TSVWG J. Touch
Internet Draft Independent Consultant
Updates: 4727
Intended status: Standards Track March 15, 2025
Expires: September 2025
User Ports for Experiments
draft-ietf-tsvwg-usr-exp-08.txt
Abstract
This document defines user ports for experiments using transport
protocols. It describes the use of experiment identifiers to enable
shared use of these user ports, as well as updating the use of
system ports for experiments in the same manner.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
The list of current Internet-Drafts can be accessed at
https://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
https://www.ietf.org/shadow.html
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 15, 2025.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
Touch Expires September 15, 2025 [Page 1]
�
Internet-Draft User Ports for Experiments March 2025
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Revised BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Revised BSD License.
Table of Contents
1. Introduction ..................................................2
2. User Ports for Experiments ....................................3
3. Protocol Experiment Identifiers (PExIDs) ......................3
4. Using PExIDs in Transport Protocols ...........................4
4.1. SCTP and DCCP PExID Use ..................................5
4.2. PExID Coordination During State Negotiation ..............5
5. PExID Interactions with Other Protocols and Mechanisms ........6
6. Security Considerations .......................................6
7. IANA Considerations ...........................................7
8. References ....................................................9
8.1. Normative References .....................................9
8.2. Informative References ...................................9
9. Acknowledgments ..............................................11
1. Introduction
Various network codepoints have been allocated for experimental use,
including those for IPv4 [RFC791], IPv6 [RFC8200], ICMPv4 [RFC792],
ICMPv6 [RFC4443], UDP [RFC768], and TCP [RFC9293]. These include
transport protocol port numbers 1021 and 1022, using the service
names "EXP1" and "EXP2" [RFC4727].
There has always been an expectation that experiments needing
privileged (system) ports use these assignments and unprivileged
ports use those from the dynamic range [RFC6335][RFC7605]. However,
dynamic ports can be difficult to reserve in some systems or blocked
from traversing some firewalls. As a consequence, there is a need
for non-privileged, non-dynamic ports - i.e., user ports - for
experiments.
This document reserves user ports for experimentation and describes
the use of experiment identifiers to differentiate shared use of
these ports for concurrent experiments. This document also creates a
PExID registry, in addition to the IANA service names and ports
registry [SP-reg], to ensure that experimental uses that might be
tested in the public Internet do not interfere.
Touch Expires September 15, 2025 [Page 2]
�
Internet-Draft User Ports for Experiments March 2025
2. User Ports for Experiments
The system, user, and dynamic port ranges vary in their properties
[RFC7605]. System ports often include privileged access, sometimes
known as 'root'. Dynamic ports are used as client ports when
establishing associations with services on registered ports. User
ports have neither privilege nor the risk of use by other
connections. User ports are also more likely to allow configuration
to pass through firewalls, where system and dynamic ports can be
difficult to 'un-block'.
This document registers USR-EXP1 and USR-EXP2 for user port
experiments, using port numbers #UPORT1 and #UPORT2. These ports are
assigned from the user range, allowing non-privileged experiments
without the need to use ports from the dynamic range. They are
intended to complement the system ports already assigned for
experimental use [RFC4727].
3. Protocol Experiment Identifiers (PExIDs)
This document also creates a registry for port experiment
identifiers (PExIDs), in the same manner as the registry created for
shared TCP option experiments [RFC6994][TCP-reg]. These PExIDs are
intended for services that might not qualify for a port assignment
per current requirements in [RFC6335] and [RFC7605] because they are
either short-term or need more than one port number during
development (see Sec. 7.1 of [RFC7605]). Such is the case for
student projects that operate over the public Internet and/or across
firewalls. Additionally, although selection of a random PExID might
suffice, the bar for PExID registration is low (first-come, first
served) and encouraged.
The PExID approach is inspired by the ExID method for sharing
experimental option codepoints, originally developed for TCP
[RFC6994] and later applied to UDP [TH25]. That method could be
applied here, but requires OS support, whereas the PExID is used in
the data path and requires no OS modification. This method could be
applied to sharing other codepoints, e.g., protocol options and
codes, but that is outside the scope of this document.
Experimenters are encouraged to register PExIDs with IANA and to
include them at the beginning of their transport data, i.e., at the
front of each separate message or byte stream, as a 32-bit unsigned
integer in network standard byte order. The use of PExIDs helps
differentiate experiments without the need for additional port
assignments.
