Internet DRAFT - draft-lynn-dnssd-requirements

draft-lynn-dnssd-requirements







DNS-SD/mDNS Extensions                                      K. Lynn, Ed.
Internet-Draft                                                Consultant
Intended status: Informational                               S. Cheshire
Expires: April 25, 2014                                      Apple, Inc.
                                                        October 22, 2013


            Requirements for Scalable DNS-SD/mDNS Extensions
                    draft-lynn-dnssd-requirements-00

Abstract

   DNS-SD/mDNS is widely used today for discovery and resolution of
   services and names on a local link, but there are use cases to extend
   DNS-SD/mDNS to enable service discovery beyond the local link.  This
   document provides a problem statement and a list of requirements.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 25, 2014.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Lynn & Cheshire          Expires April 25, 2014                 [Page 1]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Problem Statement . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Basic Use Cases . . . . . . . . . . . . . . . . . . . . . . .   5
   4.  Internationalization Considerations . . . . . . . . . . . . .   6
   5.  Namespace Considerations  . . . . . . . . . . . . . . . . . .   6
   6.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .   6
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   9.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   8
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   DNS-Based Service Discovery [DNS-SD] in combination with its
   companion technology Multicast DNS [mDNS] is widely used today for
   discovery and resolution of services and names on a local link.
   However, as users move to multi-link home or campus networks they
   find that mDNS does not work across routers.  DNS-SD can also be used
   in conjunction with conventional unicast DNS to enable wide-area
   service discovery, but this capability is not yet widely deployed.
   This disconnect between customer needs and current practice has led
   to calls for improvement, such as the Educause petition [EP].

   In response to this and similar evidence of market demand, several
   products now enable service discovery beyond the local link using
   different ad-hoc techniques.  However, it is unclear which approach
   represents the best long-term direction for DNS-based service
   discovery protocol development.

   DNS-SD/mDNS in its present form is also not optimized for network
   technologies where multicast transmissions are relatively expensive.
   Wireless networks such as [IEEE.802.11] may be adversely affected by
   excessive mDNS traffic due to the higher network overhead of
   multicast transmissions.  Wireless mesh networks such as 6LoWPAN
   [RFC4944] are effectively multi-link subnets where multicasts must be
   forwarded by intermediate nodes.

   It is in the best interests of end users, network administrators, and
   vendors for all interested parties to cooperate within the context of
   the IETF to develop an efficient, scalable, and interoperable
   standards-based solution.

   This document defines the problem statement and gathers requirements
   for Scalable DNS-SD/mDNS Extensions.




Lynn & Cheshire          Expires April 25, 2014                 [Page 2]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in "Key words for use in
   RFCs to Indicate Requirement Levels" [RFC2119].

1.2.  Terminology [TBD]

   Discovery Scope

   Zero Configuration

   Incremental Deployment

2.  Problem Statement

   Service discovery beyond the local link is perhaps the most important
   feature currently missing from the DNS-SD/mDNS framework.  The issues
   and requirements are summarized below.

2.1.  Multilink Naming and Discovery

   A list of desired DNS-SD/mDNS improvements from network
   administrators in the research and education community was issued in
   the form of the Educause petition [EP].  The following is a technical
   summary of the issues:

   o  Products that advertise services such as printing and multimedia
      streaming via DNS-SD/mDNS are not currently discoverable by
      devices on other links.  It is common practice for enterprises and
      institutions to use wireless links for client access and wired
      networks for server infrastructure, typically on different
      subnets.  DNS-SD used with conventional unicast DNS does work when
      devices are on different links, but the resource records that
      describe the service must somehow be entered into the unicast DNS
      namespace.

   o  Entering DNS-SD records manually into a unicast DNS zone file
      works, (as has been done for many years for the Terminal Room
      printers at IETF meetings) but requires the DNS administrator to
      know how to do that [static] and is fragile when IP addresses of
      devices may change, as is common when DHCP is used.








Lynn & Cheshire          Expires April 25, 2014                 [Page 3]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


   o  Automatically adding DNS-SD records using DNS Update works, but
      requires that the DNS server be configured to allow DNS Updates,
      and requires that devices be configured with the DNS Update
      credentials to permit such updates, which has proven to be
      onerous.

   o  Therefore, a mechanism is desired that populates the DNS namespace
      with the appropriate DNS-SD records with less manual
      administration than typically needed for a unicast DNS server.

