draft-werner-nsis-natfw-nslp-statemachine-04.txt   draft-werner-nsis-natfw-nslp-statemachine-03.txt 
NSIS C. Werner NSIS C. Werner
Internet-Draft N. Steinleitner, Ed. Internet-Draft X. Fu
Expires: September 6, 2007 X. Fu Expires: December 27, 2006 Univ. Goettingen
Univ. Goettingen
H. Tschofenig H. Tschofenig
Siemens Siemens
C. Aoun C. Aoun
ENST ENST
March 5, 2007 N. Steinleitner, Ed.
Univ. Goettingen
June 25, 2006
NAT/FW NSLP State Machine NAT/FW NSLP State Machine
draft-werner-nsis-natfw-nslp-statemachine-04.txt draft-werner-nsis-natfw-nslp-statemachine-03.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 39 skipping to change at page 1, line 40
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 6, 2007. This Internet-Draft will expire on December 27, 2006.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document describes the state machines for the NSIS Signaling This document describes the state machines for the NSIS Signaling
Layer Protocol for Network Address Translation/Firewall signaling Layer Protocol for Network Address Translation/Firewall signaling
(NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at
different locations of a signaling path are presented in order to different locations of a signaling path are presented in order to
illustrate how NAT/FW NSLP may be implemented. illustrate how NAT/FW NSLP may be implemented.
Table of Contents Table of Contents
skipping to change at page 2, line 27 skipping to change at page 2, line 28
6. State machine for the NAT/FW NI/NR+ . . . . . . . . . . . . . 9 6. State machine for the NAT/FW NI/NR+ . . . . . . . . . . . . . 9
7. State machine for the NAT/FW NF . . . . . . . . . . . . . . . 11 7. State machine for the NAT/FW NF . . . . . . . . . . . . . . . 11
8. State machine for the NAT/FW NR/NI+ . . . . . . . . . . . . . 15 8. State machine for the NAT/FW NR/NI+ . . . . . . . . . . . . . 15
9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18
10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 18 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 18
11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 18 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 18
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
13.1. Normative References . . . . . . . . . . . . . . . . . . . 18 13.1. Normative References . . . . . . . . . . . . . . . . . . . 18
13.2. Informative References . . . . . . . . . . . . . . . . . . 18 13.2. Informative References . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20
Intellectual Property and Copyright Statements . . . . . . . . . . 21 Intellectual Property and Copyright Statements . . . . . . . . . . 21
1. Introduction 1. Introduction
This document describes the state machines for NAT/FW NSLP [1], This document describes the state machines for NAT/FW NSLP [1],
trying to show how NAT/FW NSLP can be implemented to support its trying to show how NAT/FW NSLP can be implemented to support its
deployment. The state machines described in this document are deployment. The state machines described in this document are
illustrative of how the NAT/FW NSLP protocol defined in [1] may be illustrative of how the NAT/FW NSLP protocol defined in [1] may be
implemented for the first NAT/FW NSLP node in the signaling path, implemented for the first NAT/FW NSLP node in the signaling path,
intermediate NAT/FW NSLP nodes with Firewall and/or NAT intermediate NAT/FW NSLP nodes with Firewall and/or NAT
skipping to change at page 3, line 24 skipping to change at page 3, line 24
Where there are differences [1] are authoritative. The state Where there are differences [1] are authoritative. The state
machines are informative only. Implementations may achieve the same machines are informative only. Implementations may achieve the same
results using different methods. results using different methods.
The messages used in the NAT/FW NSLP protocol can be summarized as The messages used in the NAT/FW NSLP protocol can be summarized as
follows: follows:
Requesting message Responding message Requesting message Responding message
------------------------+--------------------------- ------------------------+---------------------------
CREATE |RESPONSE CREATE |RESPONSE
EXT |RESPONSE REA |RESPONSE
TRACE |RESPONSE
RESPONSE |NONE RESPONSE |NONE
NOTIFY |NONE NOTIFY |NONE
------------------------+--------------------------- ------------------------+---------------------------
We describe a set of state machines for different roles of entities We describe a set of state machines for different roles of entities
running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented. running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 6, line 36 skipping to change at page 6, line 38
= Assignment action. The value of the expression to the right of = Assignment action. The value of the expression to the right of
the operator is assigned to the variable to the left of the the operator is assigned to the variable to the left of the
operator. Where this operator is used to define multiple operator. Where this operator is used to define multiple
assignments, e.g., a = b = X the action causes the value of the assignments, e.g., a = b = X the action causes the value of the
expression following the right-most assignment operator to be expression following the right-most assignment operator to be
assigned to all of the variables that appear to the left of the assigned to all of the variables that appear to the left of the
right-most assignment operator. right-most assignment operator.
