Port Control Protocol (PCP) Parameters
2012-11-21
2016-05-11
PCP Opcodes
Dan Wing, Stuart Cheshire
0-31, 127
Standards Action
32-63
Specification Required
0
ANNOUNCE
1
MAP
2
PEER
3
AUTHENTICATION
4-63
Unassigned
64-95
Reserved
96-126
Reserved for Private Use
127
Reserved
PCP Result Codes
Dan Wing, Stuart Cheshire
0-127, 255
Standards Action
128-191
Specification Required
0
SUCCESS
Success.
1
UNSUPP_VERSION
The version number at the start of the PCP Request
header is not recognized by this PCP server. This is a long
lifetime error. describes PCP version 2.
2
NOT_AUTHORIZED
The requested operation is disabled for this PCP
client, or the PCP client requested an operation that cannot be
fulfilled by the PCP server's security policy. This is a long
lifetime error.
3
MALFORMED_REQUEST
The request could not be successfully parsed.
This is a long lifetime error.
4
UNSUPP_OPCODE
Unsupported Opcode. This is a long lifetime error.
5
UNSUPP_OPTION
Unsupported Option. This error only occurs if the
Option is in the mandatory-to-process range. This is a long
lifetime error.
6
MALFORMED_OPTION
Malformed Option (e.g., appears too many times,
invalid length). This is a long lifetime error.
7
NETWORK_FAILURE
The PCP server or the device it controls are
experiencing a network failure of some sort (e.g., has not
obtained an External IP address). This is a short lifetime error.
8
NO_RESOURCES
Request is well-formed and valid, but the server has
insufficient resources to complete the requested operation at this
time. For example, the NAT device cannot create more mappings at
this time, is short of CPU cycles or memory, or is unable to
handle the request due to some other temporary condition. The
same request may succeed in the future. This is a system-wide
error, different from USER_EX_QUOTA. This can be used as a catch-
all error, should no other error message be suitable. This is a
short lifetime error.
9
UNSUPP_PROTOCOL
Unsupported transport protocol, e.g. SCTP in a
NAT that handles only UDP and TCP. This is a long lifetime error.
10
USER_EX_QUOTA
This attempt to create a new mapping would exceed
this subscriber's port quota. This is a short lifetime error.
11
CANNOT_PROVIDE_EXTERNAL
The suggested external port and/or
external address cannot be provided. This error MUST only be
returned for:
* MAP requests that included the PREFER_FAILURE Option
(normal MAP requests will return an available external port);
* MAP requests for the SCTP protocol (PREFER_FAILURE is implied);
* PEER requests.
See Section 13.2 of for processing details. The error lifetime
depends on the reason for the failure.
12
ADDRESS_MISMATCH
The source IP address of the request packet does
not match the contents of the PCP Client's IP Address field, due
to an unexpected NAT on the path between the PCP client and the
PCP-controlled NAT or firewall. This is a long lifetime error.
13
EXCESSIVE_REMOTE_PEERS
The PCP server was not able to create the
filters in this request. This result code MUST only be returned
if the MAP request contained the FILTER Option. See Section 13.3
for processing information. This is a long lifetime error.
14
INITIATION
The client includes this PCP result code in its
request to the server for authentication.
15
AUTHENTICATION_REQUIRED
This error response is sent to the
client if EAP authentication is required.
16
AUTHENTICATION_FAILED
This error response is sent to the
client if EAP authentication failed.
17
AUTHENTICATION_SUCCEEDED
This success response is sent to the
client if EAP authentication succeeded.
18
AUTHORIZATION_FAILED
This error response is sent to the client
if EAP authentication succeeded but authorization failed.
19
SESSION_TERMINATED
This PCP result code indicates to the
partner that the PA session must be terminated.
20
UNKNOWN_SESSION_ID
This error response is sent from the
PCP server if there is no known PA session associated with the
Session ID sent in the PA request or common PCP request from the
PCP client.
21
DOWNGRADE_ATTACK_DETECTED
This PCP result code indicates to
the client that the server detected a downgrade attack.
