blob: 8e9f1fef92aa2b1ed33d467ce2c379f260117a64 [file] [log] [blame] [edit]
Internet Engineering Task Force M. Sustrik, Ed.
Internet-Draft GoPivotal Inc.
Intended status: Informational August 05, 2013
Expires: February 06, 2014
Extended TCP Service Naming
etsn-01
Abstract
This doucment defines a way to extend the TCP service namespace so
that arbitrary names can be used instead of TCP ports.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 06, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
1. Introduction
Sustrik Expires February 06, 2014 [Page 1]
Internet-Draft ETSN August 2013
TCP ports serve double purpose. First, they uniquely identify a TCP
connection within the scope of network interface. Second, they serve
as symbolic names for network services, for example, port 80 is a
symbolic name for HTTP service.
While the ports are a fitting solution for the former problem, they
are severely lacking in the latter case. Specifically, as we move
from generic-purpose IETF-defined and IANA-registered services such
as HTTP or SMTP to special-purpose ad hoc services, often limited in
use to few computers, a single company or maybe few inter-
communicating organisations the port numbers become increasingly
insufficient.
In the crowded TCP port namespace developers often choose to use port
numbers that collide with existing IANA-registered services and even
in the cases where they take care to choose unassigned port numbers
the ad hoc services tend to collide each with another.
To deal with the problem, some applications choose to use ephemeral
ports, i.e. port numbers assigned to the application dynamically by
the network stack from the pool of port numbers that are not used at
the moment.
Given that ephemeral ports are not known in advance, this solution
requires an additional service to distribute the port numbers to the
potential peers and typically results in more complex and brittle
systems.
Another problem arises if TCP service is shared among different
organisations. Ephemeral ports are not an option in that case as the
connections have to cross the firewalls. There's no way to open the
port in the firewall if it is not known in advance.
If, on the other hand, the ports are assigned statically the practice
can severely hinder the development as every new service requires
opening a new port in the firewall and thus undergoing an approval
process that may take months in some organisations.
This specification attemps to solve the problem by extending the TCP
service namespace to arbitrary strings. At the same time all those
services share a single fixed IANA-assigned TCP port number, thus
reducing the administrative overhead to one-off opening of a single
port in the firewall.
2. Connection Initiation
Sustrik Expires February 06, 2014 [Page 2]
Internet-Draft ETSN August 2013
When new connection is being established, the party initiating the
connection connects to TCP port 5908 at given IP address and sends
the following protocol header to the peer:
+--------------+-----------+--------------+
| version (8b) | size (8b) | service name |
+--------------+-----------+--------------+
The first byte is the version of this protocol and MUST be set to
0x01.
If the version number is not equal to 0x01 the accepting party MUST
close the underlying TCP connection.
Second byte is the length of the subsequent service name. Thus, the
service names are 0 to 255 bytes long.
The assumption here is that namespace of all strings up to 255 bytes
long is large enough to prevent service name clashes. On the other
hand, 257 bytes (maximum size of the protocol header) is not long
enough to be exploited in any kind of DoS attack.
Note that the service name may consist of arbitrary bytes and is not
restricted to ASCII strings or similar.
If the party accepting the connection doesn't receive the entire
protocol header within a reasonable time (e.g. 1 second) it SHOULD
close the underlying TCP connection. This rule prevents DoS attacks
based on opening large number of TCP connections that would linger
around and never be handed to the user.
After receiving the entire protocol header, the accepting party looks
up the service name in its table of available services. If there's
no corresponding service registered it MUST close the underlying TCP
connection.
Finally, if the service name is found in the table, the TCP
connection is handed to the process that registered the service name
in question.
From that point on the connection behaves as an ordinary TCP connection,
both with respect to the data transfer and to the connection
shutdown.
3. IANA Considerations
Sustrik Expires February 06, 2014 [Page 3]
Internet-Draft ETSN August 2013
This document requires that a fixed TCP port number is assigned by
IANA for extended service naming. For now the specification is using
port 5908.
4. Security Considerations
Longer service names may provide some opportunity for DoS attacks,
however, by limiting the service name to maximum of 255 bytes, the
risk should be negligible.
5. References
Author's Address
Martin Sustrik (editor)
GoPivotal Inc.
Email: msustrik@gopivotal.com
Sustrik Expires February 06, 2014 [Page 4]