! Logical NOT operator. ! Logical NOT operator.
&& Logical AND operator. && Logical AND operator.
|| Logical OR operator. || Logical OR operator.
if...then... Conditional action. If the Boolean expression if...then... Conditional action. If the Boolean expression following
following the if evaluates to TRUE, then the action following the the if evaluates to TRUE, then the action following the then is
then is executed. executed.
{ statement 1, ... statement N } Compound statement. Braces are { statement 1, ... statement N } Compound statement. Braces are used
used to group statements that are executed together as if they to group statements that are executed together as if they were a
were a single statement. single statement.
!= Inequality. Evaluates to TRUE if the expression to the left of != Inequality. Evaluates to TRUE if the expression to the left of
the operator is not equal in value to the expression to the right. the operator is not equal in value to the expression to the right.
== Equality. Evaluates to TRUE if the expression to the left of the == Equality. Evaluates to TRUE if the expression to the left of the
operator is equal in value to the expression to the right. operator is equal in value to the expression to the right.
> Greater than. Evaluates to TRUE if the value of the expression to > Greater than. Evaluates to TRUE if the value of the expression to
the left of the operator is greater than the value of the the left of the operator is greater than the value of the
expression to the right. expression to the right.
<= Less than or equal to. Evaluates to TRUE if the value of the <= Less than or equal to. Evaluates to TRUE if the value of the
expression to the left of the operator is either less than or expression to the left of the operator is either less than or
equal to the value of the expression to the right. equal to the value of the expression to the right.
++ Increment the preceding integer operator by 1. ++ Increment the preceding integer operator by 1.
5. Common Rules 5. Common Rules
Throughout the document we use terms defined in the [1], such as NI, Throughout the document we use terms defined in the [1], such as NI,
NF, NR, CREATE, EXT or RESPONSE. NF, NR, CREATE, REA or RESPONSE.
5.1. Common Procedures 5.1. Common Procedures
tx_CREATE(): Transmit a CREATE message tx_CREATE(): Transmit a CREATE message
tx_CREATE(LIFETIME>0): Transmit CREATE message with lifetime object tx_CREATE(LIFETIME>0): Transmit CREATE message with lifetime object
greater than 0 for session creation. greater than 0 for session creation.
tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object
explicitly set to 0 for session deletion. explicitly set to 0 for session deletion.
tx_RESPONSE(code,type): Transmit RESPONSE message with specified tx_RESPONSE(code,type): Transmit RESPONSE message with specified code
code (SUCCESS or ERROR) and result type (related to a specific (SUCCESS or ERROR) and result type (related to a specific request
request type message: CREATE or EXT). A code or result type may type message: CREATE or REA). A code or result type may be
be omitted, typically when forwarding received RESPONSE messages. omitted, typically when forwarding received RESPONSE messages.
tx_EXT(): Transmit a EXT message tx_REA(): Transmit a REA message
rx_RESPONSE(code, type): Evaluates to TRUE if a RESPONSE message has rx_RESPONSE(code, type): Evaluates to TRUE if a RESPONSE message has
been received with the specified code (SUCCESS or ERROR) and been received with the specified code (SUCCESS or ERROR) and
result type (related to a specific request type message: CREATE or result type (related to a specific request type message: CREATE or
EXT). If the code or type is omitted, any received RESPONSE REA). If the code or type is omitted, any received RESPONSE
message which is only matching the given code or type will message which is only matching the given code or type will
evaluate this procedure to TRUE. evaluate this procedure to TRUE.
rx_CREATE(): Evaluates to TRUE if a CREATE message has been rx_CREATE(): Evaluates to TRUE if a CREATE message has been received.
received.
rx_CREATE(Lifetime > 0): Evaluates to TRUE if a CREATE message with rx_CREATE(Lifetime > 0): Evaluates to TRUE if a CREATE message with
lifetime object greater than 0 has been received. lifetime object greater than 0 has been received.
rx_CREATE(Lifetime == 0): Evaluates to TRUE if a CREATE message with rx_CREATE(Lifetime == 0): Evaluates to TRUE if a CREATE message with
lifetime object explicitly set to 0 has been received. lifetime object explicitly set to 0 has been received.