Touch Expires September 15, 2025 [Page 3]
�
Internet-Draft User Ports for Experiments March 2025
This document also encourages the use of these PExIDs for
experiments using existing experiment ports, i.e., system ports EXP1
and EXP2.
PExIDs differentiate experiments but are not intended to be specific
to a given experiment port, whether system or user, so a single
registration is used for all experiment ports. It is the
responsibility of the experimenter to determine which port(s) each
experiment uses.
The remainder of this document focuses on the issues associated with
using PExIDs.
4. Using PExIDs in Transport Protocols
PExIDs differentiate use of the experiment transport ports, both for
TCP as previously assigned [RFC4727] and for other transports as
defined in this document.
PExIDs are intended to be placed in network-standard byte order at
the beginning of each independent transport data payload.
For connection-oriented transport protocols, such as TCP [RFC9293],
SCTP [RFC9260], and DCCP [RFC4340], the PExID is typically sent once
for each connection at the beginning of the user transfer and echoed
upon receipt, enabling both ends to confirm the experiment for the
connection's socket pair. That socket pair is then associated with
the experiment identified by that PExID for the duration of the
connection.
For connectionless transport protocols, such as UDP [RFC768], the
PExID is typically included at the beginning of every message in
both directions.
In most cases, the PExID is sent as user data. SCTP is one
exception, because of its Payload Protocol Identifier (PPID), as
discussed further in Section 4.1. Alternately, PExID can be
confirmed during the connection or security handshake or other
transport header, as discussed in Section 4.2. In other cases, the
PExID can be transferred elsewhere in the data stream, as specified
by the user application.
Two endpoints can engage in multiple experiments using the same
experimental port number and transport protocol. In such cases,
users are expected to support demultiplexing of those different
experiments using the PExID.
Touch Expires September 15, 2025 [Page 4]
�
Internet-Draft User Ports for Experiments March 2025
4.1. SCTP and DCCP PExID Use
SCTP and DCCP connections can use self-assigned Private service
codes, which provide experimental-use identification
[RFC4340][RFC5595]. There is thus no need to use PExIDs to
differentiate experiments on the same port number. PExIDs can be
used in addition to those codes if desired, notably in developing a
single application-layer solution for multiple transport protocols.
SCTP also includes a Payload Protocol Identifier (PPID), which
identifies the information within each user message. PPIDs are
assigned on a first-come, first-served (FCFS) basis and are abundant
(2^32 codepoints), so there is no need for a separate experimental-
use PPID. The PExID differentiate shared use of the user
experimental port number and thus serves a different purpose than
the PPID; both can be used together or separately for SCTP.
Because SCTP supports multiple concurrent streams, it is useful for
experiments using PExIDs to be identified in a particular stream
before proceeding with other streams, to avoid excessive buffering.
For SCTP using only PExIDs for that purpose, users SHOULD send the
PExID ordered and reliably as the first user message using PPID of
#PPID1 in stream 0 (the default stream). Until the PExID user
message is echoed back on stream 0, user messages on stream 0 SHOULD
be sent ordered and the user SHOULD avoid transmitting user messages
on other streams. The echoed user message SHOULD use the PPID of
#PPID1 assigned for this purpose. That PExID user message MUST
contain only the PExID as a 32-bit unsigned integer in network
standard byte order.
4.2. PExID Coordination During State Negotiation
For stateful associations, the PExID can be indicated during the
initial state negotiation of the transport or security protocol. For
TCP, SCTP, DCCP, QUIC [RFC9000], these could be indicated using
parameters of the initial connection handshake, e.g, as transport
options. For UDP, a similar mechanism could be used on each packet
if UDP options are supported [TH25]. In all cases (TCP, SCTP, DCCP,
QUIC, UDP), no option type is currently assigned for this purpose.
Additionally, these options would be available only after assigned
and deployed, whereas the mechanism defined here is available
without needing any OS modification.
A similar mechanism is available within both TLS and DTLS, providing
extensions to negotiating additional security association parameters
[RFC8446][RFC9147]. In both protocols, the PExID could be sent in
ClientHello requests and echoed in ServerHello responses, although
Touch Expires September 15, 2025 [Page 5]
�
Internet-Draft User Ports for Experiments March 2025
for these protocols the extension would require two fields (because
such fields carry only 16 bits of content and two are needed for the
32-bit PExID).
