[apps-discuss] Apps Area Review of draft-ietf-behave-lsn-requirements-05
Eliot Lear <lear@cisco.com> Tue, 13 December 2011 18:14 UTC
Return-Path: <lear@cisco.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B684621F8AA8; Tue, 13 Dec 2011 10:14:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.935
X-Spam-Level:
X-Spam-Status: No, score=-109.935 tagged_above=-999 required=5 tests=[AWL=0.663, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ayn9QYhXBoxL; Tue, 13 Dec 2011 10:14:32 -0800 (PST)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id EA66B21F85A1; Tue, 13 Dec 2011 10:14:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=lear@cisco.com; l=8693; q=dns/txt; s=iport; t=1323800072; x=1325009672; h=message-id:date:from:mime-version:to:subject; bh=CLLUnySMrRh++45OVJKzfG60ywpH0Rid3wW5DsQ2fG0=; b=ie8VJO60vEXKZOqyqYCPW1A/1PxCVZb2yrJC2cXrvsdMoZq3lg3/KLiW u38UCKPE/Hvsj/RphmKHrFOK1BocjsliAFHYAju1ZmyiZ/1XqD4yKKeOK 93TZX/hWLRAErZA94BKBRdQH2w6ft5JcVOsLuHLAakzpyzr0AQAj+uSN4 U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhoFABSV506Q/khL/2dsb2JhbABDhQedeAGIJYEFgXIBAQEDEwEQJB4CFyoNIQIRAkwBDAgBAR6HWgiXNwGMW4NejW2KTYEWBJRxkio
X-IronPort-AV: E=Sophos; i="4.71,347,1320624000"; d="scan'208,217"; a="123638062"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-1.cisco.com with ESMTP; 13 Dec 2011 18:14:30 +0000
Received: from dhcp-10-55-84-59.cisco.com (dhcp-10-55-84-59.cisco.com [10.55.84.59]) by ams-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id pBDIEUTB026363; Tue, 13 Dec 2011 18:14:30 GMT
Message-ID: <4EE79606.30704@cisco.com>
Date: Tue, 13 Dec 2011 19:14:30 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: draft-ietf-behave-lsn-requirements.all@tools.ietf.org, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, 'IESG' <iesg@ietf.org>
X-Enigmail-Version: 1.3.4
Content-Type: multipart/alternative; boundary="------------010406000705020403050701"
Subject: [apps-discuss] Apps Area Review of draft-ietf-behave-lsn-requirements-05
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2011 18:14:33 -0000
Greetings draft authors! I have been selected as the Applications Area Directorate reviewer for this draft (for background on appsdir, please see http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate). Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-behave-lsn-requirements-05 Title: Common requirements for Carrier Grade NATs (CGNs) Reviewer: Eliot Lear Review Date: 13 Dec. 2011 This proposed BCP specifies requirements for Carrier Grade NATs. In my opinion, there are several major issues and several questions should be answered before this draft is progressed. *Major issues* The following text needs substantial work. > Readers should be aware of potential issues that may arise when > sharing a public address between many subscribers. See [RFC6269 <http://tools.ietf.org/html/rfc6269>] for > details. As such, the caution listed above seems extremely weak. There is *no way* to safeguard applications 100% against the problems of CGNs, just as there was no way to safeguard applications from NATs. CGNs introduce a new level of problems, which you reference, but this must be said. I am not asking for you to go into a whole rant on CGNs, but "issues" reminds me of "obviously, there's been a major malfunction". * Req1: Whither SCTP? At the very least someone should say something about why SCTP is NOT on the list. Moreover, your logic in this requirement to me doesn't hold. There is a substantial difference between a NAT within an administrative domain that can be managed by the subscriber, and one that realistically cannot be. Therefore, the requirements upon CGNs should be *stronger*. Of course this should be balanced by other considerations, such as keeping the Internet growing, but the logic needs to be exposed. For instance, it may not be possible to safeguard certain IPSEC deployments. * Req10: §14.1.1 of draft-ietf-pcp-base-16 states that failure to segment of traffic opens attacks. Why was a requirement not added to address this? * Req13: Question; if destination addresses and ports are not logged, is there sufficient information to determine a UNIQUE mapping necessary for LI purposes? Put another way, is the mapping a 3-tuple or a 5-tuple? * This requirements document should be reviewed by game developers to get their PoV. As I understand it, they don't do pcp, but more uPnP, ice & stun. Perhaps that's just a timing thing. *Minor issues* * I understand that traditional telcos might not be the only ones to offer CGN, the definition of a CGN seems strained, particulary as when relates to "administrative entity". This may be in part due to the expansion of scope of what is trying to be solved. I have no great suggestion for you here. *Nits* * Yes, there is a terminology section, but NAT un-NATing, and ISPs are not properly defined in their first use in the Introduction. * In Figure 1 it may be useful to show IP addresses. *Very very very nitty (can largely be ignored)* * Something odd going on with your reference to RFC5382 on tools.ietf.org– no link. Check source and maybe check with the IETF tools people.
- [apps-discuss] Apps Area Review of draft-ietf-beh… Eliot Lear
- Re: [apps-discuss] Apps Area Review of draft-ietf… Simon Perreault
- Re: [apps-discuss] Apps Area Review of draft-ietf… Simon Perreault
- Re: [apps-discuss] Apps Area Review of draft-ietf… Dave Thaler
- Re: [apps-discuss] Apps Area Review of draft-ietf… Eliot Lear
- Re: [apps-discuss] Apps Area Review of draft-ietf… Simon Perreault
- Re: [apps-discuss] Apps Area Review of draft-ietf… Eliot Lear
- Re: [apps-discuss] Apps Area Review of draft-ietf… Eliot Lear
- Re: [apps-discuss] Apps Area Review of draft-ietf… Shin Miyakawa
- Re: [apps-discuss] Apps Area Review of draft-ietf… Shin Miyakawa