| draft-werner-nsis-natfw-nslp-statemachine-00.txt | | draft-werner-nsis-natfw-nslp-statemachine-01.txt | |
|---|
| | | | |
|
| NSIS C. Werner | | NSIS X. Fu | |
| Internet-Draft X. Fu | | Internet-Draft C. Werner | |
| Expires: May 2, 2005 Univ. Goettingen | | Expires: January 18, 2006 Univ. Goettingen | |
| H. Tschofenig | | H. Tschofenig | |
|
| | | T. Tsenov | |
| Siemens | | Siemens | |
| C. Aoun | | C. Aoun | |
| Nortel | | Nortel | |
|
| November 2004 | | N. Steinleitner | |
| | | Univ. Goettingen | |
| | | July 17, 2005 | |
| | | | |
|
| NSLP NAT/FW State Machine | | NAT/FW NSLP State Machine | |
| draft-werner-nsis-natfw-nslp-statemachine-00.txt | | draft-werner-nsis-natfw-nslp-statemachine-01.txt | |
| | | | |
| Status of this Memo | | Status of this Memo | |
| | | | |
|
| This document is an Internet-Draft and is subject to all provisions | | By submitting this Internet-Draft, each author represents that any | |
| of section 3 of RFC 3667. By submitting this Internet-Draft, each | | applicable patent or other IPR claims of which he or she is aware | |
| author represents that any applicable patent or other IPR claims of | | have been or will be disclosed, and any of which he or she becomes | |
| which he or she is aware have been or will be disclosed, and any of | | aware will be disclosed, in accordance with Section 6 of BCP 79. | |
| which he or she become aware will be disclosed, in accordance with | | | |
| RFC 3668. | | | |
| | | | |
| Internet-Drafts are working documents of the Internet Engineering | | Internet-Drafts are working documents of the Internet Engineering | |
| Task Force (IETF), its areas, and its working groups. Note that | | Task Force (IETF), its areas, and its working groups. Note that | |
|
| other groups may also distribute working documents as | | other groups may also distribute working documents as Internet- | |
| Internet-Drafts. | | Drafts. | |
| | | | |
| Internet-Drafts are draft documents valid for a maximum of six months | | Internet-Drafts are draft documents valid for a maximum of six months | |
| and may be updated, replaced, or obsoleted by other documents at any | | and may be updated, replaced, or obsoleted by other documents at any | |
| time. It is inappropriate to use Internet-Drafts as reference | | time. It is inappropriate to use Internet-Drafts as reference | |
| material or to cite them other than as "work in progress." | | material or to cite them other than as "work in progress." | |
| | | | |
| The list of current Internet-Drafts can be accessed at | | The list of current Internet-Drafts can be accessed at | |
| http://www.ietf.org/ietf/1id-abstracts.txt. | | http://www.ietf.org/ietf/1id-abstracts.txt. | |
| | | | |
| The list of Internet-Draft Shadow Directories can be accessed at | | The list of Internet-Draft Shadow Directories can be accessed at | |
| http://www.ietf.org/shadow.html. | | http://www.ietf.org/shadow.html. | |
| | | | |
|
| This Internet-Draft will expire on May 2, 2005. | | This Internet-Draft will expire on January 18, 2006. | |
| | | | |
| Copyright Notice | | Copyright Notice | |
| | | | |
|
| Copyright (C) The Internet Society (2004). | | Copyright (C) The Internet Society (2005). | |
| | | | |
| Abstract | | Abstract | |
| | | | |
| This document describes the state machines for the NSIS Signaling | | This document describes the state machines for the NSIS Signaling | |
| Layer Protocol for Network Address Translation/Firewall signaling | | Layer Protocol for Network Address Translation/Firewall signaling | |
| (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at | | (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at | |
