IETF Logo Mail Archive

[BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draft-ietf-behave-lsn-requirements-02.txt

Reinaldo Penno <rpenno@juniper.net> Tue, 12 July 2011 14:45 UTC

Return-Path: <rpenno@juniper.net>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4692F21F8CD6 for <behave@ietfa.amsl.com>; Tue, 12 Jul 2011 07:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.542
X-Spam-Level:
X-Spam-Status: No, score=-6.542 tagged_above=-999 required=5 tests=[AWL=0.057, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rhCVx0QJKLVg for <behave@ietfa.amsl.com>; Tue, 12 Jul 2011 07:45:36 -0700 (PDT)
Received: from exprod7og104.obsmtp.com (exprod7og104.obsmtp.com [64.18.2.161]) by ietfa.amsl.com (Postfix) with ESMTP id 5A20021F8C84 for <behave@ietf.org>; Tue, 12 Jul 2011 07:45:35 -0700 (PDT)
Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob104.postini.com ([64.18.6.12]) with SMTP ID DSNKThxeDon5dKrvs8L7IvczxtQj9dNtb8MW@postini.com; Tue, 12 Jul 2011 07:45:36 PDT
Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.2.254.0; Tue, 12 Jul 2011 07:43:50 -0700
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Tue, 12 Jul 2011 10:43:50 -0400
From: Reinaldo Penno <rpenno@juniper.net>
To: Simon Perreault <simon.perreault@viagenie.ca>, "behave@ietf.org" <behave@ietf.org>
Date: Tue, 12 Jul 2011 10:43:47 -0400
Thread-Topic: REQ-7 and REQ-8 Re: [BEHAVE] I-D Action: draft-ietf-behave-lsn-requirements-02.txt
Thread-Index: Acw//u3oTup+MQDxRWySflA18HO00AAoy0qW
Message-ID: <CA41ABB3.4A3BA%rpenno@juniper.net>
In-Reply-To: <4E1B4AE0.10006@viagenie.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-Entourage/13.9.0.110114
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [BEHAVE] REQ-7 and REQ-8 Re: I-D Action: draft-ietf-behave-lsn-requirements-02.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2011 14:45:37 -0000

Hello Simon,

Thanks for the updated draft. It shows a lot of good progress.

I'm going through it and have a few questions regarding REQ-7 and REQ-8.

Given there was discussion on the list about these requirements and no
definite consensus on the wording or purpose (
http://www.ietf.org/mail-archive/web/behave/current/msg09433.html) I was
surprised to see them in the new version.

It seems we are trying to solve the address change problem in another
fashion (..."This is to prevent users from receiving unwanted traffic").

As discussed in http://www.ietf.org/id/draft-ietf-pcp-base-13.txt, section
8.7, address change already happens today and traffic is directed to another
CPE with or w/o CGN.


"  REQ-7:  When a CGN loses state (due to a crash, reboot, failover to a
           cold standby, etc.), it MUST NOT reuse the same external IP
           addresses for new dynamic mappings for at least 120 seconds.

   Justification:  This is necessary in order to prevent collisions
      between old and new mappings and sessions.  It ensures that all
      established sessions are broken instead of redirected to a
      different peer.  The previous address pool MAY of course be reused
      after a second loss of state."

If the premise is that when a CGN reboots it looses state, can you elaborate
on the use cases on how packets will be directed to a different peer in case
a CGN reboots and reuses the same NAT pool in less than 120 seconds?


"   REQ-8:  Once an external port is deallocated, it SHOULD NOT be
           reallocated to a new mapping until at least 120 seconds have
           passed.  The length of time and the maximum number of ports
           in this state SHOULD be configurable by the CGN
           administrator.

   Justification:  This is to prevent users from receiving unwanted
      traffic.  It also helps prevent against clock skew when mappings
      are logged."

Another question, when you say " The length of time and the maximum number
of ports in this state SHOULD be configurable by the CGN administrator." do
you mean it can be configured to be less than 120 seconds

Or

It can configured but it needs to be more than 120 seconds.

Thanks,

Reinaldo

On 7/11/11 12:11 PM, "Simon Perreault" <simon.perreault@viagenie.ca> wrote:

> internet-drafts@ietf.org wrote, on 07/11/2011 03:08 PM:
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories. This draft is a work item of the Behavior Engineering for
>> Hindrance Avoidance Working Group of the IETF.
>> 
>> Title           : Common requirements for Carrier Grade NAT (CGN)
>> Author(s)       : Simon Perreault
>>                           Ikuhei Yamagata
>>                           Shin Miyakawa
>>                           Akira Nakagawa
>>                           Hiroyuki Ashida
>> Filename        : draft-ietf-behave-lsn-requirements-02.txt
>> Pages           : 16
>> Date            : 2011-07-11
> 
> This revision introduces many important changes. As far as I know it addresses
> every issue that was raised.
> 
> Here's the change log:
> 
>    o  CGNs MUST support at least TCP, UDP, and ICMP.
> 
>    o  Add requirement from [I-D.ietf-intarea-ipv4-id-update].
> 
>    o  Add informative reference to
>       [I-D.ietf-intarea-shared-addressing-issues].
> 
>    o  Add requirement (SHOULD level) for a port forwarding protocol.
> 
>    o  Allow any pooling behavior on a per-application protocol basis.
> 
>    o  Adjust wording for external port allocation rate limiting.
> 
>    o  Add requirement for RFC4008 support (SHOULD level).
> 
>    o  Adjust wording for swapping address pools when rebooting.
> 
>    o  Add DSCP requirement (stolen from draft-jennings-behave-nat6).
> 
>    o  Add informative reference to
>       draft-boucadair-intarea-nat-reveal-analysis.
> 
>    o  Add requirement for hold-down pool.
> 
>    o  Change definition of CGN.
> 
>    o  Avoid usage of "device" loaded word throughout the document.
> 
>    o  Add requirement about resource exhaustion.
> 
>    o  Change title.
> 
>    o  Describe additional CGN topology where there is no NAT444.
> 
>    o  Better justification for "Paired" pool behavior.
> 
>    o  Make it clear that rate limiting allocation is for preserving CPU
>       resources
> 
>    o  Generalize the requirement for limiting the number of TCP sessions
>       per mapping so that it applies to all memory-consuming state
>       elements.
> 
>    o  Change CPE to subscriber where it applies throughout the text.
> 
>    o  Better terminology for bulk port allocation mechanisms.
> 
>    o  Explain how external address pairing works with DS-Lite.
> 
> Simon

v2.23.0 | Report a Bug | By Email