rx_EXT(): Evaluates to TRUE if a EXT message has been received. rx_REA(): Evaluates to TRUE if a REA message has been received.
rx_EXT(Lifetime > 0): Evaluates to TRUE if a EXT message with rx_REA(Lifetime > 0): Evaluates to TRUE if a REA message with
lifetime object greater than 0 has been received. lifetime object greater than 0 has been received.
rx_EXT(Lifetime == 0): Evaluates to TRUE if a EXT message with rx_REA(Lifetime == 0): Evaluates to TRUE if a REA message with
lifetime object explicitly set to 0 has been received. lifetime object explicitly set to 0 has been received.
CHECK_AA(): Checks Authorization and Authentication of the received CHECK_AA(): Checks Authorization and Authentication of the received
message. Evaluates to TRUE if the check is successful, otherwise message. Evaluates to TRUE if the check is successful, otherwise
it evaluates to FALSE. This check is performed on all received it evaluates to FALSE. This check is performed on all received
messages hence it will only be shown within the state machine when messages hence it will only be shown within the state machine when
the check has failed. This CHECK_AA also MAY include a local the check has failed. This CHECK_AA also MAY include a local
policy check for the received message. policy check for the received message.
CreateSession(): Installs all session related states, variables, CreateSession(): Installs all session related states, variables,
bindings, policies. bindings, policies.
DeleteSession(): Removes all session related states, variables, DeleteSession(): Removes all session related states, variables,
bindings, policies. bindings, policies.
CreatePinhole(): Installs a pinhole for the new session. CreatePinhole(): Installs a pinhole for the new session.
DeletePinhole(): Removes a previously installed pinhole. DeletePinhole(): Removes a previously installed pinhole.
CreateReservations(): Creates a matching based on the MRI and open CreateReservations(): Creates a matching based on the MRI and open
pinholes for the signaling traffic. pinholes for the signaling traffic.
DeleteReservations(): Deletes previously installed matchings and DeleteReservations(): Deletes previously installed matchings and
pinholes for the signaling traffic. pinholes for the signaling traffic.
CreateBinding(): Creates a public/private network translation CreateBinding(): Creates a public/private network translation binding
binding on a NAT device for the requesting entity. on a NAT device for the requesting entity.
DeleteBinding(): Deletes a previously created a public/private DeleteBinding(): Deletes a previously created a public/private
network translation binding on a NAT device for the requesting network translation binding on a NAT device for the requesting
entity. entity.
StartTimer(identifier): This procedure starts a timer with a certain StartTimer(identifier): This procedure starts a timer with a certain
timespan, which is up to the specific implementation. The timespan, which is up to the specific implementation. The
parameter 'identifier' identifies this timer uniquely. Any parameter 'identifier' identifies this timer uniquely. Any
subsequent StartTimer(identifier), StopTimer(identifier), subsequent StartTimer(identifier), StopTimer(identifier),
(identifier)_TIMEOUT refer to the same timer labeled x. This (identifier)_TIMEOUT refer to the same timer labeled x. This
timer is required to time the lifetime of state, which means that timer is required to time the lifetime of state, which means that
when it times out, it indicates the current machine state should when it times out, it indicates the current machine state should
be left or its validation has expired. This procedure starts the be left or its validation has expired. This procedure starts the
timer 'identifier'. If a timer with the same 'identifier' has timer 'identifier'. If a timer with the same 'identifier' has
already been started and not yet stopped, the timer is now stopped already been started and not yet stopped, the timer is now stopped
and restarted. After the timer has timed out, the procedure and restarted. After the timer has timed out, the procedure
(identifier)_TIMEOUT evaluates to TRUE. The timer does not (identifier)_TIMEOUT evaluates to TRUE. The timer does not
restart automatically, but must be started again with a restart automatically, but must be started again with a
StartTimer(identifier). Used identifier are STATE, REFRESH, StartTimer(identifier). Used identifier are STATE, REFRESH,
CREATE, EXT or RESPONSE. CREATE, REA or RESPONSE.