| different locations of a signaling path are presented in order to | | different locations of a signaling path are presented in order to | |
| illustrate how NAT/FW NSLP may be implemented. | | illustrate how NAT/FW NSLP may be implemented. | |
| | | | |
| Table of Contents | | Table of Contents | |
| | | | |
|
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 | |
| 3. Notational conventions used in state diagrams . . . . . . . . 5 | | 3. Notational conventions used in state diagrams . . . . . . . 3 | |
| 4. State Machine Symbols . . . . . . . . . . . . . . . . . . . . 8 | | 4. State Machine Symbols . . . . . . . . . . . . . . . . . . . 6 | |
| 5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 9 | | 5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . 7 | |
| 5.1 Common Procedures . . . . . . . . . . . . . . . . . . . . 9 | | 5.1 Common Procedures . . . . . . . . . . . . . . . . . . . . 7 | |
| 5.2 Common Variables . . . . . . . . . . . . . . . . . . . . . 11 | | 5.2 Common Variables . . . . . . . . . . . . . . . . . . . . . 9 | |
| 5.3 Constants . . . . . . . . . . . . . . . . . . . . . . . . 12 | | 5.3 Constants . . . . . . . . . . . . . . . . . . . . . . . . 10 | |
| 6. State machine for the NAT/FW NI . . . . . . . . . . . . . . . 13 | | 6. State machine for the NAT/FW NI . . . . . . . . . . . . . . 10 | |
| 7. State machines for the NAT/FW NF . . . . . . . . . . . . . . . 16 | | 7. State machines for the NAT/FW NF . . . . . . . . . . . . . . 14 | |
| 7.1 State machine for NAT/FW Firewall NF . . . . . . . . . . . 16 | | 7.1 State machine for NAT/FW Firewall NF . . . . . . . . . . . 15 | |
| 7.2 State machine for NAT/FW NAT NF . . . . . . . . . . . . . 18 | | 7.2 State machine for NAT/FW NAT NF . . . . . . . . . . . . . 22 | |
| 8. State machine for the NAT/FW NR . . . . . . . . . . . . . . . 24 | | 8. State machine for the NAT/FW NR . . . . . . . . . . . . . . 29 | |
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 27 | | 9. Security Considerations . . . . . . . . . . . . . . . . . . 33 | |
| 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 28 | | 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 34 | |
| 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 29 | | 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 34 | |
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 | | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 | |
| 12.1 Normative References . . . . . . . . . . . . . . . . . . . . 30 | | 12.1 Normative References . . . . . . . . . . . . . . . . . . 34 | |
| 12.2 Informative References . . . . . . . . . . . . . . . . . . . 30 | | 12.2 Informative References . . . . . . . . . . . . . . . . . 34 | |
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 30 | | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 35 | |
| Intellectual Property and Copyright Statements . . . . . . . . 32 | | Intellectual Property and Copyright Statements . . . . . . . 37 | |
| | | | |
| 1. Introduction | | 1. Introduction | |
| | | | |
| This document describes the state machines for NAT/FW NSLP [1], | | This document describes the state machines for NAT/FW NSLP [1], | |
| trying to show how NAT/FW NSLP can be implemented to support its | | trying to show how NAT/FW NSLP can be implemented to support its | |
| deployment. The state machines described in this document are | | deployment. The state machines described in this document are | |
| illustrative of how the NAT/FW NSLP protocol defined in [1] may be | | illustrative of how the NAT/FW NSLP protocol defined in [1] may be | |
| implemented for the first NAT/FW NSLP node in the signaling path, | | implemented for the first NAT/FW NSLP node in the signaling path, | |