22
AUTHENTICATION_REQUEST
The server indicates to the client that
the PA message contains an EAP request.
23
AUTHENTICATION_REPLY
The client indicates to the server that
the PA message contains an EAP response.
24
THIRD_PARTY_ID_UNKNOWN
The provided identifier in a
THIRD_PARTY_ID option is unknown/unavailable to the PCP server.
This is a long lifetime error.
25
THIRD_PARTY_MISSING_OPTION
This error occurs if both
THIRD_PARTY and THIRD_PARTY_ID options are expected in a request
but one option is missing. This is a long lifetime error.
26
UNSUPP_THIRD_PARTY_ID_LENGTH
The received option length is
not supported. This is a long lifetime error.
27-191
Unassigned
192-254
Reserved for Private Use
255
Reserved
PCP Options
Dan Wing, Stuart Cheshire
Values 0-127 are mandatory to process, and 128-255 are optional to process.
0-63, 127-191, 255
Standards Action
64-95, 192-223
Specification Required
0
Reserved
1
THIRD_PARTY
Indicates the MAP or PEER request is for a host other
than the host sending the PCP Option.
MAP, PEER
16 octets
Request. May appear in response only if it
appeared in the associated request.
1
2
PREFER_FAILURE
Indicates that the PCP server should not create an
alternative mapping if the suggested external port and address
cannot be mapped.
MAP
0
Request. May appear in response only if it
appeared in the associated request.
1
3
FILTER
Specifies a filter for incoming packets.
MAP
20 octets
Request. May appear in response only if it
appeared in the associated request.
As many as fit within maximum PCP message size.
4
NONCE
See Section 5.3 of .
AUTHENTICATION
4 octets
Request and response.
1
5
AUTHENTICATION_TAG
See Section 5.4 of .
MAP, PEER, ANNOUNCE
variable
Request and response.
1
6
PA_AUTHENTICATION_TAG
See Section 5.5 of .
AUTHENTICATION
variable
Request and response.
1
7
EAP_PAYLOAD
See Section 5.6 of .
AUTHENTICATION
variable
Request and response.
1
8
PRF
See Section 5.7 of .
AUTHENTICATION
4 octets
Request and response.
As many as fit within maximum PCP message size.
9
MAC_ALGORITHM
See Section 5.8 of .
AUTHENTICATION
4 octets
Request and response.
As many as fit within maximum PCP message size.
10
SESSION_LIFETIME
See Section 5.9 of .
AUTHENTICATION
4 octets
Response.
1
11
RECEIVED_PAK
See Section 5.10 of .
AUTHENTICATION
4 octets
Request and response.
1
12
ID_INDICATOR
See Section 5.11 of .
AUTHENTICATION
variable
Response.
1
13
THIRD_PARTY_ID
Together with the THIRD_PARTY option, the
THIRD_PARTY_ID option identifies a third party
for which a request for an external IP address
and port is made.
MAP, PEER
Variable; maximum 1016 octets.
Request. May appear in response only if it
appeared in the associated request.
1
14-95
Unassigned
96-126
Reserved for Private Use
127
Reserved
128
DESCRIPTION
Used to associate a text description with a mapping.
MAP, PEER
variable, maximum 1016 octets.
Request. May appear in response only if it
appeared in the associated request.
1
129
PREFIX64
Learn the prefix used by the NAT64 to build
IPv4-converted IPv6 addresses. This is used by a host
for local address synthesis (e.g., when an IPv4 address
is present in referrals).
MAP, ANNOUNCE
variable
request, response
1 for a request. As many as fit within
the maximum PCP message size for a response.
130
PORT_SET
To map sets of ports.
MAP
5 bytes
Request and response.
1
131-191
Unassigned
192
CHECKPOINT_REQUIRED
Indicate if an entry needs to be check-pointed.
MAP, PEER
0
Request and response.
1
193-223
Unassigned
224-254
Reserved for Private Use
255
Reserved