StopTimer(identifier): This procedure stops the timer labeled StopTimer(identifier): This procedure stops the timer labeled
'identifier'. If it has already been stopped, this procedure has 'identifier'. If it has already been stopped, this procedure has
no effect. If the timer has already timed out, this procedure no effect. If the timer has already timed out, this procedure
removes the timeout-state from the timer 'identifier', so removes the timeout-state from the timer 'identifier', so
subsequent calls to (identifier)_TIMEOUT evaluate to FALSE. A subsequent calls to (identifier)_TIMEOUT evaluate to FALSE. A
timeout cannot occur until the timer 'identifier' has been timeout cannot occur until the timer 'identifier' has been
(re-)started. (re-)started.
(identifier)_TIMEOUT: This procedure evaluates to TRUE if the (identifier)_TIMEOUT: This procedure evaluates to TRUE if the
(identifier)-timer has timed out and indicates a state lifetime (identifier)-timer has timed out and indicates a state lifetime
expiration. This procedure cannot evaluate to TRUE if the timer expiration. This procedure cannot evaluate to TRUE if the timer
has been stopped. Used timers are STATE_TIMEOUT, REFRESH_TIMEOUT, has been stopped. Used timers are STATE_TIMEOUT, REFRESH_TIMEOUT,
CREATE_TIMEOUT, EXT_TIMEOUT or RESPONSE_TIMEOUT. CREATE_TIMEOUT, REA_TIMEOUT or RESPONSE_TIMEOUT.
tg_CREATE: External trigger to send a CREATE message (typically tg_CREATE: External trigger to send a CREATE message (typically
triggered by the application). triggered by the application).
tg_TEARDOWN: External trigger to delete a previously created session tg_TEARDOWN: External trigger to delete a previously created session
(typically triggered by the application) (typically triggered by the application)
tg_EXT: External trigger to send a EXT message towards an tg_REA: External trigger to send a REA message towards an
opportunistic address (typically triggered by the application) opportunistic address (typically triggered by the application)
tg_CREATE_PROXY: Internal trigger to send a CREATE message (used in tg_CREATE_PROXY: Internal trigger to send a CREATE message (used in
proxy mode, triggered by corresponding NAT/FW NSLP session). proxy mode, triggered by corresponding NAT/FW NSLP session).
tg_TEARDOWN_PROXY: Internal trigger to delete a previously created tg_TEARDOWN_PROXY: Internal trigger to delete a previously created
session (used in proxy mode, triggered by corresponding NAT/FW session (used in proxy mode, triggered by corresponding NAT/FW
NSLP session). NSLP session).
5.2. Common Variables 5.2. Common Variables
IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the
network edge, otherwise it evaluates to FALSE. network edge, otherwise it evaluates to FALSE.
IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE- IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE-
or EXT-) message has been received on the public side of the or REA-) message has been received on the public side of the
network. network.
CREATE(LIFETIME): Gets the value of the LIFETIME object in the CREATE(LIFETIME): Gets the value of the LIFETIME object in the CREATE
CREATE message. message.
counter(CREATE): Denotes the current number of retries of CREATE counter(CREATE): Denotes the current number of retries of CREATE
message which has been re-transmitted due to previous message which has been re-transmitted due to previous
RESPONSE_ERROR message. If the number of counter(CREATE) equals RESPONSE_ERROR message. If the number of counter(CREATE) equals
the value of counterLimit(CREATE), the current session creation the value of counterLimit(CREATE), the current session creation
attempt is aborted and the application is being notified. attempt is aborted and the application is being notified.
counter(EXT): Denotes the current number of retries of EXT message counter(REA): Denotes the current number of retries of REA message
which has been re-transmitted due to previous RESPONSE_ERROR which has been re-transmitted due to previous RESPONSE_ERROR
message. If the number of counter(EXT) equals the value of message. If the number of counter(REA) equals the value of
counterLimit(EXT), the current session creation attempt is aborted counterLimit(REA), the current session creation attempt is aborted
and the application is being notified. and the application is being notified.
5.3. Constants 5.3. Constants
counterLimit(CREATE): Contains the maximum number of retransmission counterLimit(CREATE): Contains the maximum number of retransmission
attempts of a CREATE message after it is aborted and the attempts of a CREATE message after it is aborted and the
application is being notified. application is being notified.
counterLimit(EXT): Contains the maximum number of retransmission counterLimit(REA): Contains the maximum number of retransmission
attempts of a EXT message after it is aborted and the application attempts of a REA message after it is aborted and the application
is being notified. is being notified.