| intermediate NAT/FW NSLP nodes with Firewall and/or NAT | | intermediate NAT/FW NSLP nodes with Firewall and/or NAT | |
| functionality, and the last NAT/FW NSLP node in the signaling path. | | functionality, and the last NAT/FW NSLP node in the signaling path. | |
| | | | |
| skipping to change at page 8, line 23 | | skipping to change at page 6, line 36 | |
|---|
| = Assignment action. The value of the expression to the right of | | = Assignment action. The value of the expression to the right of | |
| the operator is assigned to the variable to the left of the | | the operator is assigned to the variable to the left of the | |
| operator. Where this operator is used to define multiple | | operator. Where this operator is used to define multiple | |
| assignments, e.g., a = b = X the action causes the value of the | | assignments, e.g., a = b = X the action causes the value of the | |
| expression following the right-most assignment operator to be | | expression following the right-most assignment operator to be | |
| assigned to all of the variables that appear to the left of the | | assigned to all of the variables that appear to the left of the | |
| right-most assignment operator. | | right-most assignment operator. | |
| ! Logical NOT operator. | | ! Logical NOT operator. | |
| && Logical AND operator. | | && Logical AND operator. | |
| || Logical OR operator. | | || Logical OR operator. | |
|
| if...then... Conditional action. If the Boolean expression | | if...then... Conditional action. If the Boolean expression following | |
| following the if evaluates to TRUE, then the action following the | | the if evaluates to TRUE, then the action following the then is | |
| then is executed. | | executed. | |
| \{ statement 1, ... statement N \} Compound statement. Braces are | | \{ statement 1, ... statement N \} Compound statement. Braces are | |
| used to group statements that are executed together as if they | | used to group statements that are executed together as if they | |
| were a single statement. | | were a single statement. | |
| != Inequality. Evaluates to TRUE if the expression to the left of | | != Inequality. Evaluates to TRUE if the expression to the left of | |
| the operator is not equal in value to the expression to the right. | | the operator is not equal in value to the expression to the right. | |
| == Equality. Evaluates to TRUE if the expression to the left of the | | == Equality. Evaluates to TRUE if the expression to the left of the | |
| operator is equal in value to the expression to the right. | | operator is equal in value to the expression to the right. | |
| > Greater than. Evaluates to TRUE if the value of the expression to | | > Greater than. Evaluates to TRUE if the value of the expression to | |
| the left of the operator is greater than the value of the | | the left of the operator is greater than the value of the | |
| expression to the right. | | expression to the right. | |
| | | | |
| skipping to change at page 13, line 9 | | skipping to change at page 11, line 4 | |
|---|
| attempts of a QUERY message after it is aborted and the | | attempts of a QUERY message after it is aborted and the | |
| application is being notified. | | application is being notified. | |
| Max_Retry(REA): Contains the maximum number of retransmission | | Max_Retry(REA): Contains the maximum number of retransmission | |
| attempts of a REA message after it is aborted and the application | | attempts of a REA message after it is aborted and the application | |
| is being notified. | | is being notified. | |
| | | | |
| 6. State machine for the NAT/FW NI | | 6. State machine for the NAT/FW NI | |
| | | | |
