Re: [BEHAVE] General Comments on xlate-stateful-07
marcelo bagnulo braun <marcelo@it.uc3m.es> Wed, 20 January 2010 12:27 UTC
Return-Path: <marcelo@it.uc3m.es>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 581E73A6A6B for <behave@core3.amsl.com>; Wed, 20 Jan 2010 04:27:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8qkwnhJe4N+r for <behave@core3.amsl.com>; Wed, 20 Jan 2010 04:27:28 -0800 (PST)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by core3.amsl.com (Postfix) with ESMTP id E94453A69F3 for <behave@ietf.org>; Wed, 20 Jan 2010 04:27:27 -0800 (PST)
X-uc3m-safe: yes
Received: from r190-135-44-106.dialup.adsl.anteldata.net.uy (r190-135-44-106.dialup.adsl.anteldata.net.uy [190.135.44.106]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp01.uc3m.es (Postfix) with ESMTP id E366BBA79FA; Wed, 20 Jan 2010 13:27:19 +0100 (CET)
Message-ID: <4B56F6A4.106@it.uc3m.es>
Date: Wed, 20 Jan 2010 13:27:16 +0100
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Lars Eggert <lars.eggert@nokia.com>
References: <C778D938.F92A%rpenno@juniper.net> <EE8E478E-2887-4AED-94EF-C578791F51E6@nokia.com>
In-Reply-To: <EE8E478E-2887-4AED-94EF-C578791F51E6@nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.0.0.1038-17142.007
Cc: BEHAVE WG <behave@ietf.org>
Subject: Re: [BEHAVE] General Comments on xlate-stateful-07
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2010 12:27:29 -0000
Lars Eggert escribió: > Hi, > > On 2010-1-18, at 1:11, Reinaldo Penno wrote: > >> What I mean is that the sentence starts of with "In such cases...". These >> 'cases' are those when the NAT cannot determine whether the endpoints of a >> TCP connection are active, as written. >> > > right. I believe the thinking was that if you can detect whether the session is alive, you wouldn't time it out if it was, and you would of course time it out if it wasn't. > > If you cannot determine this, then the default applies (and can't be shorter than 2 hours.) > > Right My proposed way forward is: - If the NAT64 sees a FIN exchange, then it deletes the binding (after 4 min) (i.e. we are using the capability of terminating the binding earlier than the 2 hr 4 min timeout) - If the NAT64 sees a RST and no packets for 4 min, then it terminates the binding (again we are using the capability of termianting the binding earlier) - if the nat64 times out after 2 hours, it sends a probe packet and if no packet is seen after that, it terminates the session after 4 min (in this case, we do use the 2 hours and 4 min timeout) would that sounds ok to you? Regards, marcelo > Lars > > >> Therefore this first paragraph only applies to this condition. If you can >> actually determine if the NAT endpoints are alive, you do not need to follow >> this paragraph. >> >> My opinion is that we should just follow REQ-5 as stated. This is would take >> care of Bryan's proposal as well. >> >> >> >> >> On 1/17/10 4:07 AM, "marcelo bagnulo braun" <marcelo@it.uc3m.es> wrote: >> >> >>> Reinaldo Penno escribió: >>> >>>> It clearly says in a) that the idle timeout MAY be configurable. How >>>> will my proposed text break 5382? >>>> >>>> >>> THere are two conditions: >>> MUST be more than 2 hours and 4 min >>> MAY be configurable. >>> >>> So, my reading of the conditions is an AND of the two conditions, not an >>> OR. >>> Maybe someone else should comment whether they think it is an AND or an >>> OR....? >>> >>> If it is an AND, then you can configire the timer, but needs to be >>> higher than 2 hours and 4 min, in any case, as it is currently stated in >>> the draft >>> >>> It is is an OR, it is as you say, but at this point i don't interpret >>> the text as a OR >>> >>>> It also says that only in case the NAT cannot determine if endpoints >>>> are alive. >>>> >>>> >>>> >>> right, we are having a disucssion whether the nat64 should send >>> keepalives to do this, do you think it should or not? >>> >>> >>> >>> >>>> Why we just then just copy REQ5 verbatim? >>>> >>>> >>>> >>> on the light of this discussion, it seems that the current wording is >>> unclear, since you and me have different readings of it >>> >>> Regards, marcelo >>> >>> >>> >>>> On Jan 16, 2010, at 14:34, "marcelo bagnulo braun" >>>> <marcelo@it.uc3m.es> wrote: >>>> >>>> >>>> >>>>> Reinaldo Penno escribió: >>>>> >>>>> >>>>>> Hello, >>>>>> >>>>>> Comment inline... >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>> Moreover, the ability to >>>>>>>> configure the idle-timeout is also missing. