IETF Logo Mail Archive

Re: [BEHAVE] A New Draft on FTP64

"Dan Wing" <dwing@cisco.com> Thu, 27 August 2009 18:10 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FE8128C1FF for <behave@core3.amsl.com>; Thu, 27 Aug 2009 11:10:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.843
X-Spam-Level:
X-Spam-Status: No, score=-4.843 tagged_above=-999 required=5 tests=[AWL=-2.028, BAYES_00=-2.599, FRT_BELOW2=2.154, RCVD_IN_DNSWL_MED=-4, SARE_PROLOSTOCK_SYM3=1.63]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fgKfrEqQgViv for <behave@core3.amsl.com>; Thu, 27 Aug 2009 11:10:06 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 1C51528C11B for <behave@ietf.org>; Thu, 27 Aug 2009 11:10:06 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqgEAFRplkqrR7PD/2dsb2JhbACLFrYxiD4BkAwFhBmBWA
X-IronPort-AV: E=Sophos;i="4.44,287,1249257600"; d="scan'208";a="186180230"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-3.cisco.com with ESMTP; 27 Aug 2009 18:10:12 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id n7RIACAv011113; Thu, 27 Aug 2009 11:10:12 -0700
Received: from dwingwxp01 ([10.32.240.197]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id n7RIAC2e022090; Thu, 27 Aug 2009 18:10:12 GMT
From: Dan Wing <dwing@cisco.com>
To: 'liu dapeng' <maxpassion@gmail.com>
References: <25e1aaa40908200659y629eb05eg5c2f269f11f07f57@mail.gmail.com> <25e1aaa40908241040kbf5cb50k904262a307f526f1@mail.gmail.com> <59B59B7F-D8E3-4414-8FB3-4EFE8F8D30B8@muada.com> <25e1aaa40908261202m371f6bf7hc912efd86c50d775@mail.gmail.com> <002001ca26b3$5edfb0c0$c5f0200a@cisco.com> <25e1aaa40908271011t72fab84fsd65b28f3469c9121@mail.gmail.com>
Date: Thu, 27 Aug 2009 11:10:12 -0700
Message-ID: <007a01ca2741$9ef7adf0$c5f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <25e1aaa40908271011t72fab84fsd65b28f3469c9121@mail.gmail.com>
Thread-Index: AconOXtg9QKxkP2VRFSORmkfQsBsGQAB993w
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=9488; t=1251396612; x=1252260612; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[BEHAVE]=20A=20New=20Draft=20on=20FTP64 |Sender:=20; bh=cslSGnlqcQUOh4u3lQYiE8u1Fdnx7nKID1fxBBd1vu0=; b=LQqRXt9PBg2/vrzoq+QeEHRwOF6q2OpzvizhnnT4f5qJPD8XYcS6MhJxLs gLqXuNB6xmLjTsn1+gKI3tMzsLILnMnhH0LL1iE/4/lYH+A1ORUl1MR+ZSHL 7IA0Ep5/Vl;
Authentication-Results: sj-dkim-3; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: behave@ietf.org
Subject: Re: [BEHAVE] A New Draft on FTP64
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2009 18:10:10 -0000

 

