Re: [BEHAVE] review of draft-penno-behave-rfc4787-5382-5508-bis
ivan c <ivan@cacaoweb.org> Tue, 18 June 2013 16:50 UTC
Return-Path: <ivan@cacaoweb.org>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F2E621F9A5F for <behave@ietfa.amsl.com>; Tue, 18 Jun 2013 09:50:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.25
X-Spam-Level:
X-Spam-Status: No, score=-2.25 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, J_CHICKENPOX_25=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kn-jaAtfrgM9 for <behave@ietfa.amsl.com>; Tue, 18 Jun 2013 09:49:58 -0700 (PDT)
Received: from mail.cacaoweb.org (mail.cacaoweb.org [46.105.102.78]) by ietfa.amsl.com (Postfix) with ESMTP id 47E8221F9A34 for <behave@ietf.org>; Tue, 18 Jun 2013 09:49:58 -0700 (PDT)
Received: from www-data by mail.cacaoweb.org with local (Exim 4.72) (envelope-from <ivan@cacaoweb.org>) id 1Uoz7I-000526-NC for behave@ietf.org; Tue, 18 Jun 2013 18:50:48 +0200
To: Behave <behave@ietf.org>
X-PHP-Originating-Script: 0:func.inc
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Date: Tue, 18 Jun 2013 18:50:48 +0200
From: ivan c <ivan@cacaoweb.org>
Organization: cacaoweb
In-Reply-To: <51BFE896.2000006@lab.ntt.co.jp>
References: <3a724be2431cf7249b3d46cf378f85bf@cacaoweb.org> <51BFE896.2000006@lab.ntt.co.jp>
Message-ID: <1d235e99689e55aba94258ff65895f75@cacaoweb.org>
X-Sender: ivan@cacaoweb.org
User-Agent: RoundCube Webmail/0.3.1
Subject: Re: [BEHAVE] review of draft-penno-behave-rfc4787-5382-5508-bis
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ivan@cacaoweb.org
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2013 16:50:03 -0000
Hi Kengo, See my answers interleaved below. On Tue, 18 Jun 2013 13:56:54 +0900, Kengo Naito wrote: > Then, how about using 3.1.2.2 ? This alternative do not rewrite > timestamps nor ISNs. > Also, I do not intend to make 3.1.2.1 "must", this is only one of > alternatives. 3.1.2.1 will be most definitely frowned upon. Before suggesting such alternative, the benefits need to be quantified in terms of CGN resources usage. Is the TIME_WAIT state really that much of an issue for CGN resource utilization? It looks to me as a micro-optimization. Of course, this can still be suggested as a MAY in the document (as it's an interesting idea). 3.1.2.2 I was unable to fully grasp the idea and its relationship with the TIME_WAIT state, it would be nice if you could elaborate on this. 3.1.2.3 you're mangling with the TCP protocol itself, which is arguably even more intrusive than mangling with so fields in the TCP header like in 3.1.2.1 3.1.2.4 I don't think that RFC6191 is widely deployed, do you have any reference for this? > In > the draft, I meant that Port overlapping behavior can only be used when the > 5-tupple of connections are different. > So I think it is a bit different from overlapping behavior you wrote. > Does this behavior cause any bad effect? There are a few issues with the section 4. of the draft. Quoting: "This document clarifies that this port overlapping behavior can be extended to connections originating from different interal source IP:ports as long as their destinations are different. This known as EDM (Endpoint Dependent Mapping)." No, EDM, EIM, always refer to sessions originating from the *same local endpoint*. Here you are describing a "port overlapping" behavior for sessions originating from distinct endpoints. This is known as "port overloading". EDM refers to the case where we can sometimes "break" the EIM requirement, for example when we know it doesn't adversely affect the application (such as with HTTP). In your second paragraph, you clearly describe the "port overloading" behavior. Thus, I think you should drop the "port overlapping" terminology, replace it with "port overloading", and don't mention EDM (Endpoint-Dependent Mapping), which is not directly related to the topic. Port overloading does not have any bad effects. Of course, as long as the 5-tuple uniqueness is preserved by the NAT, which is a MUST in any case. However, doing aggressive port overloading generates opportunities for collisions, which must be dealt with by dropping a session or breaking the EIM requirement, which is a serious problem for UDP, but not so much for TCP. Such collision events remain rare, and it is OK to break EIM sometimes for TCP, as the application can make a retry (using a new ephemeral local port), that will most certainly work the second time. I can help you develop and improve the section 4. of the draft with you if you'd like. Regards, Ivan
- [BEHAVE] review of draft-penno-behave-rfc4787-538… ivan c
- Re: [BEHAVE] review of draft-penno-behave-rfc4787… Reinaldo Penno (repenno)
- Re: [BEHAVE] review of draft-penno-behave-rfc4787… Kengo Naito
- Re: [BEHAVE] review of draft-penno-behave-rfc4787… ivan c
- Re: [BEHAVE] review of draft-penno-behave-rfc4787… Kengo Naito
- Re: [BEHAVE] review of draft-penno-behave-rfc4787… Washam Fan