| This section presents the state machines for the NSIS initator which | | This section presents the state machines for the NSIS initator which | |
| is capable of NSLP NAT/FW signaling | | is capable of NSLP NAT/FW signaling | |
|
| | | ----------- | |
| | | State: INITIALIZE | |
| | | ----------- | |
| | | | |
|
| ------------------- | | Condition Action State Note | |
| State: Initialize | | ------------------------+-------------------------+-----------+--- | |
| ------------------- | | UCT |Initialize variables | IDLE |* | |
| | | ------------------------+-------------------------+-----------+--- | |
| | | | |
|
| Condition Action State | | NOTE: | |
| ------------------------+-------------------------+------------ | | * - Application triggered for forking process | |
| UCT |retry_Counter(Create)=0; |IDLE | | | |
| |retry_Counter(Query)=0; | | | | |
| ------------------------+-------------------------+------------ | | | |
| | | | |
|
| ------------------- | | ----------- | |
| State: IDLE | | State: IDLE | |
|
| ------------------- | | ----------- | |
| | | | |
|
| Condition Action State | | Condition Action State Note | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+-----------+--- | |
| tg_CREATE |Start.STATE_TIMER(Resp); |PENDING | | tg_CREATE |tx_CREATE |WAITRESP2- | | |
| |retry_Counter(Create)=0; | | | (sid, sig, pubkey)| (sid, sig, pubkey);| SESSION| | |
| |tx_CREATE; | | | |Start.STATE_TIMER |PENDING | | |
| ------------------------+-------------------------+------------ | | | (Response);| | | |
| ------------------- | | | | | | |
| State: PENDING | | (tg_CREATE (sid)) |tx_CREATE (sid); |WAITRESP1- | | |
| ------------------- | | |Start.STATE_TIMER | SESSION| | |
| | | | (Response);|PENDING | | |
| | | ------------------------+-------------------------+-----------+--- | |
| | | ----------- | |
| | | State: WAITRESP-SESSION PENDING | |
| | | ----------- | |
| | | | |
|
| Condition Action State | | Condition Action State Note | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+-----------+--- | |
| rx_RESP(SUCCESS,Create) |Stop.STATE_TIMER(Resp); |ESTABLISHED | | TIMEOUT.STATE(Response) |Stop.STATE_TIMER |WAITRESP- | | |
| |Session.create(); | | | | (Response);| SESSION| | |
| |Start.REFRESH_TIMER(Cre);| | | |retry_counter(Create)++; |PENDING | | |
| |retry_Counter(Create)=0; | | | |if (retry_counter(Create)| | | |
| | | | | | <=Max_Retry(Create))| | | |
| TIMEOUT.STATE(Resp) |Stop.STATE_TIMER(Resp); |PENDING | | |{Start_STATE_TIMER | | | |
| |retry_Counter(Create)++; | | | | (Response)| | | |
| |if (retry_Counter(Create)| | | |tx_CREATE;} | | | |
| |<=Max_Retry(Create)) | | | | | | | |
| |{Start.STATE_TIMER(Resp);| | | (rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER |SESSION | | |
| |tx_CREATE;} | | | Create))| (Response);|ESTABLISHED| | |
| | | | | |Session.create(); | | | |
| (Retry_Counter(Create) |Send info to appl.; |IDLE | | |Start.REFRESH_TIMER | | | |
| > Max_Retry(Create)) || |Stop.STATE_TIMER(Resp); | | | | (Create);| | | |
| tg_TEARDOWN || | | | | |retry_counter(Create)=0; | | | |
| rx_RESP(ERROR,Create) | | | | | | | | |
| ------------------------+-------------------------+------------ | | (Retry_Counter(Create)> |Send info to Appl.; | IDLE | | |
| | | Max_Retry(Create)) |||Stop.STATE_TIMER | | | |
| | | (tg_TEARDOWN) || | (Response);| | | |
| | | (rx_RESPONSE(ERROR, | | | | |
| | | Create))| | | | |
| | | ------------------------+-------------------------+-----------+ | |
| | | | |
|
| ------------------- | | ----------- | |
| State: ESTABLISHED | | State: WAITRESP1-SESSION PENDING | |
| ------------------- | | ----------- | |
| | | | |
|
| Condition Action State | | Condition Action State Note | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+-----------+--- | |
