[Dime] [RFC3588bis-34] - Host-IP-Address AVP

"VITON HORCAJO, Pedro (Pedro)" <pedro.viton@alcatel-lucent.com> Mon, 17 September 2012 09:03 UTC

Return-Path: <pedro.viton@alcatel-lucent.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 607CC21F8532 for <dime@ietfa.amsl.com>; Mon, 17 Sep 2012 02:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.248
X-Spam-Status: No, score=-10.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id dpJjee4w3Z26 for <dime@ietfa.amsl.com>; Mon, 17 Sep 2012 02:03:17 -0700 (PDT)
Received: from smail3.alcatel.fr (smail3.alcatel.fr []) by ietfa.amsl.com (Postfix) with ESMTP id EDD7621F852B for <dime@ietf.org>; Mon, 17 Sep 2012 02:03:16 -0700 (PDT)
Received: from FRMRSSXCHHUB01.dc-m.alcatel-lucent.com (FRMRSSXCHHUB01.dc-m.alcatel-lucent.com []) by smail3.alcatel.fr (8.14.3/8.14.3/ICT) with ESMTP id q8H92AIf020500 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for <dime@ietf.org>; Mon, 17 Sep 2012 11:03:07 +0200
Received: from FRMRSSXCHMBSC1.dc-m.alcatel-lucent.com ([]) by FRMRSSXCHHUB01.dc-m.alcatel-lucent.com ([]) with mapi; Mon, 17 Sep 2012 11:02:28 +0200
From: "VITON HORCAJO, Pedro (Pedro)" <pedro.viton@alcatel-lucent.com>
To: "dime@ietf.org" <dime@ietf.org>
Date: Mon, 17 Sep 2012 11:02:26 +0200
Thread-Topic: [RFC3588bis-34] - Host-IP-Address AVP
Thread-Index: Ac2UsyjKbBR6VKnRTmqPj8ebKl4/ZA==
Message-ID: <5F42DFF905CBA544A7BBB0909003E1A3148F14F7C6@FRMRSSXCHMBSC1.dc-m.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_5F42DFF905CBA544A7BBB0909003E1A3148F14F7C6FRMRSSXCHMBSC_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.69 on
Subject: [Dime] [RFC3588bis-34] - Host-IP-Address AVP
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Sep 2012 09:07:20 -0000


After reviewing original RFC3588 and the lastest draft for 3588bis-34, I have a couple of comments/questions related to the Host-IP-Address AVP

1.- I don't have clear the behavior of a diameter peer when SENDING the Host-IP-Address AVP in the CER/CEA messages, if using TCP to transport Diameter.

In sections 5.3.1 (CER), 5.3.2(CEA) and 5.3.5 (Host-IP-Address AVP), it indicates the behavior with respect to that AVP when using SCTP or DTLS/SCTP as transport mechanism.

   The Host-IP-Address AVP (AVP Code 257) is of type Address and is used
   to inform a Diameter peer of the sender's IP address.  All source
   addresses that a Diameter node expects to use with SCTP [RFC4960] or
   DTLS/SCTP [RFC6083] MUST be advertised in the CER and CEA messages by
   including a Host-IP-Address AVP for each address.

   When Diameter is run over SCTP [RFC4960] or DTLS/SCTP [RFC6083],
   which allow connections to span multiple interfaces, hence, multiple
   IP addresses, the Capabilities-Exchange-Answer message MUST contain
   one Host-IP-Address AVP for each potential IP address that MAY be
   locally used when transmitting Diameter messages.

That might lead to think that if using TCP, that AVP might/needs not be sent.

However, not sending it would be a contradiction with the CER/CEA ABNF message format, that states that the Host-IP-Address AVP is a mandatory AVP with at least 1 ocurrence :
         <CER> ::= < Diameter Header: 257, REQ >
                   { Origin-Host }
                   { Origin-Realm }
                1* { Host-IP-Address } <------------

I think it would be a good idea to clarify:
A.- whether Host-IP-Address MUST/SHOULD/MAY included in CER/CEA messages if using TCP
B.- if it is not needed, indicate that AVP as opcional 1*[Host-IP-Address] in the CER/CEA ABNF. However, leaving it as optional, might lead to interoperability issues between an implementation not sending it, and another implementation expecting it as mandatory (as per current RFC 3588)

2.- On the other side, I haven't been able to find anywhere the behavior a Diameter implementation should have when RECEIVING that AVP, both with TCP and SCTP as transport methods.

A.- Should it check the source IP address of the received CER/CEA message belongs to the values of the Host-IP-Address AVP?
But what would be the purpose of that? Prevent NAT traversal?

And what to do then if the Source IP Address doesn't match?

B.- With SCTP, I thought initially the Diameter implementation could interface with a SCTP layer primitive to add the rest of the advertised IP addresses in Host-IP-Address, as possible addresses for this endpoint in the already established SCTP association.

However, after glancing over SCTP RFC 4960 (sections & 5.1.2), it seems that the remote IP addresses of an association may be exchanged/learnt only during the association establishment by using the Options in the INIT chunk.

Therefore, if my assumption is right that it is not possible to add/remove a remote endpoint  IP address to an already established association,
what's the point in having a Host-IP-Address AVP in the CER/CEA message?

Just for historical reasons?

In any case, I think it would be nice to clarify the utility of Host-IP-Address AVP, as well as a diameter implementation expected behavior, both when sending it and receiving it, when using TCP and SCTP.


     \\ ~ ~ //
     (/ @ @ /)
Pedro Viton         Tlf:+(34) 690 96 4740


C/ Maria Tubau 9 (28050) Madrid SPAIN
    .oooO  (   )
    (   )   ) /
     \ (   (_/