6. State machine for the NAT/FW NI/NR+ 6. State machine for the NAT/FW NI/NR+
This section presents the state machine for the NSIS initator which This section presents the state machine for the NSIS initator which
is capable of NAT/FW NSLP signaling. is capable of NAT/FW NSLP signaling.
----------- -----------
State: INITIALIZE State: INITIALIZE
----------- -----------
skipping to change at page 12, line 14 skipping to change at page 12, line 14
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: IDLE State: IDLE
Entry: DeleteSession(); Entry: DeleteSession();
Exit : CreateSession(); Exit : CreateSession();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
(rx_EXT) && (IS_PUBLICSIDE) |tx_RESPONSE(ERROR, EXT); | IDLE (rx_REA) && (IS_PUBLICSIDE) |tx_RESPONSE(ERROR, REA); | IDLE
| | | |
(rx_CREATE(Lifetime > 0)) |tx_CREATE(); | CREATE_ (rx_CREATE(Lifetime > 0)) |tx_CREATE(); | CREATE_
| | WAITRESP | | WAITRESP
| | | |
((rx_EXT) && (!IS_EDGE) |tx_EXT(); | NONEDGE_ ((rx_REA) && (!IS_EDGE) |tx_REA(); | NONEDGE_
&& (!IS_PUBLICSIDE)) | | EXT && (!IS_PUBLICSIDE)) | | REA
| | | |
((rx_EXT) && (IS_EDGE) |tx_RESPONSE(SUCCESS,EXT); | EDGE_EXT ((rx_REA) && (IS_EDGE) |tx_RESPONSE(SUCCESS,REA); | EDGE_REA
&& (!IS_PUBLICSIDE)) |tx_CREATE; | && (!IS_PUBLICSIDE)) |tx_CREATE; |
|if(proxy_object) then | |if(proxy_object) then |
| (tg_CREATE_PROXY);| | (tg_CREATE_PROXY);|
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: CREATE_WAITRESP State: CREATE_WAITRESP
Entry: StartTimer(STATE); Entry: StartTimer(STATE);
Exit : StopTimer(STATE); Exit : StopTimer(STATE);
----------- -----------
skipping to change at page 13, line 5 skipping to change at page 13, line 5
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
| | | |
STATE_TIMEOUT |tx_RESPONSE(ERROR,CREATE); | IDLE STATE_TIMEOUT |tx_RESPONSE(ERROR,CREATE); | IDLE
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
| | | |
(rx_CREATE(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE (rx_CREATE(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE
| | | |
rx_RESPONSE(SUCCESS,CREATE) |tx_RESPONSE(SUCCESS,CREATE); | SESSION rx_RESPONSE(SUCCESS,CREATE) |tx_RESPONSE(SUCCESS,CREATE); | SESSION
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: NONEDGE_EXT State: NONEDGE_REA
Entry: StartTimer(EXT); Entry: StartTimer(REA);
CreateReservations(); CreateReservations();
Exit : StopTimer(EXT); Exit : StopTimer(REA);
DeleteReservations(); DeleteReservations();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
(rx_EXT(Lifetime > 0)) |StopTimer(EXT); | NONEDGE_ (rx_REA(Lifetime > 0)) |StopTimer(REA); | NONEDGE_
|StartTimer(EXT); | EXT |StartTimer(REA); | REA
|tx_EXT(); | |tx_REA(); |
| | | |
rx_RESPONSE(SUCCESS, EXT) |tx_RESPONSE(SUCCESS,EXT); | NONEDGE_ rx_RESPONSE(SUCCESS, REA) |tx_RESPONSE(SUCCESS,REA); | NONEDGE_
| | EXT | | REA
| | | |
rx_RESPONSE(ERROR, EXT) |tx_RESPONSE(ERROR,EXT); | IDLE rx_RESPONSE(ERROR, REA) |tx_RESPONSE(ERROR,REA); | IDLE
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
| | | |
(rx_EXT(Lifetime == 0)) |tx_EXT(Lifetime=0); | IDLE (rx_REA(Lifetime == 0)) |tx_REA(Lifetime=0); | IDLE
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
| | | |
EXT_TIMEOUT |ReportAsyncEvent(); | IDLE REA_TIMEOUT |ReportAsyncEvent(); | IDLE
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: EDGE_EXT State: EDGE_REA
Entry: StartTimer(EXT); Entry: StartTimer(REA);
CreateReservations(); CreateReservations();
Exit : StopTimer(EXT); Exit : StopTimer(REA);
DeleteReservations(); DeleteReservations();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
