IETF Logo Mail Archive

Re: [BEHAVE] General Comments on xlate-stateful-07

Reinaldo Penno <rpenno@juniper.net> Sun, 17 January 2010 01:59 UTC

Return-Path: <rpenno@juniper.net>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 11D8D3A6884 for <behave@core3.amsl.com>; Sat, 16 Jan 2010 17:59:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.799
X-Spam-Level:
X-Spam-Status: No, score=-6.799 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j93H9dyWdQVe for <behave@core3.amsl.com>; Sat, 16 Jan 2010 17:59:36 -0800 (PST)
Received: from exprod7og111.obsmtp.com (exprod7og111.obsmtp.com [64.18.2.175]) by core3.amsl.com (Postfix) with ESMTP id 0BCD43A67A5 for <behave@ietf.org>; Sat, 16 Jan 2010 17:59:32 -0800 (PST)
Received: from source ([66.129.224.36]) (using TLSv1) by exprod7ob111.postini.com ([64.18.6.12]) with SMTP ID DSNKS1JvADqDL3/8cQ8P2W7itz7xt8pFo1vT@postini.com; Sat, 16 Jan 2010 17:59:33 PST
Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB02-HQ.jnpr.net (172.24.192.36) with Microsoft SMTP Server (TLS) id 8.1.393.1; Sat, 16 Jan 2010 17:54:45 -0800
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Sat, 16 Jan 2010 20:54:44 -0500
From: Reinaldo Penno <rpenno@juniper.net>
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Sat, 16 Jan 2010 20:54:29 -0500
Thread-Topic: General Comments on xlate-stateful-07
Thread-Index: AcqXGAmfN7zFwZG7TuOKHmrf5Gw6Eg==
Message-ID: <AC8FCD86-5E8A-46ED-B3AC-9C7AC6F0F79E@juniper.net>
References: <C7776B85.F8A5%rpenno@juniper.net> <4B523EE4.6010208@it.uc3m.es>
In-Reply-To: <4B523EE4.6010208@it.uc3m.es>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: IETF, BEHAVE WG <behave@ietf.org>, Dave Thaler <dthaler@microsoft.com>, Dan Wing <dwing@cisco.com>
Subject: Re: [BEHAVE] General Comments on xlate-stateful-07
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2010 01:59:37 -0000

It clearly says in a)  that the idle timeout MAY be configurable. How  
will my proposed text break 5382?

It also says that only in case the NAT cannot determine if endpoints  
are alive.

Why we just then just copy REQ5 verbatim?

On Jan 16, 2010, at 14:34, "marcelo bagnulo braun"  
<marcelo@it.uc3m.es> wrote:

> Reinaldo Penno escribió:
>> Hello,
>>
>> Comment inline...
>>
>>
>>
>>>> Moreover, the ability to
>>>> configure the idle-timeout is also missing.
>>>>
>>>>
>>>>
>>> right,
>>>
>>> i have added the follwoing text in all the occureences of the the
>>> setting of the TCP session entry lifetite
>>>
>>>                    The lifetime of the TCP session table entry is  
>>> set
>>> to at least to the maximum session lifetime. The value for the  
>>> maximum
>>>                    session lifetime MAY be configurable but it  
>>> MUST not
>>> be less than TCP_EST (the
>>>                    established connection idle timeout as defined in
>>> <xref target="RFC5382"></xref>). The default value for the maximum
>>> session lifetime
>>>                    SHOULD be set to TCP_EST.
>>>
>>
>> The whole purpose to have it configurable was to be able to  
>> configure it to
>> be _less_ than TCP_EST.
>>
>>
> no, that would break REQ5 of RFC5382 that reads:
>
>   REQ-5:  If a NAT cannot determine whether the endpoints of a TCP
>      connection are active, it MAY abandon the session if it has been
>      idle for some time.  In such cases, the value of the "established
>      connection idle-timeout" MUST NOT be less than 2 hours 4 minutes.
>      The value of the "transitory connection idle-timeout" MUST NOT be
>      less than 4 minutes.
>      a) The value of the NAT idle-timeouts MAY be configurable.
>
>
>> The text above does not allow it to be set to less than TCP_EST. I  
>> suggest
>>
>> "The lifetime of the TCP session table entry is set
>> to at least to the maximum session lifetime. The value for the  
>> maximum
>> session lifetime MAY be configurable  The default value for the  
>> maximum
>> session lifetime SHOULD be set to TCP_EST."
>>
>> Tuning TCP idle timeout is widely supported and used.
>>
>>
>
> right, but the minimum value MOST NOT be less than 2 hours and 4 min
>>>
>>>> REQ-5: In the NAT64 spec the considerations on NAT throughput  
>>>> performance
>>>> due to holding session state for TCP RST and TIME_WAIT  
>>>> assassinations due to
>>>> holding session state are not discussed.
>>>>
>>>>
>>> REQ5 leaves these aspects open and so the nat64 specification. Do  
>>> you
>>> have any particualr text that you would like to cinlcude in the  
>>> nat64
>>> spec w.r.t. this?
>>>
>>
>> The exact same text (or a reference to it) found in RFC5382.
>>
>>
> could you point out what exact same text you are referring to?
>
> Regards, marcelo
>
>> Regards,
>>
>> Reinaldo
>>
>>
>>
>

v2.39.1 | Report a Bug | By Email | System Status