   The following is a technical summary of the requirements:

   o  It must scale to a range of hundreds or thousands of DNS-SD/mDNS
      enabled devices in a given environment.

   o  It must work with wired and wireless networks from different
      vendors.

   o  It must not significantly increase network traffic (wired or
      wireless).

   o  It must be easily managed at an enterprise scale.

   o  It must be provided at a reasonable cost.  [CapEx + OpEx.  KEL]

2.2.  IEEE 802.11 Wireless LANs

   Multicast DNS was originally designed to run on Ethernet - the
   dominant link-layer at the time.  In shared Ethernet networks,
   multicast frames place little additional demand on the shared network
   medium above unicast frames.  In IEEE 802.11 networks however,
   multicast frames are transmitted at a low data rate supported by all
   receivers.  In practice, this data rate leads to a larger fraction of
   airtime being devoted to multicast transmission.  Some network
   administrators block multicast traffic or convert it to a series of
   link-layer unicast frames.

   Wired links may be orders of magnitude less reliable than their wired
   counterparts.  To improve transmission reliability, the IEEE 802.11
   MAC requires positive acknowledgement of unicast frames.  It does
   not, however, support positive acknowledgement of multicast frames.
   As a result, it is common to observe much higher loss of multicast
   frames on wireless as compared to wired network technologies.

   Enabling service discovery on IEEE 802.11 networks requires that the
   number of multicast frames be restricted to a suitably low value, or
   replaced with unicast frames to use the MAC's reliability features.




Lynn & Cheshire          Expires April 25, 2014                 [Page 4]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


2.3.  Low Power and Lossy Networks (LLNs)

   Emerging wireless mesh networking technologies such as RPL [RFC6550]
   and 6LoWPAN present several challenges for the current DNS-SD/mDNS
   design.  First, Link-Local multicast scope [RFC4291] is defined as a
   single-hop neighborhood.  A single subnet prefix in a wireless mesh
   network may often span multiple links, therefore a larger multicast
   scope is required to span it [I-D.ietf-6man-multicast-scopes].

   Additionally, low-power nodes may be offline for significant periods
   either because they are "sleeping" or due to connectivity problems.
   In such cases LLN nodes might fail to respond to queries or defend
   their names using the current design.

3.  Basic Use Cases

   The following use cases are defined with different constraints to
   help distinguish and classify the target requirements.

      (A) Personal Area networks; e.g., one laptop and one printer.
      This is the simplest example of a DNS-SD/mDNS network.

      (B) Classic home networks, consisting of:

      *  Single exit router: the network may have multiple upstream
         providers or networks, but all outgoing and incoming trafic
         goes through a single router.

      *  One level depth: all links on the network are connected to the
         same default router.

      *  Single administrative domain: all nodes under the same admin
         entity.

      (C) Advanced residential and small business networks
      [I-D.ietf-homenet-arch]:

      Like B but consist of two or more wired and/or wireless links,
      connected by routers, behind the single exit router.  However, the
      forwarding nodes are largely self-configuring and do not require
      routing protocol administration.

      (D) Enterprise networks:

      Like C but consist of arbitrary diameter under a single
      administrative domain.  A large majority of the forwarding and
      security devices are configured.




Lynn & Cheshire          Expires April 25, 2014                 [Page 5]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


      (E) Higher Education networks:

      Like D but core network may be under a central administrative
      domain while leaf networks are under local administrative domains.

      (F) Mesh networks such as RPL/6LoWPAN:

      Multi-link subnets with prefixes defined by one or more border
      routers.  May comprise network B and any part of networks C, D, or
      E.

4.  Internationalization Considerations

   The solution should support rich international text, as do DNS-SD and
   mDNS today.  Users will not accept a solution that does not allow the
   richness of service naming that they currently have with mDNS, manual
   zone files, and DNS Update today.

5.  Namespace Considerations

   The unicast DNS namespace contains globally unique names.  Naming
   services over a local scope contain locally unique names.  Clients
   discovering services need to be able to differentiate global names
   from local names.

6.  Requirements

   [This is a strawman proposal.  MB]

   REQ1:  The scope of the discovery should be either automatically
      found by the discovering devices and/or configured.

   REQ2:  For use cases A, B, and C, there should be a zero
      configuration mode of operation.

   REQ3:  For use cases D and E, there should be a way to configure the
      scope of the discovery and also support both smaller (ex:
      department) and larger (ex: campus-wide) discovery scopes.

   REQ4:  For use cases D and E, there should be an incremental way to
      deploy the solution.

   REQ5:  The new solution should integrate or at least should not break
      any current link scope DNS-SD/mDNS protocols and deployments.

   REQ6:  The new solution MUST be capable of spanning multiple links
      (hops) and network technologies.




Lynn & Cheshire          Expires April 25, 2014                 [Page 6]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


   REQ7:  The new solution MUST be scalable to thousands of servers with
      minimal configuration and without degrading network performance.

