Re: [apps-discuss] APPSDIR review of draft-ietf-behave-64-analysis-05
<mohamed.boucadair@orange.com> Fri, 17 February 2012 06:51 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B32B21F8895; Thu, 16 Feb 2012 22:51:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.181
X-Spam-Level:
X-Spam-Status: No, score=-2.181 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svQlhriSaY9T; Thu, 16 Feb 2012 22:51:47 -0800 (PST)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) by ietfa.amsl.com (Postfix) with ESMTP id 48A2D21F8894; Thu, 16 Feb 2012 22:51:47 -0800 (PST)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm11.si.francetelecom.fr (ESMTP service) with ESMTP id 0C1F13B41EB; Fri, 17 Feb 2012 07:51:46 +0100 (CET)
Received: from PUEXCH41.nanterre.francetelecom.fr (unknown [10.101.44.30]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id E51C323804B; Fri, 17 Feb 2012 07:51:45 +0100 (CET)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.12]) by PUEXCH41.nanterre.francetelecom.fr ([10.101.44.30]) with mapi; Fri, 17 Feb 2012 07:51:45 +0100
From: mohamed.boucadair@orange.com
To: S Moonesamy <sm+ietf@elandsys.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "draft-ietf-behave-64-analysis.all@tools.ietf.org" <draft-ietf-behave-64-analysis.all@tools.ietf.org>
Date: Fri, 17 Feb 2012 07:51:44 +0100
Thread-Topic: APPSDIR review of draft-ietf-behave-64-analysis-05
Thread-Index: Aczs4/xoDCy4yfCrSsOUceIUrZ8WrgAWewGg
Message-ID: <94C682931C08B048B7A8645303FDC9F35D8868D387@PUEXCB1B.nanterre.francetelecom.fr>
References: <6.2.5.6.2.20120216094738.08f96280@elandnews.com>
In-Reply-To: <6.2.5.6.2.20120216094738.08f96280@elandnews.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2012.2.17.61221
X-Mailman-Approved-At: Fri, 17 Feb 2012 11:59:01 -0800
Cc: "behave@ietf.org" <behave@ietf.org>
Subject: Re: [apps-discuss] APPSDIR review of draft-ietf-behave-64-analysis-05
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2012 06:51:51 -0000
Dear SM, Thank you for your review. Please see inline. Cheers, Med > -----Message d'origine----- > De : S Moonesamy [mailto:sm+ietf@elandsys.com] > Envoyé : jeudi 16 février 2012 20:48 > À : apps-discuss@ietf.org; > draft-ietf-behave-64-analysis.all@tools.ietf.org > Cc : behave@ietf.org > Objet : APPSDIR review of draft-ietf-behave-64-analysis-05 > > I have been selected as the Applications Area Directorate reviewer > for this draft (for background on appsdir, please see > http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsArea > Directorate ). > > Please resolve these comments along with any other Last Call comments > you may receive. Please wait for direction from your document > shepherd or AD before posting a new version of the draft. > > Document: draft-ietf-behave-64-analysis-05 > Title: Analysis of Stateful 64 Translation > Reviewer: S. Moonesamy > Review Date: February 16, 2012 > > Summary: This draft is almost ready for publication as an > Informational RFC. > > This draft evaluates how the new stateful translation mechanisms > avoid the problems that caused the IETF to deprecate NAT-PT. It > discusses about problems identified in RFC 4966. There is an > analysis about an application protocol (FTP) in Section > 2.2. Applications are mention in several places. I did not find any > application issues. > > Major issues: > > None. > > Minor issues: > > In Section 2.2: > > "Analysis: This is not specific to NAT64 but to all stateful > NAT flavors. The presence of single point of failures is > deployment-specific." > > Wouldn't the anchoring of flows create a single point of failure? In some deployment it can be SPOF but in others no. This depends if the a distributed NAT model is adopted, if NAT state synchronization mechanisms are enabled, etc. Do we need to clarify this in the document? > > "Actually, this is not a limitation of 64 (or even NAT-PT) but > a deployment context where shared IPv4 addresses managed by > the NAT64 are not globally reachable." > > What is meant by "shared IPv4 addresses" in this context? The IPv4 address pool used by the NAT64 to service IPv6 hosts. Several IPv6 hosts may share the same IPv4 address. Do you think this need a clarification in the document? > > In Section 2.3: > > "Application clients (e.g., VPN clients) are not aware of the > timer configured in the NAT device. For unmanaged services, a > conservative approach would be adopted by applications which > issue frequent keepalive messages to be sure that an active > mapping is still be maintained by any involved NAT64 device > even if the NAT64 complies with TCP/UDP/ICMP BEHAVE WG > specifications." > > I suggest point to the relevant IETF specifications. For what it's > worth, this draft becomes an IETF specification instead of a WG > specification once it is published as a RFC. Ok, changed to RFC4787, RFC5382 and RFC5508. > > "Address persistence can be therefore easily ensured by the > NAT64 function (which complies with BEHAVE NAT recommendations > [RFC4787][RFC5382])." > > I recommend against writing a draft from a working group perspective > unless it is meant for IETF consumption only. Sorry, but I don't understand this comment. Can you please clarify? Thanks. > > In Section 5: > > "This document does not specify any new protocol or > architecture. It > only analyzes how BEHAVE WG 64 documents mitigate > concerns raised in > [RFC4966] and which ones are still unaddressed." > > From Section 1.1, I am given to understand that there are references > to mechanisms defined in the RFCs mentioned in that section. There > isn't any mention of BEHAVE WG 64 documents. I suggest referencing > the documents. I can do but IMHO the document does not introduce new security concerns, no? > > There is a normative reference to RFC 2766, which is Historic. Moved to Informative Section. > > Nits: > > The Requirements language section is oddly placed. Fixed. > > In Section 2.3: > > "Creation of a DoS (Denial of Service)" > > That could be "Creation of a Denial of Service (DoS)". Ok. > > Some of the informative references are out of date. > > Regards, > S. Moonesamy > >
- [apps-discuss] APPSDIR review of draft-ietf-behav… S Moonesamy
- Re: [apps-discuss] APPSDIR review of draft-ietf-b… S Moonesamy
- Re: [apps-discuss] APPSDIR review of draft-ietf-b… mohamed.boucadair
- Re: [apps-discuss] APPSDIR review of draft-ietf-b… mohamed.boucadair