndon, VA. 20171 USA Phone: +1-703-484-3323 EMail: kmorneau@cisco.com Malleswar Kalla Telcordia Technologies PYA 2J-341 3 Corporate Place Piscataway, NJ 08854 USA Phone: +1-732-699-3728 EMail: mkalla@telcordia.com Selvam Rengasami Telcordia Technologies NVC-2Z439 331 Newman Springs Road Red Bank, NJ 07701 USA Phone: +1-732-758-5260 EMail: srengasa@telcordia.com Greg Sidebottom Nortel Networks 3685 Richmond Road Nepean, Ontario Canada K2H5B7 Phone: +1-613-763-7305 EMail: gregside@nortelnetworks.com
11. Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.