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> right, >>>>>>> >>>>>>> i have added the follwoing text in all the occureences of the the >>>>>>> setting of the TCP session entry lifetite >>>>>>> >>>>>>> The lifetime of the TCP session table entry is >>>>>>> set >>>>>>> to at least to the maximum session lifetime. The value for the >>>>>>> maximum >>>>>>> session lifetime MAY be configurable but it >>>>>>> MUST not >>>>>>> be less than TCP_EST (the >>>>>>> established connection idle timeout as defined in >>>>>>> <xref target="RFC5382"></xref>). The default value for the maximum >>>>>>> session lifetime >>>>>>> SHOULD be set to TCP_EST. >>>>>>> >>>>>>> >>>>>>> >>>>>> The whole purpose to have it configurable was to be able to >>>>>> configure it to >>>>>> be _less_ than TCP_EST. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> no, that would break REQ5 of RFC5382 that reads: >>>>> >>>>> REQ-5: If a NAT cannot determine whether the endpoints of a TCP >>>>> connection are active, it MAY abandon the session if it has been >>>>> idle for some time. In such cases, the value of the "established >>>>> connection idle-timeout" MUST NOT be less than 2 hours 4 minutes. >>>>> The value of the "transitory connection idle-timeout" MUST NOT be >>>>> less than 4 minutes. >>>>> a) The value of the NAT idle-timeouts MAY be configurable. >>>>> >>>>> >>>>> >>>>> >>>>>> The text above does not allow it to be set to less than TCP_EST. I >>>>>> suggest >>>>>> >>>>>> "The lifetime of the TCP session table entry is set >>>>>> to at least to the maximum session lifetime. The value for the >>>>>> maximum >>>>>> session lifetime MAY be configurable The default value for the >>>>>> maximum >>>>>> session lifetime SHOULD be set to TCP_EST." >>>>>> >>>>>> Tuning TCP idle timeout is widely supported and used. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> right, but the minimum value MOST NOT be less than 2 hours and 4 min >>>>> >>>>> >>>>>>>> REQ-5: In the NAT64 spec the considerations on NAT throughput >>>>>>>> performance >>>>>>>> due to holding session state for TCP RST and TIME_WAIT >>>>>>>> assassinations due to >>>>>>>> holding session state are not discussed. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> REQ5 leaves these aspects open and so the nat64 specification. Do >>>>>>> you >>>>>>> have any particualr text that you would like to cinlcude in the >>>>>>> nat64 >>>>>>> spec w.r.t. this? >>>>>>> >>>>>>> >>>>>>> >>>>>> The exact same text (or a reference to it) found in RFC5382. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> could you point out what exact same text you are referring to? >>>>> >>>>> Regards, marcelo >>>>> >>>>> >>>>> >>>>>> Regards, >>>>>> >>>>>> Reinaldo >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >> _______________________________________________ >> Behave mailing list >> Behave@ietf.org >> https://www.ietf.org/mailman/listinfo/behave >> > > > ------------------------------------------------------------------------ > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf >
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 marcelo bagnulo braun
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 marcelo bagnulo braun
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 marcelo bagnulo braun
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 Lars Eggert
- Re: [BEHAVE] General Comments on xlate-stateful-07 Lars Eggert
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 marcelo bagnulo braun
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 marcelo bagnulo braun
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 marcelo bagnulo braun
- Re: [BEHAVE] General Comments on xlate-stateful-07 Reinaldo Penno
- Re: [BEHAVE] General Comments on xlate-stateful-07 WashamFan
- Re: [BEHAVE] General Comments on xlate-stateful-07 marcelo bagnulo braun
- Re: [BEHAVE] General Comments on xlate-stateful-07 WashamFan
- Re: [BEHAVE] General Comments on xlate-stateful-07 Lars Eggert
- Re: [BEHAVE] General Comments on xlate-stateful-07 Saikat Guha