   REQ8:  The new solution MUST provide a consistent user experience
      whether local or global services are being discovered.

7.  IANA Considerations

   This document currently makes no request of IANA.

   Note to RFC Editor: this section may be removed on publication as an
   RFC.

8.  Security Considerations

   [Not complete - initial ideas.  MB/KEL]

   If the scope of the discovery is not properly setup or constrained,
   then information leaks will happen outside the appropriate network.

   Visiting nodes on a network may discover more services than desired
   by the network policies, if filtering of discovery packets was not
   properly setup.  [Is this a NAC or DNS problem?  KL]

   Depending on the chosen solution, there is a possibility of name
   space conflicts between the DNS tree and this solution.  In this
   case, a node may not know if the target node or service is the right
   one, therefore enabling ground for various attacks.

   The DNS-SD/mDNS framework security considerations also apply.

   DNSSEC can assert the validity but not the veracity of records in a
   zone file.  The trust model of the global DNS relies on the fact that
   human administrators either a) manually enter resource records into a
   zone file, or b) configure the DNS server to authenticate a trusted
   device (e.g., a DHCP server) that can automatically maintain such
   records.

   By contrast, the "plug-and-play" nature of mDNS devices has up to now
   depended only on physical connectivity.  If a device is visible via
   mDNS then it is assumed to be trusted.  This is no longer likely to
   be the case in larger networks.  Still, the new solution SHOULD
   leverage existing security solutions and not invent new ones.

   Mobile devices such as smart phones that can expose the location of
   their owners by registering services in arbitrary zones pose a risk
   to privacy.  Such devices MUST NOT register their services in
   arbitrary zones without the approval of their operators.  However, it



Lynn & Cheshire          Expires April 25, 2014                 [Page 7]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


   SHOULD be possible to configure one or more "home" zones, e.g., based
   on subnet prefix, in which mobile devices may automatically register
   their services.

9.  Acknowledgments

   We gratefully acknowledge contributions and review comments made by
   RJ Atkinson, Marc Blanchet, Tim Chown, Ralph Droms, Educause, David
   Farmer, Matthew Gast, Peter Van Der Stok, and Thomas Narten.










































Lynn & Cheshire          Expires April 25, 2014                 [Page 8]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


10.  References

10.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, February 2006.

   [RFC4944]  Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler,
              "Transmission of IPv6 Packets over IEEE 802.15.4
              Networks", RFC 4944, September 2007.

   [RFC6550]  Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R.,
              Levis, P., Pister, K., Struik, R., Vasseur, JP., and R.
              Alexander, "RPL: IPv6 Routing Protocol for Low-Power and
              Lossy Networks", RFC 6550, March 2012.

   [mDNS]     Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
              February 2013.

   [DNS-SD]   Cheshire, S. and M. Krochmal, "DNS-Based Service
              Discovery", RFC 6763, February 2013.

10.2.  Informative References

   [I-D.ietf-6man-multicast-scopes]
              Droms, R., "IPv6 Multicast Address Scopes", draft-ietf-
              6man-multicast-scopes-00 (work in progress), August 2013.

   [I-D.ietf-homenet-arch]
              Chown, T., Arkko, J., Brandt, A., Troan, O., and J. Weil,
              "Home Networking Architecture for IPv6", draft-ietf-
              homenet-arch-10 (work in progress), August 2013.

   [EP]       "Educause Petition", https://www.change.org/petitions/
              from-educause-higher-ed-wireless-networking-admin-group,
              July 2012.

   [IEEE.802.11]
              "Information technology - Telecommunications and
              information exchange between systems - Local and
              metropolitan area networks - Specific requirements - Part
              11: Wireless LAN Medium Access Control (MAC) and Physical
              Layer (PHY) Specifications ", IEEE Std 802.11-2012, 2012,
              <http://standards.ieee.org/getieee802/download/
              802.11-2012.pdf>.



Lynn & Cheshire          Expires April 25, 2014                 [Page 9]

Internet-Draft        Scalable DNS-SD Requirements          October 2013


   [static]   "Manually Adding DNS-SD Service Discovery Records to an
              Existing Name Server", July 2013,
              <http://www.dns-sd.org/ServerStaticSetup.html>.

Authors' Addresses

   Kerry Lynn (editor)
   Consultant

   Phone: +1 978 460 4253
   Email: kerlyn@ieee.org


   Stuart Cheshire
   Apple, Inc.
   1 Infinite Loop
   Cupertino , California   95014
   USA

   Phone: +1 408 974 3207
   Email: cheshire@apple.com






























Lynn & Cheshire          Expires April 25, 2014                [Page 10]