| rx_RESP(SUCCESS,Query) |Stop.STATE_TIMER(Query); |ESTABLISHED | | (TIMEOUT.STATE(Response)|Send info to Appl.; |IDLE | | |
| && CHECK_AA |Send info to appl.; | | | || (rx_RESPONSE(ERROR, | | | | |
| | | | | Create))| | | | |
| tg_QUERY |tx_QUERY; |ESTABLISHED | | | | | | |
| |Start.STATE_TIMER(Query);| | | (rx_RESPONSE(SUCCESS, |Tx_Create(sid, sig, |WAITPKRESP-| | |
| |retry_Counter(Query)=0; | | | Create))| pubkey);| SESSION| | |
| | | | | |Start.STATE_TIMER |PENDING | | |
| rx_RESP(SUCCESS,Create) |Start.REFRESH_TIMER(Cre);|ESTABLISHED | | | (Response);| | | |
| |Stop.STATE_TIMER(Resp); | | | ------------------------+-------------------------+-----------+--- | |
| |retry_counter(Create)=0; | | | ----------- | |
| | | | | State: WAITRESP2-SESSION PENDING | |
| TIMEOUT.REFRESH(Cre) |Start.STATE_TIMER(Resp); |ESTABLISHED | | ----------- | |
| |tx_CREATE; | | | | |
| | | | | Condition Action State Note | |
| TIMEOUT.STATE(Resp) |Stop.STATE_TIMER(Resp); |ESTABLISHED | | ------------------------+-------------------------+-----------+--- | |
| |retry_Counter(Create)++; | | | (tr(RESPONSE(sid)) |tx_CREATE (sid); |WAITRESP- | | |
| |if (retry_Counter(Create)| | | |Start.STATE_TIMER | SESSION| | |
| | <= Max_Retry(Create)) { | | | | (Response);|PENDING | | |
| |Start.STATE_TIMER(Resp); | | | |retry_counter(Create)=0; | | | |
| |tx_CREATE;} | | | ------------------------+-------------------------+-----------+--- | |
| | | | | | |
| rx_NOTIFY && CHECK_AA |Process Event(); |ESTABLISHED | | ----------- | |
| | | | | State: WAITPKRESP-SESSION PENDING | |
| rx_RESP(ERROR,Query) || |Stop.STATE_TIMER(Query); |ESTABLISHED | | ----------- | |
| TIMEOUT.STATE(Query) |retry_Counter(Query)++; | | | | |
| |if (retry_Counter(Query) | | | Condition Action State Note | |
| | <= Max_Retry(Query)) { | | | ------------------------+-------------------------+-----------+--- | |
| |Start.STATE_TIMER(Query);| | | (tr(RESPONSE(sid)) |tx_CREATE (sid); |WAITRESP- | | |
| |tx_QUERY;} else { | | | |Start.STATE_TIMER | SESSION| | |
| |send info to appl.} | | | | (Response);|PENDING | | |
| | | | | |retry_counter(Create)=0; | | | |
| (retry_Counter(Create) |Send info to appl.; |IDLE | | ------------------------+-------------------------+-----------+--- | |
| > Max_Rety(Create)) || |Session.clear(); | | | | |
| rx_RESP(ERROR,Create) |Stop.REFRESH_TIMER(Cre); | | | ----------- | |
| | | State: SESSION ESTABLISHED | |
| | | ----------- | |
| | | | |
| | | Condition Action State Note | |
| | | ------------------------+-------------------------+-----------+--- | |
| | | (rx_RESPONSE |Stop.STATE_TIMER(QDRQ); |SESSION | | |
| | | (SUCCESS, QDRQ))|Send info to appl.; |ESTABLISHED| | |
| | | && (CHECK_AA) | | | | |
| | | | | | | |
| | | | | | | | |
|
| tg_TEARDOWN |tx_CREATE(LIFETIME=0); |IDLE | | (rx_RESPONSE |Stop.STATE_TIMER(QDRQ); |SESSION | | |
| |Session.clear(); | | | (ERROR, QDRQ)|retry_counter(QDRQ)++; |ESTABLISHED| | |
| |Stop.REFRESH_TIMER(Cre); | | | || TIMEOUT_STATE(QDRQ)) |If (retry_counter(QDRQ)< | | | |
| |Stop.STATE_TIMER(Resp); | | | | Max_Retry(QDRQ)| | | |
| ------------------------+-------------------------+------------ | | |{Start.STATE_TIMER(QDRQ);| | | |
| | | | tx_QDRQ;}| | | |
| | | |else{send info to appl.;}| | | |
| | | | | | | |
| | | (tg_QDRQ) |tx_QDRQ; |SESSION | | |
| | | |Start.STATE_TIMER(QDRQ); |ESTABLISHED| | |
| | | |retry_counter(QDRQ)=0; | | | |
| | | | | | | |
| | | TIMEOUT.REFRESH(Create) |Start.STATE_TIMER |SESSION | | |
| | | | (Response);|ESTABLISHED| | |
| | | |tx_CREATE; | | | |
| | | | | | | |
| | | TIMEOUT.STATE(Response) |Stop.STATE_TIMER |SESSION | | |
| | | | (Response);|ESTABLISHED| | |
| | | |retry_counter(Create)++; | | | |