In all the above cases, the details of such a mechanism are outside
the scope of this document and would require additional IANA
codepoint assignments. They are not generally anticipated because
such mechanisms are more difficult to deploy, hampering the very
experimentation this mechanism is intended to foster.
5. PExID Interactions with Other Protocols and Mechanisms
PExIDs help differentiate different uses of the same experimental
transport port number using data outside the transport header, and
thus would not be supported by existing NATs, firewalls, deep-packet
inspectors (DPIs), or service function chaining [RFC7665]. These
devices would need to be modified to detect the PExID, either at the
beginning of the connection (for connection-oriented uses) or within
each data payload (for connectionless uses).
Some methods to traverse tunnels are also affected by the use of
PExIDs. STUN uses a method similar to PExIDs in its in-band message
identifier [RFC8489]. These identifiers begin with a 32-bit field
first two bits are "00", followed by a type and length, followed by
a 32-bit 'magic number' of 0x2112A442, followed by a 96-bit
transaction identifier. PExIDs are similar to the transaction
identifier, but would occur earlier in the data stream.
The TURN mechanism for NAT traversal does not interact with use of
PExIDs [RFC8586]. The STUN mechanism can be used concurrent with
PExIDs if the PExIDs are selected where the two highest bits are
something other than "00" (as required in STUN messages). Because
not all service or protocols are intended to be used concurrent with
STUN, this restricting should not be a concern.
Some protocols use "magic bytes" to identify streams and/or
messages. PExIDs are a specific interpretation of the first for
magic bytes of each stream or message to demultiplex shared use of
the experimental transport ports, thus they would not necessarily be
compatible with other concurrent use of magic bytes.
6. Security Considerations
The creation of new ports for experiment purposes does not create
any new security considerations. At best, it potentially reduces the
use of privileged system ports for such experiments, which avoids
the associated risk of unnecessary privileged access.
Touch Expires September 15, 2025 [Page 6]
�
Internet-Draft User Ports for Experiments March 2025
Like conventional transport protocol port numbers, PExIDs can be
used for DPI to identify services and protocols. When such
information is intended to be protected or private, it can be sent
as user data inside an encrypted stream or message, e.g., as user
data in TCP/TLS or UDP/DTLS.
PExIDs are not supported by existing firewalls, DPI devices, IPsec
traffic selectors or other systems that demultiplex or identify
traffic using transport port numbers. Traffic using the same
transport port numbers would be treated the same if the PExID were
not included in the filter, which could either inadvertently admit
or deny access. Care should be taken when to avoid PExID use with
the same experimental port number when different filtering is
expected.
Experimenters are encouraged to include security in any new
experiment, regardless of port (per Section 7.4 of [RFC7605]).
7. IANA Considerations
This document hereby requests the assignment of two user ports for
experimental purposes below. IANA is asked to replace instances of
#UPORT1 and #UPORT2 throughout this document based on the actual
allocation. This paragraph is intended to be removed prior to final
publication.
This document also hereby requests the assignment of the SCTP PPID
"PEXID" for use in association with these port numbers. IANA is
asked to replace instances of #PPID1 throughout this document based
on the actual allocation. This paragraph is intended to be removed
prior to final publication.
IANA has assigned the following user ports for experiments:
Service Name USR-EXP1
Transport Protocol(s) TCP, UDP, DCCP, and SCTP
Assignee IESG
Contact IETF Chair
Description RFC[TBD-rfc]-style Experiment
Reference RFC [TBD-rfc]
Port Number #UPORT1 (requesting 1031)
Touch Expires September 15, 2025 [Page 7]
�
Internet-Draft User Ports for Experiments March 2025
Service Code none - use private use service codes
Known Unauthorized Uses none
Assignment Notes Intended for use with ExIDs only
And:
Service Name USR-EXP2
Transport Protocol(s) TCP, UDP, DCCP, and SCTP
Assignee IESG
Contact IETF Chair
Description RFC[TBD-rfc]-style Experiment
Reference RFC [TBD-rfc]
Port Number #UPORT2 (requesting 1032)
Service Code none - use private use service codes
Known Unauthorized Uses none
Assignment Notes Intended for use with ExIDs only
IANA has assigned the following SCTP Payload Protocol Identifier
(PPID) for experiments associated with these port numbers:
SCTP PPID #PPID1
This document directs IANA to create a "Port Experimental Option
Experiment Identifiers (PExIDs)" registry linked under the IANA
ports registry [SP-reg], using the same format and structure as the
TCP option ID registry [TCP-reg]. The registry records PExIDs as
32-bit unsigned integers, including a brief description, document
pointer if available, assignee name, and e-mail contact for each
entry. Once registered, PExIDs can be used with either the system
(EXP1, EXP2) or user (USR-EXP1, USR-EXP2) ports and with any
transport protocol.
