Re: [BEHAVE] proprietary implementation v.s standardisedprotocols//re: draft-xu-behave-nat-state-sync-00

"Dan Wing" <dwing@cisco.com> Wed, 02 December 2009 05:20 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 23BB93A68AA for <behave@core3.amsl.com>; Tue, 1 Dec 2009 21:20:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.329
X-Spam-Level:
X-Spam-Status: No, score=-6.329 tagged_above=-999 required=5 tests=[AWL=0.270, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Y5ZhGg5nVW9 for <behave@core3.amsl.com>; Tue, 1 Dec 2009 21:20:44 -0800 (PST)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id 491123A67E1 for <behave@ietf.org>; Tue, 1 Dec 2009 21:20:44 -0800 (PST)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApsEAAqIFUurRN+J/2dsb2JhbACKN7RbmCyEMQSBag
X-IronPort-AV: E=Sophos;i="4.47,327,1257120000"; d="scan'208";a="56369184"
Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-4.cisco.com with ESMTP; 02 Dec 2009 05:20:36 +0000
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id nB25KaOC010052; Wed, 2 Dec 2009 05:20:36 GMT
From: Dan Wing <dwing@cisco.com>
To: "'Joel M. Halpern'" <jmh@joelhalpern.com>, 'Cameron Byrne' <cb.list6@gmail.com>
References: <4B156B5C.7060800@viagenie.ca> <003401ca72f1$7d0d0310$d40c6f0a@china.huawei.com> <000001ca72f4$1e1a30a0$c3f0200a@cisco.com> <bcff0fba0912012037m3c24bbccyf6d9dde59299362d@mail.gmail.com> <4B15F0FC.5000509@joelhalpern.com>
Date: Tue, 01 Dec 2009 21:20:36 -0800
Message-ID: <005a01ca730f$2e1ce630$c3f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-reply-to: <4B15F0FC.5000509@joelhalpern.com>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
Thread-index: AcpzClI7Evjyrbb1SB2APNGIB81nDQABC+mw
Cc: behave@ietf.org, 'Xu Xiaohu' <xuxh@huawei.com>
Subject: Re: [BEHAVE] proprietary implementation v.s standardisedprotocols//re: draft-xu-behave-nat-state-sync-00
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 05:20:45 -0000

 

> -----Original Message-----
> From: Joel M. Halpern [mailto:jmh@joelhalpern.com] 
> Sent: Tuesday, December 01, 2009 8:46 PM
> To: Cameron Byrne
> Cc: Dan Wing; behave@ietf.org; Xu Xiaohu
> Subject: Re: [BEHAVE] proprietary implementation v.s 
> standardisedprotocols//re: draft-xu-behave-nat-state-sync-00
> 
> I believe we have agreed that we want to support the configuration of 
> multiple stateful NAT64s in a cluster sharing state (using the same 
> prefix, backing each other up / sharing load / ... ).
> 
> While it is true that one can deploy that with solutions from 
> a single 
> vendor, it seems natural and consistent with the rest of what 
> we do here 
> that we want to allow folks to build such a cluster using 
> devices from 
> different vendors.  Arguing about why an operator might or 
> might not do 
> that is a waste of time.  Some will want multiple vendors.  Some will 
> want a single vendor.  Some will want the ability to migrate to a new 
> vendor.
> 
> For the IETF therefore, the protocol for the state sharing seems a 
> sensible thing to standardize.

FWIW, I will be asking my co-chair to decide WG consensus to move 
forward with NAT synchronization.

-d


> Yours,
> Joel
> 
> Cameron Byrne wrote:
> > On Tue, Dec 1, 2009 at 6:06 PM, Dan Wing <dwing@cisco.com> wrote:
> >> ...
> >>>> * Cluster = A set of synchronized NAT64 boxes sharing a
> >>>> single Pref64::/n.
> >>> Does that mean a set of NAT64 boxes within a cluster should
> >>> be from a single
> >>> vendor? If so, how to deal with the case that some abnormal
> >>> packets cause
> >>> NAT boxes (using the same OS) within a cluster to crash
> >>> simultaneously due to a bug with that OS?
> >> The vendor fixes the bug.
> >>
> > 
> > 100% agree.  The counter to Xu Xiaohu's point is what happens when
> > vendor X sends a buggy sync update to vendor Y, and now vendor Y
> > crashes.... ok.  We traded one unlikely (but real) bad situation for
> > another unlikely but bad situation.
> > 
> > 
> >> The operational complexity of running two NATs, from two 
> different vendors, is
> >> very high:  different CLIs, different alarming/alerting 
> (e.g., SYSLOG, SNMP,
> >> per-session NAT logging), different features (e.g., IPsec 
> Passthru, SCTP),
> >> different implementation of features (e.g., TCP MSS 
> adjustment, fragmentation
> >> [timeouts?  how much memory dedicated to reassembly?  
> out-of-order packets
> >> supported?]), bandwidth and throughput (Mbps, pps),  make 
> it too hard to
> >> operate both NATs.
> > 
> > 100% agree.
> > 
> >> To my knowledge, sites do not run two different 
> implementations of DNS servers
> >> (e.g., ISC BIND and InfoBlox, or Microsoft and Unbound) 
> where both DNSs back
> >> up each other.  Like NAT, DNS needs to be rock-solid 
> reliable, and a single
> >> packet could take out a DNS server.
> >>
> >> -d
> >>
> >> _______________________________________________
> >> Behave mailing list
> >> Behave@ietf.org
> >> https://www.ietf.org/mailman/listinfo/behave
> >>
> > _______________________________________________
> > Behave mailing list
> > Behave@ietf.org
> > https://www.ietf.org/mailman/listinfo/behave
> >