| | | |If (retry_counter(Create)| | | |
| | | | <=Max_Retry(Create))| | | |
| | | |{Start.STATE_TIMER | | | |
| | | | (Response);| | | |
| | | |tx_CREATE;} | | | |
| | | | | | | |
| | | (rx_RESPONSE(SUCCESS, |Start.REFRESH_TIMER |SESSION | | |
| | | Create))| (Create);|ESTABLISHED| | |
| | | |Stop.STATE_TIMER | | | |
| | | | (Response);| | | |
| | | |retry_counter(Create)=0; | | | |
| | | | | | | |
| | | (rx_NOTIFY)&&(CHECK_AA) |Process Event(); |SESSION | | |
| | | | |ESTABLISHED| | |
| | | | | | | |
| | | (tg_TEARDOWN) |tx_CREATE(LIFETIME=0); |IDLE | | |
| | | |Session.clear(); | | | |
| | | |Stop.REFRESH_TIMER | | | |
| | | | (Create);| | | |
| | | |Stop.STATE_TIMER( | | | |
| | | | Response);| | | |
| | | | | | | |
| | | (retry_counter(Create)> |Send info to Appl.; |IDLE | | |
| | | Max_Retries(Create) |||Session.clear(); | | | |
| | | rx_RESPONSE(ERROR, |Stop.REFRESH_TIMER | | | |
| | | Create))| (Create);| | | |
| | | ------------------------+-------------------------+-----------+ | |
| | | | |
| 7. State machines for the NAT/FW NF | | 7. State machines for the NAT/FW NF | |
| | | | |
| This section describes the state machines for intermediate nodes | | This section describes the state machines for intermediate nodes | |
| within the signaling path capable of processing NAT/FW NSLP messages. | | within the signaling path capable of processing NAT/FW NSLP messages. | |
| These nodes typically implement firewall and/or network address | | These nodes typically implement firewall and/or network address | |
| translation (NAT) functionality. To keep it simple, the state | | translation (NAT) functionality. To keep it simple, the state | |
| machines are separated in two independent state machines for nodes | | machines are separated in two independent state machines for nodes | |
| with firewall and nodes with NAT functionality. | | with firewall and nodes with NAT functionality. | |
| | | | |
| | | | |
| skipping to change at page 16, line 24 | | skipping to change at page 16, line 4 | |
|---|
| 7.1 State machine for NAT/FW Firewall NF | | 7.1 State machine for NAT/FW Firewall NF | |
| | | | |
| ------------------- | | ------------------- | |
| State: Initialize | | State: Initialize | |
| ------------------- | | ------------------- | |
| | | | |
| Condition Action State | | Condition Action State | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
| UCT | - |IDLE | | UCT | - |IDLE | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| | | | |
| ------------------- | | ------------------- | |
| State: IDLE | | State: IDLE | |
| ------------------- | | ------------------- | |
| | | | |
| Condition Action State | | Condition Action State | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| rx_REA && !(CHECK_AA) |tx_RESP(ERROR,Rea); |IDLE | | (rx_REA) && (!IS_EDGE) |tx_REA; |IDLE | |
| | | | | | | | |
|
| rx_RESP(Rea) |tx_RESP(Rea); |IDLE | | (rx_CREATE) && |tx_RESPONSE(ERROR, |IDLE | |
| | | !(CHECK_AA) |Create) | | |
| | | | | | | | |
|
| rx_REA && IS_EDGE |tx_RESP(ERROR,Rea); (*) |IDLE | | (rx_RESPONSE (,Rea)) |tx_RESPONSE (,Rea) |IDLE | |
| | | | | | | | |
|
| rx_REA && !(IS_EDGE) |tx_REA; |IDLE | | (rx_REA) && (IS_EDGE) |tx_RESPONSE(ERROR, Rea) |IDLE | |
| | | | "No NAT here" | | |
| | | | | | | | |
|
| rx_CREATE && CHECK_AA |Start.STATE_TIMER(Resp); |PENDING | | (rx_UCREATE) && |tx_RESPONSE(ERROR, |IDLE | |
| |tx_CREATE; | | | !(CHECK_AA) |UCREATE); | | |
| | | | | | | | |
|
| rx_CREATE && !(CHECK_AA)|tx_RESP(ERROR,Create); |IDLE | | ((rx_CREATE(sid)) && |Start.STATE_TIMER |WAITRESP1- | |
| | | (CHECK_AA) && |(Response); |SESSION/ | |
| | | (!IS_PUBLICSIDE)) |tx_CREATE; |USESSION | |
| | | | |PENDING | |
| | | | | | |