> -----Original Message-----
> From: liu dapeng [mailto:maxpassion@gmail.com] 
> Sent: Thursday, August 27, 2009 10:12 AM
> To: Dan Wing
> Cc: behave@ietf.org; Iljitsch van Beijnum
> Subject: Re: [BEHAVE] A New Draft on FTP64
> 
> 2009/8/27, Dan Wing <dwing@cisco.com>:
> >
> >
> >> -----Original Message-----
> >> From: behave-bounces@ietf.org
> >> [mailto:behave-bounces@ietf.org] On Behalf Of liu dapeng
> >> Sent: Wednesday, August 26, 2009 12:03 PM
> >> To: Iljitsch van Beijnum
> >> Cc: behave@ietf.org
> >> Subject: Re: [BEHAVE] A New Draft on FTP64
> >>
> >> 2009/8/25, Iljitsch van Beijnum <iljitsch@muada.com>:
> >> > On 24 aug 2009, at 19:40, liu dapeng wrote:
> >> >
> >> >> We upgrade the ftp64 draft, add some text considering the
> >> legacy FTP
> >> >> implementation and other clarification as well. Any comments are
> >> >> welcomed.
> >> >
> >> > Can you please send the new text to the list?
> >>
> >> we upgrade setion 3 and 5, bellow is the text.
> >>
> >> 3. Client considerations
> >>
> >>    It is required that all IPv6 FTP clients MUST support 
> both EPSV and
> >>    PASV command.
> >>
> >>    When the client tries to connect to a server using IPv6 
> connection,
> >>    it should use EPSV command first. If the server response
> >> that it does
> >>    not support this command or encounters an error, it 
> MUST retry with
> >>    PASV command.
> >
> > That algorithm will cause a timeout -- not an error -- with some FTP
> > servers.  For example, ftp.dell.com responds positively to EPSV but
> > does not actually allow connecting to the port indicated on the FTP
> > control channel.  Other sites, such as ftp.microsoft.com, work just
> > fine with EPSV.
> >
> > Would it be better to just try PASV first (and for the data channel,
> > the FTP client should use the IP address of the control channel,
> > ignoring what is in the PASV response) and if *that* fails it means
> > the FTP server is really listening on IPv6 and refuses to use PASV
> > and wants EPSV, so you only use EPSV after PASV returns an error?
> 
> my question is: the server is in an IPv4 network, if the PASV fails,
> why does it expect EPSV command?

I agree.  But the problem is that the IPv6 FTP client doesn't know if 
the AAAA response is 'real' or was synthesized, so the FTP client
doesn't know if the FTP server is listening on IPv4 (and thus PASV
should work) or listening on IPv6 (and thus EPSV should work).