Entries are assigned on a First Come, First Served (FCFS) basis
[RFC8126]. IANA will also record known duplicate uses to assist the
community in both debugging assigned uses as well as correcting
unauthorized duplicate uses.
Touch Expires September 15, 2025 [Page 8]
�
Internet-Draft User Ports for Experiments March 2025
IANA should impose no requirements on making a registration request
other than indicating the desired codepoint and providing a point of
contact. A short description or acronym for the use is desired but
not required.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4727] Fenner, B., "Experimental Values in IPv4, IPv6, ICMPv4,
ICMPv6, UDP, and TCP Headers," RFC 4727, Nov. 2026.
[RFC6994] Touch, J., "Shared Use of Experimental TCP Options," RFC
6994, Aug. 2013.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, June 2017.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, May 2017.
[RFC9260] Stewart, R. (Ed.), "Stream Control Transmission Protocol,"
RFC 9260, Sep. 2007.
8.2. Informative References
[RFC768] Postel, J., "User Datagram Protocol," STD 6, RFC 768, Aug.
1980.
[RFC791] Postel, J., "Internet Protocol," STD 5, RFC 791, Sep.
1981.
[RFC792] Postel, J., "Internet Control Message Protocol," STD 5,
RFC 792, Sep. 1981.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)," RFC 4340, March 2006.
[RFC4443] Conta, A., Deering, S., and M. Gupta, (Ed.), "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification," STD 89, RFC
4443, Mar. 2006.
Touch Expires September 15, 2025 [Page 9]
�
Internet-Draft User Ports for Experiments March 2025
[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
"Session Traversal Utilities for NAT (STUN)", RFC 5389,
October 2008.
[RFC5595] Fairhurst, G., "The Datagram Congestion Control Protocol
(DCCP) Service Codes", RFC 5595, September 2009.
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry," BCP 165, RFC
6335, Aug. 2011.
[RFC6994] Touch, J., "Shared Use of Experimental TCP Options", RFC
6994, August 2013.
[RFC7605] Touch, J., "Recommendations on Using Assigned Transport
Port Numbers," BCP 165, RFC 7605, Aug. 2015.
[RFC7665] Halpern, J., Ed., and C. Pignataro, Ed., "Service Function
Chaining (SFC) Architecture", RFC 7665, October 2015.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification," STD 86, RFC 8200, Jul. 2017.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
VerREsion 1.3", RFC 8446, Aug. 2018.
[RFC8586] Reddy, T., Ed., Johnston, A., Ed., Matthews, P., and J.
Rosenberg, "Traversal Using Relays around NAT (TURN):
Relay Extensions to Session Traversal Utilities for NAT
(STUN)", RFC 8656, February 2020,
[RFC9000] Iyengar, J., Ed., and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000, May 2021.
[RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The
Datagram Transport Layer Security (DTLS) Protocol Version
1.3", RFC 9147, April 2022.
[RFC9293] Eddy, W. (Ed.), "Transmission Control Protocol (TCP), Aug.
STD 7, RFC 9293, 2022.
[SP-reg] Service Name and Transport Protocol Port Number Registry,
https://www.iana.org/assignments/service-names-port-
numbers/service-names-port-numbers.xhtml
Touch Expires September 15, 2025 [Page 10]
�
Internet-Draft User Ports for Experiments March 2025
[TCP-reg] TCP Option ID registry,
https://www.iana.org/assignments/tcp-parameters/tcp-
parameters.xhtml#tcp-exids
[TH25] Touch, J, C. Heard (Ed.), "Transport Options for UDP",
draft-ietf-tsvwg-udp-options, Mar. 2025.
9. Acknowledgments
This document was prepared using 2-Word-v2.0.template.dot.
Authors' Addresses
Joe Touch
Manhattan Beach, CA 90266 USA
Phone: +1 (310) 560-0334
Email: touch@strayalpha.com
Touch Expires September 15, 2025 [Page 11]