| | | (rx_UCREATE) && |tx_RESPONSE(SUCCESS, |WAITRESP- | |
| | | (CHECK_AA) |UCREATE); |SESSION/US | |
| | | |tx_CREATE; |ESSION | |
| | | |Retry_Counter(Create)=0; |PENDING | |
| | | |Start.STATE_TIMER(Respons| | |
| | | |e); | | |
| | | | | | |
| | | (rx_CREATE) && |tx_RESPONSE(SUCCESS, |NoNR/Scope- | |
| | | (CHECK_AA) |Create), |WaitResponse | |
| | | && ((CREATE(NoNR?) && |tx_CREATE; | | |
| | | CHECK_NoNR) || | Start.STATE_TIMER(Respon| | |
| | | CREATE(Scope?) && |se) | | |
| | | CHECK_Scope)) | | | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| * REA Error message "No NAT here" | | | |
| ------------------- | | ------------------- | |
|
| State: PENDING | | State: NoNR/Scope-WaitResponse | |
| ------------------- | | ------------------- | |
| | | | |
| Condition Action State | | Condition Action State | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| rx_RESP(SUCCESS,Create) |Stop_STATE_TIMER(Resp); |ESTABLISHED | | (retry_Counter(Create)> |Send info to Appl.; |IDLE | |
| |Session.create(); | | | Max_Retry(Create)) || |Stop.STATE_TIMER(Response| | |
| |PckFilter.create(); | | | (tg_TEARDOWN)) |); | | |
| |Start.STATE_TIMER(Cre); | | | | |
| | | | | | | | |
|
| rx_RESP(ERROR,Create) |Stop.STATE_TIMER(Resp); |IDLE | | rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER(Response|NoNR/Scope | |
| || TIMEOUT.STATE(Resp) | | | | Create) |); |Sessions | |
| | | |Session.create(); |Established | |
| | | |PckFilter.create(); | | |
| | | |Start.STATE_TIMER(Create)| | |
| | | |; | | |
| | | |Start.REFRESH_TIMER(Creat| | |
| | | |eB); | | |
| | | |retry_counter(Create)=0; | | |
| | | |Retry_counter(CreateB)=0;| | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| ------------------- | | | |
| State: ESTABLISHED | | ------------------------------ | |
| ------------------- | | State: NoNR/ScopeSessions Established | |
| | | ------------------------------ | |
| | | | |
| Condition Action State | | Condition Action State | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| rx_CREATE && !(CHECK_AA)|tx_RESP(ERROR,Create); |ESTABLISHED | | (rx_CREATE) && |tx_RESPONSE_SUCCESS(Creat|NoNR/Scope | |
| | | | | (CHECK_AA) && |e); |Sessions | |
| rx_TRIGGER && CHECK_AA |tx_TRIGGER; |ESTABLISHED | | [CHECK_LP] && |Start_STATE_TIMER(Create)|Established | |
| && !IS_EDGE | | | | (CREATE(LIFETIME?)>0) |; | | |
| | | | | | |
| rx_RESP(SUCCESS,Create) |Start.STATE_TIMER(Cre); |ESTABLISHED | | | |
| |tx_RESP(SUCCESS,Create); | | | | |
| | | | | | |
| rx_QUERY && CHECK_AA |Process Query(); |ESTABLISHED | | | |
| |tx_QUERY; | | | | |
| | | | | | | | |
|
| rx_CREATE && CHECK_AA |tx_CREATE; |ESTABLISHED | | (tg_NOTIFY) |tx_NOTIFY |NoNR/Scope | |
| && CREATE(LIFETIME?)>0 | | | | | |Sessions | |
| | | | |Established | |
| | | | | | | | |
|
| rx_RESP(,Query) && |tx_RESP(,Query); |ESTABLISHED | | (rx_CREATE) && |tx_RESPONSE(ERROR, |NoNR/Scope | |
| CHECK_AA | | | | !(CHECK_AA)) |Create); |Sessions | |
| | | | |Established | |
| | | | | | | | |
|
| tg_NOTIFY |tx_NOTIFY; |ESTABLISHED | | (rx_RESPONSE(ERROR, |Stop.STATE_TIMER(Response|NoNR/Scope | |
| | | Create) || |); |Sessions | |
| | | TIMOUT.STATE(Response))|retry_counter(Create)++; |Established | |
| | | | if | | |
| | | |(retry_counter(Create)<=M| | |
| | | |ax_Retry(Create)) | | |
| | | |{Start.STATE_TIMER(Respon| | |
| | | |se); | | |
| | | |tx_CREATE;} | | |
| | | | | | | | |
|
| rx_NOTIFY && CHECK_AA |Process Event(); |ESTABLISHED | | (rx_QDRQ) && (CHECK_AA)|Process QDRQ(); |NoNR/Scope | |
| |tx_NOTIFY; | | | | tx_RESPONSE (,QDRQ) |Sessions | |
| | | | |Established | |
| | | | | | | | |
|
| TIMEOUT.STATE(Cre) || |Session.clear(); |IDLE | | (TIMEOUT.REFRESH(CreateB|retry_counter(CreateB)++;|NoNR/Scope | |