(rx_EXT(Lifetime > 0)) |StopTimer(EXT); | EDGE_EXT (rx_REA(Lifetime > 0)) |StopTimer(REA); | EDGE_REA
|StartTimer(EXT); | |StartTimer(REA); |
|tx_RESPONSE(SUCCESS, EXT); | |tx_RESPONSE(SUCCESS, REA); |
| | | |
(rx_EXT(Lifetime == 0)) |tx_EXT(Lifetime=0); | IDLE (rx_REA(Lifetime == 0)) |tx_REA(Lifetime=0); | IDLE
|ReportAsyncEvent(); | |ReportAsyncEvent(); |
|if(proxy_mode) then | |if(proxy_mode) then |
| (tg_TEARDOWN_PROXY);| | (tg_TEARDOWN_PROXY);|
| | | |
EXT_TIMEOUT |ReportAsyncEvent(); | IDLE REA_TIMEOUT |ReportAsyncEvent(); | IDLE
|if(proxy_mode) then | |if(proxy_mode) then |
| (tg_TEARDOWN_PROXY);| | (tg_TEARDOWN_PROXY);|
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: SESSION State: SESSION
Entry: StartTimer(CREATE) Entry: StartTimer(CREATE)
CreatePinhole(); CreatePinhole();
CreateBinding(); CreateBinding();
Exit : StopTimer(RESPONSE); Exit : StopTimer(RESPONSE);
StopTimer(CREATE); StopTimer(CREATE);
DeletePinhole(); DeletePinhole();
DeleteBinding(); DeleteBinding();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT |StopTimer(RESPONSE); | SESSION RESPONSE_TIMEOUT |StopTimer(RESPONSE); | SESSION
|tx_RESPONSE(ERROR,CREATE); | |tx_RESPONSE(ERROR,CREATE); |
| | | |
(rx_EXT(Lifetime > 0)) |StopTimer(CREATE); | SESSION (rx_REA(Lifetime > 0)) |StopTimer(CREATE); | SESSION
|StartTimer(RESPONSE); | |StartTimer(RESPONSE); |
|tx_CREATE(); | |tx_CREATE(); |
| | | |
rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION rx_RESPONSE(SUCCESS,CREATE) |StopTimer(RESPONSE); | SESSION
|StartTimer(CREATE); | |StartTimer(CREATE); |
|tx_RESPONSE(SUCCESS,CREATE); | |tx_RESPONSE(SUCCESS,CREATE); |
| | | |
CREATE_TIMEOUT |ReportAsyncEvent(); | IDLE CREATE_TIMEOUT |ReportAsyncEvent(); | IDLE
| | | |
(rx_EXT(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE (rx_REA(Lifetime == 0)) |tx_CREATE(Lifetime=0); | IDLE
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
8. State machine for the NAT/FW NR/NI+ 8. State machine for the NAT/FW NR/NI+
This section presents the state machines for the NSIS responder which This section presents the state machines for the NSIS responder which
is capable of NSLP NAT/FW signaling. is capable of NSLP NAT/FW signaling.
----------- -----------
State: INITIALIZE State: INITIALIZE
----------- -----------
skipping to change at page 16, line 14 skipping to change at page 16, line 14
----------- -----------
State: IDLE State: IDLE
Entry: DeleteSession(); Entry: DeleteSession();
Exit : CreateSession(); Exit : CreateSession();
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
(rx_CREATE) && !(CHECK_AA())|tx_RESPONSE(ERROR,CREATE); | IDLE (rx_CREATE) && !(CHECK_AA())|tx_RESPONSE(ERROR,CREATE); | IDLE
| | | |
tg_EXT |tx_EXT(); | EXT_ tg_REA |tx_REA(); | REA_
| | WAITRESP | | WAITRESP
| | | |
(rx_EXT(Lifetime > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION (rx_REA(Lifetime > 0)) |tx_RESPONSE(SUCCESS,CREATE); | SESSION
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: EXT_WAITRESP State: REA_WAITRESP
Entry: ResetCounter(EXT); Entry: ResetCounter(REA);
StartTimer(RESPONSE); StartTimer(RESPONSE);
Exit : StopTimer(RESPONSE); Exit : StopTimer(RESPONSE);
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT && |counter(EXT)++; | EXT_ RESPONSE_TIMEOUT && |counter(REA)++; | REA_
(counter(EXT) < |StartTimer(RESPONSE); | WAITRESP (counter(REA) < |StartTimer(RESPONSE); | WAITRESP
counterLimit(EXT)) |tx_EXT(); | counterLimit(REA)) |tx_REA(); |
| | | |