-d



> > -d
> >
> >
> >> The server will respond to PASV command with
> >> an message
> >>    that contains an IPv4 address and port number that used for the
> >>    client to connect to. The client MUST ignores the IPv4 address
> >>    provided in the response; it should use the control 
> connection's IP
> >>    address to connect to the server to establish the data 
> connection.
> >>
> >>    This approach could not only simply the FTP client software's
> >>    implementation but also can avoid the problems caused 
> by using the
> >>    IPv4 address that included in the response message. For 
> example, if
> >>    the FTP client has a private IPv4 connection and a public IPv6
> >>    connection, if it tries to use the IPv4 connection to
> >> establish data
> >>    connection with the server, it will never success.
> >>
> >>
> >> 5. FTP ALG considerations
> >>
> >> 5.1. FTP ALG limitations
> >>
> >>    Implementing FTP ALG in the translation box may have some
> >> limitations,
> >>    such as:
> >>
> >>    1) FTP ALG may case to increase the complexity of 
> translation box,
> >>       since FTP ALG needs to understand FTP protocol and 
> translate the
> >>       application layer payload and update the header of 
> FTP control
> >>       packets.
> >>
> >>
> >> Dapeng Liu            Expires February 27, 2010            
>    [Page 4]
> >>  >
> >> Internet-Draft  IPv6 IPv4 translation FTP considerations 
> August 2009
> >>
> >>
> >>    2) For most of current Network Processor based 
> translation box, ALG
> >>       processing may cause its performance decreased
> >> significantly. The
> >>       reason is that FTP ALG processing can not take the 
> advantage of
> >>       Network Processor, which is designed and optimized for
> >> processing
> >>       regular packets (such as header translation).
> >>
> >>    3) From the evolution perspective, if the network continues to
> >>       provide support of FTP ALG all the time, the users 
> will have no
> >>       motivation to upgrade their FTP client software. If
> >> things evolve
> >>       toward this direction, the ALG function of the 
> translation box
> >>       will become more and more complex. In reality, upgrading FTP
> >>       client software is a more easy way to solve the ALG issue
> >>       compared with requiring that all the translation box to
> >> implement
> >>       FTP ALG.
> >>
> >> 5.2. Solution to avoid FTP ALG
> >>
> >>    This document suggests that the translation box which situated
> >>    between the IPv6 network and IPv4 network should not 
> implement FTP
> >>    ALG. It is depend on the client and server that comply with this
> >>    specification to avoid the FTP ALG issue.
> >>
> >>    The reason that this document does not encourage 
> translation box to
> >>    implement FTP ALG is that since the FTP ALG problem can 
> be totally
> >>    avoid by defining the behavior of the client and 
> server, it is not
> >>    necessary to implement it at all. This approach can reduce the
> >>    translation box's complexity. Also, the FTP client and server's
> >>    communication without ALG will significantly improve its
> >> performance.
> >>
> >>    For the legacy IPv6 FTP client, this document suggests that the
> >>    legacy client should behave like RFC1579 recommendation
> >> which is that
> >>    "vendors convert their FTP clients programs to use PASV 
> instead of
> >>    PORT". For IPv6 FTP client, this recommendation should be
> >> "the users
> >>    or vendors should convert their FTP clients programs to use EPSV
> >>    instead of EPRT". This can be done by configuration and do not
> >>    require upgrading of the client software for most of
> >> current IPv6 FTP
> >>    client. This solution may require that the FTP server
> >> should support
> >>    EPSV command.
> >>
> >>
> >> > A client that implements the client requirements and client
> >> > recommendations listed in 
> draft-van-beijnum-behave-ftp64-05 will be
> >> > able to successfully interoperate with any server that
> >> implements EPSV
> >> > or PASV through a stateful or stateless translator.
> >>
> >> The solution in draft-van-beijnum-behave-ftp64-05 suggests that
> >> "However, the server will respond to the PASV command with an IPv4
> >> address that the client must use to connect to for the data
> >> connection.  If the client has IPv4 reachability, it 
> SHOULD set up a
> >> data connection towards the IPv4 address." this may can not work in
> >> some cases, as   draft-liu-behave-ftp64-02 mentioned:'" 
> For example,
> >> if the FTP client has a private IPv4 connection and a public IPv6
> >> connection, if it tries to use the IPv4 connection to 
> establish data
> >> connection with the server, it will never success."
> >>
> >>
> >> Since updating an
> >> > FTP client is about the easiest possible upgrade that we could
> >> > possibly require (an FTP client doesn't need special 
> privileges and
> >> > can run as a java applet in a browser) this provides a workable
> >> > solution for most users.
> >>
> >> aggree, this is what draft-liu-behave-ftp64-02 suggested.
> >>
> >> > However, there is additional benefit in making FTP through a
> >> > translator work for users with existing implementations,
> >> which can be
> >> > accomplished by either server upgrades or an ALG.
> >>
> >> Do not you think that server upgrading may be more 
> reasonable from the
> >> evolution perspective? if the network contitue to provide 
> ALG all the
> >> time, the server will never has motivation to upgrade, 
> this will cause
> >> the ALGs in the translation box become more and more complex, since
> >> the translator will try to maintain ALGs for all the legacy
> >> implementations; and the legacy implementation never think about
> >> upgrading because they never aware the needs to upgrade. 
> this approach
> >> may be convenient for a little part of the users but is harmful for
> >> the evolution of the network.
> >>
> >> > Since at least one vendor has expressed interest in
> >> implementing such
> >> > an ALG, having standard ALG functionality is better than
> >> undefined ALG
> >> > functionality and we have the text now anyway, in my opinion it
> >> > doesn't make sense to remove the ALG text, although I'm 
> willing to
> >> > make it (even) more clear that such an ALG is optional.
> >>
> >> In my personal opioion, If the we do not recommend to implement FTP
> >> ALG, maybe we should not include any text to describe how 
> to implement
> >> it for not misleading the reader. but maybe the text of 
> ALG could be
> >> adjusted as an appendix, then there will be no contradiction.
> >> >
> >> _______________________________________________
> >> Behave mailing list
> >> Behave@ietf.org
> >> https://www.ietf.org/mailman/listinfo/behave
> >
> >

v2.23.0 | Report a Bug | By Email