Authors :A. Mortensen,Tirumaleswar Reddy,R. Moskowitz,May 2019
Title :DDoS Open Threat Signaling (DOTS) Requirements
Abstract :
This document defines the requirements for the Distributed Denial-of-Service (DDoS) Open Threat Signaling (DOTS) protocols enabling
coordinated response to DDoS attacks.
Authors :P. Martinsen,Tirumaleswar Reddy,P.Patil,July 2018
Title :Guidelines for Multihomed and IPv4/IPv6 Dual-Stack
Interactive Connectivity Establishment (ICE)
Abstract :This document provides guidelines on how to make Interactive
Connectivity Establishment (ICE) conclude faster in multihomed and
IPv4/IPv6 dual-stack scenarios where broken paths exist. The
provided guidelines are backward compatible with the original ICE
specification (see RFC 5245).
Authors :D.King,Dhruv Dhody,A.Farrel ,March 2018
Title :Experimental Codepoint Allocation for the Path Computation Element Communication Protocol (PCEP)
Abstract :IANA assigns values to the Path Computation Element Communication
Protocol (PCEP) parameters (messages, objects, TLVs). IANA
established a top-level registry to contain all PCEP codepoints and
sub-registries. This top-level registry contains sub-registries for
PCEP message, object, and TLV types. The allocation policy for each
of these sub-registries is IETF Review.
This document updates RFC 5440 by changing the allocation policies
for these three registries to mark some of the codepoints as assigned
for Experimental Use.
Authors : S. Dickinson,D. Gillmor,Tirumaleswar Reddy, March 2018
Title :Usage Profiles for DNS over TLS and DNS over DTLS
Abstract :This document discusses usage profiles, based on one or more
authentication mechanisms, which can be used for DNS over Transport
Layer Security (TLS) or Datagram TLS (DTLS). These profiles can
increase the privacy of DNS transactions compared to using only
cleartext DNS. This document also specifies new authentication
mechanisms -- it describes several ways that a DNS client can use an
authentication domain name to authenticate a (D)TLS connection to a
DNS server. Additionally, it defines (D)TLS protocol profiles for
DNS clients and servers implementing DNS over (D)TLS. This document
updates RFC 7858.
Authors :Q. Zhao,Dhruv Dhody, Ramanjaneya Reddy Palleti ,D.king,November 2017
Title :Extensions to the Path Computation Element Communication Protocol (PCEP) for Point-to-Multipoint Traffic Engineering Label Switched Paths
Abstract :Point-to-point Multiprotocol Label Switching (MPLS) and Generalized
MPLS (GMPLS) Traffic Engineering Label Switched Paths (TE LSPs) may
be established using signaling techniques, but their paths may first
need to be determined. The Path Computation Element (PCE) has been
identified as an appropriate technology for the determination of the
paths of point-to-multipoint (P2MP) TE LSPs.
This document describes extensions to the PCE Communication Protocol
(PCEP) to handle requests and responses for the computation of paths
for P2MP TE LSPs.
This document obsoletes RFC 6006.
Authors : M. Taillon,T. Saad,R. Gandhi,Z. Ali,Manav Bhatia, Oct 2017
Title :Updates to the Resource Reservation Protocol for Fast Reroute of Traffic Engineering GMPLS Label Switched Paths (LSPs)
Abstract :This document updates the Resource Reservation Protocol - Traffic
Engineering (RSVP-TE) Fast Reroute (FRR) procedures defined in RFC
4090 to support Packet Switch Capable (PSC) Generalized Multiprotocol
Label Switching (GMPLS) Label Switched Paths (LSPs). These updates
allow the coordination of a bidirectional bypass tunnel assignment
protecting a common facility in both forward and reverse directions
of a co-routed bidirectional LSP. In addition, these updates enable
the redirection of bidirectional traffic onto bypass tunnels that
ensure the co-routing of data paths in the forward and reverse
directions after FRR and avoid RSVP soft-state timeout in the control
plane.
Authors :D. Lopez,O. Gonzalez de Dios,Q. Wu,Dhruv Dhody, Oct 2017
Title :PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)
Abstract :The Path Computation Element Communication Protocol (PCEP) defines
the mechanisms for the communication between a Path Computation
Client (PCC) and a Path Computation Element (PCE), or among PCEs.
This document describes PCEPS -- the usage of Transport Layer
Security (TLS) to provide a secure transport for PCEP. The
additional security mechanisms are provided by the transport protocol
supporting PCEP; therefore, they do not affect the flexibility and
extensibility of PCEP.