rx_RESPONSE(SUCCESS,EXT) |ReportAsyncEvent(); | EXT rx_RESPONSE(SUCCESS,REA) |ReportAsyncEvent(); | REA
| | | |
RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE
(counter(EXT) == | | (counter(REA) == | |
counterLimit(EXT)) | | counterLimit(REA)) | |
| | | |
rx_RESPONSE(ERROR,EXT) |ReportAsyncEvent(); | IDLE rx_RESPONSE(ERROR,REA) |ReportAsyncEvent(); | IDLE
| | | |
tg_TEARDOWN |tx_EXT(Lifetime=0); | IDLE tg_TEARDOWN |tx_REA(Lifetime=0); | IDLE
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: EXT State: REA
Entry: ResetCounter(EXT); Entry: ResetCounter(REA);
StartTimer(REFRESH); StartTimer(REFRESH);
Exit : StopTimer(RESPONSE); Exit : StopTimer(RESPONSE);
StopTimer(REFRESH); StopTimer(REFRESH);
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
RESPONSE_TIMEOUT && |counter(EXT)++; | EXT RESPONSE_TIMEOUT && |counter(REA)++; | REA
(counter(EXT) < |StartTimer(RESPONSE); | (counter(REA) < |StartTimer(RESPONSE); |
counterLimit(EXT)) |tx_EXT(); | counterLimit(REA)) |tx_REA(); |
| | | |
rx_RESPONSE(SUCCESS,EXT) |StartTimer(REFRESH); | EXT rx_RESPONSE(SUCCESS,REA) |StartTimer(REFRESH); | REA
|StopTimer(RESPONSE); | |StopTimer(RESPONSE); |
|ResetCounter(EXT); | |ResetCounter(REA); |
| | | |
REFRESH_TIMEOUT |tx_EXT(); | EXT REFRESH_TIMEOUT |tx_REA(); | REA
|StartTimer(RESPONSE); | |StartTimer(RESPONSE); |
| | | |
RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE RESPONSE_TIMEOUT && |ReportAsyncEvent(); | IDLE
(counter(EXT) == | | (counter(REA) == | |
counterLimit(EXT)) | | counterLimit(REA)) | |
| | | |
rx_RESPONSE(ERROR,EXT) |ReportAsyncEvent(); | IDLE rx_RESPONSE(ERROR,REA) |ReportAsyncEvent(); | IDLE
| | | |
tg_TEARDOWN |tx_EXT(Lifetime=0); | IDLE tg_TEARDOWN |tx_REA(Lifetime=0); | IDLE
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
----------- -----------
State: SESSION State: SESSION
Entry: StartTimer(STATE); Entry: StartTimer(STATE);
Exit : StopTimer(STATE); Exit : StopTimer(STATE);
----------- -----------
Condition Action State Condition Action State
----------------------------+-----------------------------+---------- ----------------------------+-----------------------------+----------
skipping to change at page 18, line 38 skipping to change at page 18, line 38
12. Acknowledgments 12. Acknowledgments
The authors would like to thank Martin Stiemerling for his valuable The authors would like to thank Martin Stiemerling for his valuable
comments and discussions. comments and discussions.
13. References 13. References
13.1. Normative References 13.1. Normative References
[1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol [1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol
(NSLP)", draft-ietf-nsis-nslp-natfw-13 (work in progress), (NSLP)", draft-ietf-nsis-nslp-natfw-11 (work in progress),
October 2006. April 2006.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", March 1997. Levels", March 1997.
13.2. Informative References 13.2. Informative References
[3] Fajardo, V., "State Machines for Protocol for Carrying [3] Fajardo, V., "State Machines for Protocol for Carrying
Authentication for Network Access (PANA)", Authentication for Network Access (PANA)",
draft-ietf-pana-statemachine-04 (work in progress), May 2006. draft-ietf-pana-statemachine-04 (work in progress), May 2006.
skipping to change at page 19, line 29 skipping to change at page 20, line 16
Constantin Werner Constantin Werner
University of Goettingen University of Goettingen
Telematics Group Telematics Group
Lotzestr. 16-18 Lotzestr. 16-18
Goettingen 37083 Goettingen 37083
Germany Germany