Re: [BEHAVE] I-D Action: draft-ietf-behave-lsn-requirements-02.txt
Dave Thaler <dthaler@microsoft.com> Fri, 22 July 2011 01:20 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAAA721F8A4D for <behave@ietfa.amsl.com>; Thu, 21 Jul 2011 18:20:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.543
X-Spam-Level:
X-Spam-Status: No, score=-110.543 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6eF3GFXSntTu for <behave@ietfa.amsl.com>; Thu, 21 Jul 2011 18:20:10 -0700 (PDT)
Received: from smtp.microsoft.com (smtp.microsoft.com [131.107.115.214]) by ietfa.amsl.com (Postfix) with ESMTP id 91C9421F857E for <behave@ietf.org>; Thu, 21 Jul 2011 18:20:10 -0700 (PDT)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 21 Jul 2011 18:20:10 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) with Microsoft SMTP Server (TLS) id 14.1.323.2; Thu, 21 Jul 2011 18:20:10 -0700
Received: from TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.59]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi id 14.01.0289.008; Thu, 21 Jul 2011 18:20:09 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: Simon Perreault <simon.perreault@viagenie.ca>
Thread-Topic: [BEHAVE] I-D Action: draft-ietf-behave-lsn-requirements-02.txt
Thread-Index: AQHMP/6YQTbK8upp0kSJom5EBSBPPpTn8gcAgA+jvUA=
Date: Fri, 22 Jul 2011 01:20:09 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF653B175DA4@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
References: <20110711190837.10592.63452.idtracker@ietfa.amsl.com> <4E1B4AE0.10006@viagenie.ca>
In-Reply-To: <4E1B4AE0.10006@viagenie.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.43]
Content-Type: multipart/alternative; boundary="_000_9B57C850BB53634CACEC56EF4853FF653B175DA4TK5EX14MBXW601w_"
MIME-Version: 1.0
Cc: "behave@ietf.org" <behave@ietf.org>
Subject: Re: [BEHAVE] I-D Action: draft-ietf-behave-lsn-requirements-02.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2011 01:20:13 -0000
I read through the latest version and I think this is very close now.
Here's my feedback on -02:
> REQ-7: When a CGN loses state (due to a crash, reboot, failover to a
> cold standby, etc.), it MUST NOT reuse the same external IP
> addresses for new dynamic mappings for at least 120 seconds.
^^^^^^^^^
I believe REQ-7 should probably say "ports" (or "address/port pairs")
not "addresses". As long as there's no collisions between old and new
addr/port pairs, it doesn't matter whether it uses different ports for
the same address or a different address.
> REQ-9: A CGN MUST handle the IPv4 ID field of translated packets as
> described in [I-D.ietf-intarea-ipv4-id-update] section 9.
Is this really specific to a CGN? Or would it apply to *all* NATs?
The justification section implies that I-D.ietf-intarea-ipv4-id-update
section 9 already provides a justification for this being CGN specific.
It doesn't, as far as I can tell, so additional elaboration is needed
if this (or at least raising it to a MUST) is CGN specific.
> REQ-10: A CGN SHOULD support a port forwarding protocol such as the
> Port Control Protocol [I-D.ietf-pcp-base].
Wording is ambiguous. What does "support" mean? For example, if it
can be a PCP client but not a PCP server, does that pass? (it shouldn't)
Furthermore, the justification provided is insufficient in my opinion,
given that a specific protocol is not even recommended. For example,
would it be ok if someone implemented the SHOULD with some protocol
no CPE supported, or if every CGN vendor had a proprietary protocol?
Again my point is that it's ambiguous. My personal preference would be
to explicitly say that PCP server support is a SHOULD, and move pcp-base
to a normative reference.
> REQ-13: When a CGN is unable to create a mapping due to resource
> contraints or administrative restrictions (i.e. quotas)...
^^^^^^^^^^
Typo: constraints
[...]
> D. and it MUST NOT delete existing mappings in order to
> "make room" for the new one.
I don't understand why the above is a MUST NOT (especially if the old
mapping has been idle for a long time). Either provide justification
or relax this.
