IETF Logo Mail Archive

Re: [BEHAVE] Scalability of endpoint independent mapping

"Dan Wing" <dwing@cisco.com> Wed, 14 May 2008 16:41 UTC

Return-Path: <behave-bounces@ietf.org>
X-Original-To: behave-archive@optimus.ietf.org
Delivered-To: ietfarch-behave-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 046043A696A; Wed, 14 May 2008 09:41:22 -0700 (PDT)
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D87693A696A for <behave@core3.amsl.com>; Wed, 14 May 2008 09:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.539
X-Spam-Level:
X-Spam-Status: No, score=-6.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id agFueFvsdtSw for <behave@core3.amsl.com>; Wed, 14 May 2008 09:40:55 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 845F43A695D for <behave@ietf.org>; Wed, 14 May 2008 09:40:55 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,487,1204531200"; d="scan'208";a="98662519"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 14 May 2008 09:33:42 -0700
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m4EGXguo021003; Wed, 14 May 2008 09:33:42 -0700
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m4EGXgU7005948; Wed, 14 May 2008 16:33:42 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Iljitsch van Beijnum' <iljitsch@gmail.com>, 'Philip Matthews' <philip_matthews@magma.ca>
References: <8EC5CF03-6800-464B-8424-A196E1FA0901@muada.com> <000201c8b3b0$d74ccdd0$c3f0200a@cisco.com> <4827FA33.8020201@it.uc3m.es> <200805121249.11441.remi.denis-courmont@nokia.com> <48281927.4020708@it.uc3m.es><48286CFD.1080204@free.fr> <48287AE5.5010005@sipeerior.com><482882B7.2030806@free.fr><145B7DFA-E397-4184-8FA6-3C255078509F@muada.com><48289C15.3000102@free.fr> <4828A33E.1080700@sipeerior.com><4828ABBE.9010201@free.fr> <4828AE1B.9040901@sipeerior.com> <03C87756-203A-496A-A348-1D0FE15F60F6@gmail.com> <015801c8b50d$984b8eb0$c3f0200a@cisco.com> <8EFD78D3-46EC-4BA5-9F9A-B6F471B9C01F@gmail.com> <018601c8b511$0a83a410$c3f0200a@cisco.com> <2F594053-210D-49D6-A9C7-5245826854A1@gmail.com> <04fe01c8b531$5c086c60$c3f0200a@cisco.com> <ABFE5321-6872-4B67-ADDE-7380F8DE0AD9@gmail.com>
Date: Wed, 14 May 2008 09:33:41 -0700
Message-ID: <037601c8b5e0$4577f3d0$c3f0200a@cisco.com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <ABFE5321-6872-4B67-ADDE-7380F8DE0AD9@gmail.com>
Thread-Index: Aci1n6rMg5ogpHESQR23ZFjPkQylewAPUFyg
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2856; t=1210782822; x=1211646822; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[BEHAVE]=20Scalability=20of=20endpoint= 20independent=20mapping |Sender:=20; bh=l2ouivWRDzzqpUt45lKuxBZeAqvjjpm9+U65XSD1CzY=; b=qhuRARZFaJU/8GFsGW9qkweyx03nvj2ZOoePHfHFJuOw01PZ4cYMZVyhjC dDS9lJJsEQhJOJY7NiOaCh8ums2szTJVtQX3ric1OnBzHQAHPU9GW1WKgfeP Mj7euhjoym;
Authentication-Results: sj-dkim-2; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: behave@ietf.org
Subject: Re: [BEHAVE] Scalability of endpoint independent mapping
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: behave-bounces@ietf.org
Errors-To: behave-bounces@ietf.org

 

> -----Original Message-----
> From: Iljitsch van Beijnum [mailto:iljitsch@gmail.com] 
> Sent: Wednesday, May 14, 2008 1:51 AM
> To: Dan Wing; Philip Matthews
> Cc: behave@ietf.org
> Subject: Re: [BEHAVE] Scalability of endpoint independent mapping
> 
> On 13 mei 2008, at 21:41, Dan Wing wrote:
> 
> >> Unless I'm missing something this should actually be fairly
> >> straightforward: just STUN for TCP + endpoint independent mapping.
> 
> > STUN for TCP exists (draft-ietf-behave-rfc3489bis now specifies how
> > STUN-over-TCP works).
> 
> Excellent.
> 
> > Of course with NAT64 we could specify exactly how a NAT64 
> is supposed
> > to work and maybe bypass much of the problem that STUNT found with
> > existing NATs.
> 
> Right. The good thing here is that we're not constrained by hundreds  
> of existing implementations that all behave differently. And 
> existing  
> CPEs can't work on the v6 side of a NAT64 universe anyway, so those  
> aren't an issue at all.
> 
> I was thinking:
> 
> If an application wants to make use of endpoint independent mapping  
> behavior by the NAT, wouldn't its first packets be towards a STUN(T)  
> server? If we can detect this, providing endpoint independent 
> behavior  
> where it's needed and using endpoint dependent mappings everywhere  
> else is easy.

Someone else (Rémi Després, I believe) had proposed doing that using
port numbers.  Doing it with port numbers would also be the first time 
that TCP behavior is different for different port numbers (the port 
1024 restriction does not change the behavior of TCP itself).  But
I see (below) that you are considering DPI rather than TCP port
numbers.

Another idea floating in my head is to use STUN-over-TCP to the 
NAT64's public IP address itself, which is trivial for the NAT64
to notice.  Essentially that is what is described in 
<http://tools.ietf.org/html/draft-wing-behave-nat-control-stun-usage-05>,
which is an expired draft.

> For TCP, another option would be a TCP option in the SYN from 
> the host to the STUNT server, or in the SYN/ACK from the STUNT 
> server back to the host, this is probably easier to do than deep 
> packet inspection to determine whether a random TCP session is 
> used for STUNT.

If the NAT64-aware box at the customer premise could make the decision
(somehow; I'm not sure how it could do that yet), the NAT64-aware box
could communicate the decision to the ISP's big NAT64-box-in-the-sky
using a simple-to-see trigger like that.

Unfortunately the application and host OS (Windows, OSX) couldn't set 
that TCP bit without changes to the TCP API and the TCP stack itself 
- which means an OS upgrade or, at minimum (if the vendors are 
motivated) an OS patch.

-d

_______________________________________________
Behave mailing list
Behave@ietf.org
https://www.ietf.org/mailman/listinfo/behave

v2.23.0 | Report a Bug | By Email