| tg_TEARDOWN |PckFilter.clear(); | | | )) |If |Sessions | |
| | | |(retry_counter(CreateB)<=|Established | |
| | | |Max_retries) | | |
| | | |{tx_CREATE; | | |
| | | |Start.TIMER_STATE(Respons| | |
| | | |eB);} | | |
| | | | | | | | |
|
| rx_CREATE && CHECK_AA |tx_CREATE(LIFETIME=0); |IDLE | | (tg_TEARDOWN) || |Session.clear(); |IDLE | |
| && CREATE(LIFETIME?)==0 |Session.clear(); | | | ((rx_CREATE) && |PckFilter.clear(); | | |
| |PckFilter.clear(); | | | (CREATE(LIFETIME?)==0)) |Stop.STATE_TIMER(Create);| | |
| |Stop.STATE_TIMER(Cre); | | | || | Stop.REFRESH_TIMER(Creat| | |
| | | TIMEOUT_STATE(Create) |||eB); | | |
| | | (retry_counter(CreateB)>|tx_CREATE(LIFETIME=0); | | |
| | | Max_Retries(CreateB)) ||| | | |
| | | || | | | |
| | | (retry_counter(Create)> | | | |
| | | Max_Retries(Create)) | | | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
| | | | |
|
| 7.2 State machine for NAT/FW NAT NF | | ------------------------------ | |
| | | State: WAITRESP1-SESSION/USESSION PENDING | |
| ------------------- | | ------------------------------ | |
| State: Initialize | | | |
| ------------------- | | | |
| | | | |
| Condition Action State | | Condition Action State | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| UCT |Retry_Counter(Create)=0; |IDLE | | ((rx_RESPONSE(success)) |Session.create(); |WAITPKRESP- | |
| | | && (CHECK_AA) |Start.STATE_TIMER |SESSION/ | |
| | | |(Response); |USESSION | |
| | | |tx_RESPONSE; Scheme = 1 |PENDING | |
| | | | | | |
| | | (TIMEOUT.STATE(Response)| |IDLE | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| | | ----------------------------------- | |
| ------------------- | | State: WAITPKRESP-SESSION/USESSION PENDING | |
| State: IDLE | | ----------------------------------- | |
| ------------------- | | | |
| | | | |
| Condition Action State | | Condition Action State | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| rx_CREATE && |tx_RESP(ERROR,Rea); (*1)|IDLE | | ((rx_RESPONSE(success)) |pubkey.create(); |WAITRESP- | |
| IS_PUBLICSIDE | | | | && (CHECK_AA) |Start.STATE_TIMER |SESSION/ | |
| | | | | |(Response); |USESSION | |
| rx_REA && CHECK_AA && |tx_RESP(ERROR,Rea); (*2)|IDLE | | |tx_RESPONSE; |PENDING | |
| && IS_PUBLICSIDE | | | | | |
| | | | | | |
| rx_REA && CHECK_AA && |Binding.create(); |NonEDGE REA | | | |
| !IS_EDGE |tx_REA; | | | | |
| |Start_STATE_TIMER(Rea); | | | | |
| | | | | | |
| rx_REA && CHECK_AA && |Binding.create(); |REA | | | |
| IS_EDGE && |Start.STATE_TIMER(Rea); | | | | |
| !IS_PUBLICSIDE |tx_RESP(SUCCESS,Rea); | | | | |
| |retry_Counter(Create)=0; | | | | |
| |Start.STATE_TIMER(Resp); | | | | |
| |tx_CREATE; | | | | |
| | | | | | | | |
|
| rx_CREATE && CHECK_AA |Binding.create(); |PENDING | | (TIMEOUT.STATE(Response)|Session.remove() |IDLE | |
| && !IS_PUBLICSIDE |Start.STATE_TIMER(Resp); | | | && (scheme ==2) | | | |
| |tx_CREATE; | | | | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| *1 Error message is "No reservation made" | | ---------------------------------------- | |
| *2 Error message is "REA received on public side" | | State: WAITRESP-SESSION/USESSION PENDING | |
| ------------------- | | ---------------------------------------- | |
| State: NonEDGE REA | | | |
| ------------------- | | | |
| | | | |
| Condition Action State | | Condition Action State | |
| ------------------------+-------------------------+------------ | | ------------------------+-------------------------+------------ | |
|
| rx_RESP(,Query) && |tx_RESP(,Query); |NonEDGE REA | | (TIMEOUT.STATE(Response)|Retry_counter(CREATE)++; |WAITRESP- | |
| CHECK_AA | | | | |If |SESSION/ | |
| | | |(retry_counter(CREATE)<=M|USESSION | |
| | | |ax_Retries(CREATE)) |PENDING | |
| | | |{Start.STATE_TIMER(Respon| | | </