This document updates RFC 5440 in regards to the PCEP initialization
phase procedures.
Authors :Dhruv Dhody,Q. Wu,V. Manral,Z. Ali,K. Kumaki,Sept 2017
Title :Extensions to the Path Computation Element Communication Protocol (PCEP) to Compute Service-Aware Label Switched Paths (LSPs)
Abstract :In certain networks, such as, but not limited to, financial
information networks (e.g., stock market data providers), network
performance criteria (e.g., latency) are becoming as critical to data
path selection as other metrics and constraints. These metrics are
associated with the Service Level Agreement (SLA) between customers
and service providers. The link bandwidth utilization (the total
bandwidth of a link in actual use for the forwarding) is another
important factor to consider during path computation.
IGP Traffic Engineering (TE) Metric Extensions describe mechanisms
with which network performance information is distributed via OSPF
and IS-IS, respectively. The Path Computation Element Communication
Protocol (PCEP) provides mechanisms for Path Computation Elements
(PCEs) to perform path computations in response to Path Computation
Client (PCC) requests. This document describes the extension to PCEP
to carry latency, delay variation, packet loss, and link bandwidth
utilization as constraints for end-to-end path computation.
Authors :E. Crabbe,I. Minei, J. Medved,R. Varga,X. Zhang,Dhruv Dhody, Sept 2017
Title :Optimizations of Label Switched Path State Synchronization Procedures for a Stateful PCE
Abstract :A stateful Path Computation Element (PCE) has access to not only the
information disseminated by the network's Interior Gateway Protocol
(IGP) but also the set of active paths and their reserved resources
for its computation. The additional Label Switched Path (LSP) state
information allows the PCE to compute constrained paths while
considering individual LSPs and their interactions. This requires a
State Synchronization mechanism between the PCE and the network, the
PCE and Path Computation Clients (PCCs), and cooperating PCEs. The
basic mechanism for State Synchronization is part of the stateful PCE
specification. This document presents motivations for optimizations
to the base State Synchronization procedure and specifies the
required Path Computation Element Communication Protocol (PCEP)
extensions.
Authors :T. Pauly, S. Touati,Ravi Mantha, Aug 2017
Title :TCP Encapsulation of IKE and IPsec Packets
Abstract :This document describes a method to transport Internet Key Exchange
Protocol (IKE) and IPsec packets over a TCP connection for traversing
network middleboxes that may block IKE negotiation over UDP. This
method, referred to as "TCP encapsulation", involves sending both IKE
packets for Security Association establishment and Encapsulating
Security Payload (ESP) packets over a TCP connection. This method is
intended to be used as a fallback option when IKE cannot be
negotiated over UDP.
Authors :B. Volz,Yogendra Pal, Aug 2017
Title :Security of Messages Exchanged between Servers and Relay Agents
Abstract :The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) has no
guidance for how to secure messages exchanged between servers and
relay agents. The Dynamic Host Configuration Protocol for IPv6
(DHCPv6) states that IPsec should be used to secure messages
exchanged between servers and relay agents but does not require
encryption. With recent concerns about pervasive monitoring and
other attacks, it is appropriate to require securing relay-to-relay
and relay-to-server communication for DHCPv6 and relay-to-server
communication for DHCPv4.
Authors : W. Cerveny,R. Bonica,Reji Thomas,May 2017
Title :Benchmarking the Neighbor Discovery Protocol
Abstract :The Stream Control Transmission Protocol (SCTP) is a transport
protocol originally defined to run on top of the network protocols
IPv4 or IPv6. This document specifies how SCTP can be used on top of
the Datagram Transport Layer Security (DTLS) protocol. Using the
encapsulation method described in this document, SCTP is unaware of
the protocols being used below DTLS; hence, explicit IP addresses
cannot be used in the SCTP control chunks. As a consequence, the
SCTP associations carried over DTLS can only be single-homed.
Authors :P. Patil,Tirumaleswar Reddy,D. Wing,April 2017
Title :Traversal Using Relays around NAT (TURN) Server Auto Discovery
Abstract :Current Traversal Using Relays around NAT (TURN) server discovery
mechanisms are relatively static and limited to explicit
configuration. These are usually under the administrative control of
the application or TURN service provider, and not the enterprise,
ISP, or the network in which the client is located. Enterprises and
ISPs wishing to provide their own TURN servers need auto-discovery
mechanisms that a TURN client could use with minimal or no
configuration. This document describes three such mechanisms for
TURN server discovery.
