Network Working Group | I.B.C. Baz Castillo |
Internet-Draft | XtraTelecom S.A. |
Intended status: Standards Track | April 14, 2011 |
Expires: October 16, 2011 |
DNS SRV Resource Records for the WebSocket Protocol
draft-ibc-websocket-dns-srv-02
This document specifies the usage of DNS SRV resource records by WebSocket clients when resolving a "ws:" or "wss:" Uniform Resource Identifier (URI). The DNS SRV mechanism confers load-balancing and failover capabilities for WebSocket service providers.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 16, 2011.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
DNS SRV [RFC2782] is widely implemented in realtime communication protocols as SIP [RFC3261] and XMPP [RFC6120]. In both protocols the clients perform a DNS SRV query to get a list of connection addresses (pairs of IP address and port) for the given domain. The administrator of the domain can configure its DNS SRV records in a way that they provide automatic load-balancing along with redundancy/failover capability.
DNS SRV mechanism facilitates network applications scalability without requiring an intermediary node distributing the traffic in load-balancing or failover fashion. Instead, DNS SRV mechanism just requires a proper DNS setup.
By introducing DNS SRV records into WebSocket protocol [I-D.ietf-hybi-thewebsocketprotocol], WebSocket providers can, optionally, take same advantages and provide scalable services with a minimal infrastructure.
This specification mandates the usage of DNS SRV resource records by WebSocket clients when resolving a "ws:" or "wss:" URI [RFC3986], but still leaves the decision of using SRV records up to the service administrator.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
This specification mandates the implementation of DNS SRV [RFC2782] in WebSocket [I-D.ietf-hybi-thewebsocketprotocol] clients (usually web browsers). Said that, WebSocket clients MUST implement this specification.
The client application (usually JavaScript code executed by the web browser) is not aware of the mechanism described in this document which is fully transparent for web developers and JavaScript developers. This is, the client application (usually JavaScript code) does not deal with DNS SRV resolution but just passes the given "ws:" or "wss:" URI to the WebSocket client which MUST perform steps in Section 4.
It is up to the system administrator whether to set, or not, DNS SRV resource records for the WebSocket protocol within the provided service. This specification allows the system administrator to use the DNS SRV [RFC2782] mechanism to improve the service reliability by providing load-balancing and failover capabilities, but does not mandate it (the system administrator could choose whichever scalability strategy).
DNS SRV lookup just applies when the host component of a WebSocket URI [RFC3986] is a domain and the URI does not contain an explicit port. If this is not the case, the WebSocket client MUST attempt the fallback process described in Section 4.2.
To clarify it, a WebSocket URI like "ws://example.org/myservice" requires the client to perform SRV resolution while "ws://example.org:80/myservice" does not (as the port is explicitly present in the URI).
Given a WebSocket URI ("ws:" or "wss:") in which the host component is a domain ("example.org") and the port is not present, the WebSocket client MUST perform the following steps:
The resulting query looks like "_ws._tcp.example.org".
The resulting query looks like "_wss._tcp.example.org".
When the client constructs the WebSocket handshake HTTP request, the URI MUST be set as described in Section 3.2 of [I-D.ietf-hybi-thewebsocketprotocol] regardless of the usage of SRV mechanism. This is, DNS SRV resolution for a "ws:" or "wss:" URI does not alter the usual construction of the WebSocket handshake request.
The fallback process SHOULD be a normal A or AAAA address record resolution to determine the IPv4 or IPv6 address of the URI host component (or URI host value without DNS resolution if it contains an IP address).
The server connection port is obtained as stated in Section 3.1 of [I-D.ietf-hybi-thewebsocketprotocol].
If multiple IP addresses have been obtained from a DNS A or AAAA lookup, the client MUST choose the first one and try to establish a WebSocket communication with it. In case such attempt fails because of a server failure (as defined in Section 4.4) the client MUST repeat the process for each remaining IP address.
