Re: [BEHAVE] DNS vs port overloading

ivan c <ivan@cacaoweb.org> Tue, 02 July 2013 19:33 UTC

Return-Path: <ivan@cacaoweb.org>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC82A21F9B4B for <behave@ietfa.amsl.com>; Tue, 2 Jul 2013 12:33:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t9qPSrv9zKon for <behave@ietfa.amsl.com>; Tue, 2 Jul 2013 12:33:41 -0700 (PDT)
Received: from mail.cacaoweb.org (mail.cacaoweb.org [46.105.102.78]) by ietfa.amsl.com (Postfix) with ESMTP id 9D85C21F9B44 for <behave@ietf.org>; Tue, 2 Jul 2013 12:33:41 -0700 (PDT)
Received: from www-data by mail.cacaoweb.org with local (Exim 4.72) (envelope-from <ivan@cacaoweb.org>) id 1Uu6LZ-000236-Gw; Tue, 02 Jul 2013 21:34:41 +0200
To: Simon Perreault <simon.perreault@viagenie.ca>
X-PHP-Originating-Script: 0:func.inc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Date: Tue, 02 Jul 2013 21:34:41 +0200
From: ivan c <ivan@cacaoweb.org>
Organization: cacaoweb
In-Reply-To: <51CD7B7A.8000604@viagenie.ca>
References: <CB1B483277FEC94E9B58357040EE5D02325A6E93@xmb-rcd-x15.cisco.com> <2f7dce8264c8a9a72640629502a44295@cacaoweb.org> <51C1681A.5030909@viagenie.ca> <f8741fad1af1cee094de9c59408b7425@cacaoweb.org> <51C40374.8080403@viagenie.ca> <21e25b7ae1501228a67656b2fa4bc009@cacaoweb.org> <51CAA20F.4070307@viagenie.ca> <7f35bf30538732e3953bd33bcab7a791@cacaoweb.org> <51CC444C.1030507@viagenie.ca> <20130627141434.3B0BD365EA62@drugs.dv.isc.org> <51CC4A59.8080801@viagenie.ca> <20130627143612.51ECB365ED5A@drugs.dv.isc.org> <51CC50AE.2080909@viagenie.ca> <20130627221133.4FBF936609FC@drugs.dv.isc.org> <51CD7B7A.8000604@viagenie.ca>
Message-ID: <06230d10cf8b2b57f2825dcd86bc3fd0@cacaoweb.org>
X-Sender: ivan@cacaoweb.org
User-Agent: RoundCube Webmail/0.3.1
Cc: behave@ietf.org, Mark Andrews <marka@isc.org>
Subject: Re: [BEHAVE] DNS vs port overloading
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ivan@cacaoweb.org
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 19:33:46 -0000

On Fri, 28 Jun 2013 14:03:06 +0200, Simon Perreault
<simon.perreault@viagenie.ca> wrote:
> Le 2013-06-28 00:11, Mark Andrews a écrit :
>>> Right, but, port overloading is not what kills the randomization done
by
>>> the DNS client. Non-port preserving NAT is what kills it.
>>
>> Deterministic (e.g. sequential) port assignment kills it.  Port
>> overloading kills it if not done sensibly.
> 
> Sure, but isn't all that already covered by RFC 6056?
> 
> That is, does anything still need to be said about this?
> 
> Simon

I would agree that a reference to RFC 6056 is enough.
This point is about the allocation algorithm used by the NAT.
A NAT should try to preserve port randomness, which excludes some
allocation algorithms.
This applies equally to the allocation algorithms that use port
overloading and the ones that don't.


-- 
_Ivan Chollet_