This document updates RFC 5766 to relax the requirement for mutual
authentication in certain cases.
Authors :Kingston Selvaraj,M. Venkatesan, D. King, S. Aldrin, J. Ryoo,April 2017
Title :MPLS Transport Profile Linear Protection MIB
Abstract :This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols. In particular, it defines
objects for managing Multiprotocol Label Switching - Transport
Profile (MPLS-TP) linear protection.
Authors :Dhananjay Patki,S. Gundavelli,J. Lee,Q. Fu, L. Bertz, Aug 2017
Title :Mobile Access Gateway Configuration Parameters Controlled by the Local Mobility Anchor
Abstract :This specification defines a new extension,
LMA-Controlled-MAG-Session-Params, to Proxy Mobile IPv6. This option
can be used by the local mobility anchor (LMA) in a Proxy Mobile IPv6
domain for signaling a mobile access gateway (MAG) on enforcing
specific values for various configuration parameters such as
heartbeat and binding refresh parameters.
Authors :Ram Mohan Ravindranath ,G. Salgueiro, March 2017
Title :The Session Description Protocol (SDP) WebSocket Connection URI Attribute
Abstract :The WebSocket protocol enables bidirectional real-time communication
between clients and servers in web-based applications. This document
specifies extensions to Session Description Protocol (SDP) for
application protocols using WebSocket as a transport.
Authors :J. Jeong,S. Park,L. Beloeil, Syam Madanapalli, March 2017
Title :IPv6 Router Advertisement Options for DNS Configuration
Abstract :This document specifies IPv6 Router Advertisement (RA) options
(called "DNS RA options") to allow IPv6 routers to advertise a list
of DNS Recursive Server Addresses and a DNS Search List to IPv6
hosts.
This document, which obsoletes RFC 6106, defines a higher default
value of the lifetime of the DNS RA options to reduce the likelihood
of expiry of the options on links with a relatively high rate of
packet loss.
Authors : Pushpasis. Sarkar,Shraddha Hegde,,C. Bowers,H. Gredler,S. Litkowski,March 2017
Title :Remote-LFA Node Protection and Manageability
Abstract :The loop-free alternates (LFAs) computed following the current
remote-LFA specification guarantees only link protection. The
resulting remote-LFA next hops (also called "PQ-nodes") may not
guarantee node protection for all destinations being protected by it.
This document describes an extension to the remote-loop-free-based IP
fast reroute mechanisms that specifies procedures for determining
whether or not a given PQ-node provides node protection for a
specific destination. The document also shows how the same procedure
can be utilized for the collection of complete characteristics for
alternate paths. Knowledge about the characteristics of all
alternate paths is a precursor to applying the operator-defined
policy for eliminating paths not fitting the constraints.
Authors :Tirumaleswar Reddy, P. Patil ,D. Wing, Feb 2017
Title :DNS over Datagram Transport Layer Security (DTLS)
Abstract :DNS queries and responses are visible to network elements on the path
between the DNS client and its server. These queries and responses
can contain privacy-sensitive information, which is valuable to
protect.
This document proposes the use of Datagram Transport Layer Security
(DTLS) for DNS, to protect against passive listeners and certain
active attacks. As latency is critical for DNS, this proposal also
discusses mechanisms to reduce DTLS round trips and reduce the DTLS
handshake size. The proposed mechanism runs over port 853.
Authors :Ram Mohan Ravindranath,P. Ravindran ,P. Kyzivat, Feb 2017
Title :Session Initiation Protocol (SIP) Recording Call Flows
Abstract :Session recording is a critical requirement in many communications
environments, such as call centers and financial trading
organizations. In some of these environments, all calls must be
recorded for regulatory, compliance, and consumer-protection reasons.
The recording of a session is typically performed by sending a copy
of a media stream to a recording device. This document lists call
flows with metadata snapshots sent from a Session Recording Client
(SRC) to a Session Recording Server (SRS).
Authors :P. Aitken,B. Claise,Srikar B S ,C. McDowall,J. Schoenwaelder, May 2017
Title :Exporting MIB Variables Using the IP Flow Information Export (IPFIX) Protocol
Abstract :This document specifies a way to complement IP Flow Information
Export (IPFIX) Data Records with Management Information Base (MIB)
objects, avoiding the need to define new IPFIX Information Elements
for existing MIB objects that are already fully specified.
Two IPFIX Options Templates, as well as a method for creating IPFIX
Options Templates that are used to export the extra data required to
fully describe Simple Network Management Protocol (SNMP) MIB objects
in IPFIX, are specified herein.