A web browser is able to maintain persistent TCP connections with the HTTP [RFC2616] server and reuse them for sending new HTTP requests. Reusing an existing connection (when available) for WebSocket communication is a desirable behavior which just can take place when both the HTTP server and WebSocket server listen on the same IP address and port.
This section defines how to reuse an existing connection after resolving the location of the WebSocket server using the DNS SRV procedures:
A WebSocket server failure occurs if the WebSocket establishment (TCP connection and WebSocket handshake procedure) fails because of a cause listed below:
By properly configuring domain SRV records, the WebSocket service administrator can take advantage of load-balancing and failover capabilities inherent in DNS SRV [RFC2782]. Sections below show some usage cases.
$ORIGIN example.org. @ SOA dns.example.org. root.example.org. (2011040501 3600 3600 604800 86400) NS dns.example.org. _ws._tcp SRV 0 3 80 ws1.example.org. _ws._tcp SRV 0 1 90 ws2.example.org. _ws._tcp SRV 1 0 80 ws3.example.org. dns A 1.1.1.100 ws1 A 1.1.1.1 ws2 A 1.1.1.2 ws2 A 1.1.1.3
Assuming there are three hosts providing the WebSocket service for the URI "ws://example.org/myservice", the following zone file for a fictional example.org domain provides load-balancing and failover for the WebSocket traffic:
By following the steps in Section 4, 75% of WebSocket clients would choose the first server and the other 25% would choose the second server to communicate with (as both have the higest SRV priority 0 in their respective DNS SRV resource records, and the first server has a SRV weight value which triples the value of the second server).
In case the WebSocket establishment fails because of a server failure (as defined in Section 4.4), WebSocket clients would try the other one.
If the WebSocket establishment fails with both the first and second servers, WebSocket clients would then try the third server (as the priority value in its respective DNS SRV resource record is lower).
In this case a server resolving to www.example.org is used for both HTTP and WebSocket traffic, while a second server resolving to ws2.example.com is used for balancing the WebSocket traffic.
$ORIGIN example.org. @ SOA dns.example.org. root.example.org. (2011040501 3600 3600 604800 86400) NS dns.example.org. _ws._tcp SRV 0 1 80 www.example.org. _ws._tcp SRV 0 1 80 ws2.example.org. dns A 1.1.1.100 www A 1.1.1.1 ws2 A 1.1.1.2
The client (presumably a web browser) would open one or more TCP connections with www.example.org and port 80 for the usual HTTP communication. As the retrieved data contains a WebSocket URI "ws://example.org/myservice" the client would also initialize a WebSocket communication so would perform steps in Section 4.
Such DNS resolution would return two DNS SRV resource records (the first one with www.example.org as domain target and the second one with ws2.example.org as domain target), both of them with same priority and weight attributes.
As per target selection rules in [RFC2782] it is expected that half of the clients would choose www.example.org domain target and port 80 as the WebSocket communication address so they MAY reuse an existing TCP connection previously opened rather than creating a new one.
Any Internet protocol offering DNS SRV resource records for locating servers is sensitive to security issues described in [I-D.barnes-hard-problem]. Usage of DNS security extensions (DNSSEC) as described in [RFC4033] is recommended to mitigate the problem.
This specification registers two new SRV Service Labels:
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[RFC2782] | Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR for specifying the location of services (DNS SRV)", RFC 2782, February 2000. |
[RFC3986] | Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. |
[I-D.ietf-hybi-thewebsocketprotocol] | Fette, I, "The WebSocket protocol", Internet-Draft draft-ietf-hybi-thewebsocketprotocol-06, February 2011. |
[RFC3261] | Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. |
[RFC6120] | Saint-Andre, P., "Extensible Messaging and Presence Protocol (XMPP): Core", RFC 6120, March 2011. |
[RFC5246] | Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. |
[I-D.barnes-hard-problem] | Barnes, R and P Saint-Andre, "High Assurance Re-Direction (HARD) Problem Statement", Internet-Draft draft-barnes-hard-problem-00, July 2010. |
[RFC4033] | Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, March 2005. |
[RFC2616] | Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. |