Section 4:
> o destination address (but see below)
> o destination port (but see below)
It's unclear whether this means a CGN MUST, SHOULD,
or MAY log dest addr/port. This document should be
clear enough for someone to write a compliance test.
In fact this entire section has no normative
requirements language :(
My personal opinion is that logging support is a
SHOULD, but dest addr/port support is only a MAY.
But I'm open to other opinions.
Section 5:
> There is a range of things a CGN can do:
Suggest s/can/MAY/
(And as it says, it's not a complete list and
I can easily imagine other algorithms that would
be better in many/most cases.)
-Dave
> -----Original Message-----
> From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On Behalf
> Of Simon Perreault
> Sent: Monday, July 11, 2011 12:11 PM
> To: behave@ietf.org
> Subject: Re: [BEHAVE] I-D Action: draft-ietf-behave-lsn-requirements-02.txt
>
> internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote, on 07/11/2011 03:08 PM:
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This draft is a work item of the Behavior Engineering for
> Hindrance Avoidance Working Group of the IETF.
> >
> > Title : Common requirements for Carrier Grade NAT (CGN)
> > Author(s) : Simon Perreault
> > Ikuhei Yamagata
> > Shin Miyakawa
> > Akira Nakagawa
> > Hiroyuki Ashida
> > Filename : draft-ietf-behave-lsn-requirements-02.txt
> > Pages : 16
> > Date : 2011-07-11
>
> This revision introduces many important changes. As far as I know it
> addresses every issue that was raised.
>
> Here's the change log:
>
> o CGNs MUST support at least TCP, UDP, and ICMP.
>
> o Add requirement from [I-D.ietf-intarea-ipv4-id-update].
>
> o Add informative reference to
> [I-D.ietf-intarea-shared-addressing-issues].
>
> o Add requirement (SHOULD level) for a port forwarding protocol.
>
> o Allow any pooling behavior on a per-application protocol basis.
>
> o Adjust wording for external port allocation rate limiting.
>
> o Add requirement for RFC4008 support (SHOULD level).
>
> o Adjust wording for swapping address pools when rebooting.
>
> o Add DSCP requirement (stolen from draft-jennings-behave-nat6).
>
> o Add informative reference to
> draft-boucadair-intarea-nat-reveal-analysis.
>
> o Add requirement for hold-down pool.
>
> o Change definition of CGN.
>
> o Avoid usage of "device" loaded word throughout the document.
>
> o Add requirement about resource exhaustion.
>
> o Change title.
>
> o Describe additional CGN topology where there is no NAT444.
>
> o Better justification for "Paired" pool behavior.
>
> o Make it clear that rate limiting allocation is for preserving CPU
> resources
>
> o Generalize the requirement for limiting the number of TCP sessions
> per mapping so that it applies to all memory-consuming state
> elements.
>
> o Change CPE to subscriber where it applies throughout the text.
>
> o Better terminology for bulk port allocation mechanisms.
>
> o Explain how external address pairing works with DS-Lite.
>
> Simon
> --
> DTN made easy, lean, and smart --> http://postellation.viagenie.ca
> NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca
> STUN/TURN server --> http://numb.viagenie.ca
> _______________________________________________
> Behave mailing list
> Behave@ietf.org<mailto:Behave@ietf.org>
> https://www.ietf.org/mailman/listinfo/behave
- [BEHAVE] I-D Action: draft-ietf-behave-lsn-requir… internet-drafts
- Re: [BEHAVE] I-D Action: draft-ietf-behave-lsn-re… Simon Perreault
- [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draft-ie… Reinaldo Penno
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Simon Perreault
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Reinaldo Penno
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Simon Perreault
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Reinaldo Penno
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Simon Perreault
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Reinaldo Penno
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Simon Perreault
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Reinaldo Penno
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Simon Perreault
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Reinaldo Penno
- Re: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draf… Simon Perreault
- Re: [BEHAVE] I-D Action: draft-ietf-behave-lsn-re… Dave Thaler
- Re: [BEHAVE] I-D Action: draft-ietf-behave-lsn-re… Simon Perreault
- Re: [BEHAVE] I-D Action: draft-ietf-behave-lsn-re… Mikael Abrahamsson