IETF Logo Mail Archive

Re: [grobj] NATs and scope

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 19 November 2009 21:51 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: grobj@core3.amsl.com
Delivered-To: grobj@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8B5413A69BE for <grobj@core3.amsl.com>; Thu, 19 Nov 2009 13:51:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CaLUqKOgYgsD for <grobj@core3.amsl.com>; Thu, 19 Nov 2009 13:51:32 -0800 (PST)
Received: from mail-pz0-f176.google.com (mail-pz0-f176.google.com [209.85.222.176]) by core3.amsl.com (Postfix) with ESMTP id B66223A699E for <grobj@ietf.org>; Thu, 19 Nov 2009 13:51:32 -0800 (PST)
Received: by pzk6 with SMTP id 6so1806956pzk.29 for <grobj@ietf.org>; Thu, 19 Nov 2009 13:51:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=FOUrUy8q1atJ6FZ2bHrK/rvLFYQuDxqksTpvmRgMCPw=; b=maMbUpL+WCgtyHzq8zdAXNWPj0ucsVhTonsEeGNb5fDUJ40EFyFXmXL7poPrQQhmOB BMpHWtcc4WwyJT16xE82tJnPwa/EdIKzpSolDqYuQSGhw7tl2g2UVg0X4NYGzJRX7oRp X8jdPUrqjtAahinTUSBfVu2lRe4ogLReKYyPw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=W7YeDCn1/5+n/i4gKwjZpumUHSBcILq0OahvFQJAWC0zHDt6b6xrANjdyLAdy+URqR iATsZdOcdbTyPOqGI7yMY9/RSBmBuatny7ibJqGgPynAkel3vqF2xGRk96yCaYRQ/xeb e7mY1z/O1f97xiXDGDDy8LYCjLieOcjW/tdS4=
Received: by 10.114.18.29 with SMTP id 29mr563152war.147.1258667487198; Thu, 19 Nov 2009 13:51:27 -0800 (PST)
Received: from ?130.216.38.124? (stf-brian.sfac.auckland.ac.nz [130.216.38.124]) by mx.google.com with ESMTPS id 21sm572433pzk.3.2009.11.19.13.51.25 (version=SSLv3 cipher=RC4-MD5); Thu, 19 Nov 2009 13:51:26 -0800 (PST)
Message-ID: <4B05BDDD.1040505@gmail.com>
Date: Fri, 20 Nov 2009 10:51:25 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Simon Perreault <simon.perreault@viagenie.ca>
References: <4AFA91BF.2010808@viagenie.ca> <4AFB497D.1080901@employees.org> <4B055227.3090902@viagenie.ca> <4B05A8CD.5020804@gmail.com> <4B05B1E6.2000702@viagenie.ca>
In-Reply-To: <4B05B1E6.2000702@viagenie.ca>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: grobj@ietf.org
Subject: Re: [grobj] NATs and scope
X-BeenThere: grobj@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss Generic Referral Objects <grobj.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/grobj>, <mailto:grobj-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grobj>
List-Post: <mailto:grobj@ietf.org>
List-Help: <mailto:grobj-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grobj>, <mailto:grobj-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2009 21:51:33 -0000

On 2009-11-20 10:00, Simon Perreault wrote:
> Brian E Carpenter wrote, on 2009-11-19 15:21:
>> On 2009-11-20 03:11, Simon Perreault wrote:
>>
>>> - The "scope" of an address (I'm still not fully understanding the concept) does
>>> not guarantee that that the address is reachable from anyone in that scope. For
>>> example, the address of a NAT binding (called a "reflexive transport address" in
>>> RFC5389) can be reached by a subset of peers in the NAT's scope which depends on
>>> the type of NAT (see e.g. RFC4787 for types of NATs).
>> So, given what I just said about scope (with no reference to NATs), I think
>> Simon needs to tell us what he means by "in the NAT's scope".
> 
> I meant the scope of the interface on the NAT that is usually labeled "WAN".
> That's usually Internet-scope, but it's common to have multiple layers of NAT,
> in which case the scope would be different.
> 
>> To me an address scope is a set of mutually reachable addresses, which
>> means that a NAT automatically forms (part of) the boundary of a scope.
>> I don't understand what is meant by "a subset of peers" - surely all
>> the peers behind a given NAT (more precisely, behind a given interface
>> of a given NAT) are in the same address space?
> 
> Here's an example:
> 
>    LAN --------|NAT|---- WAN
> 10.0.0.0/8             Internet
> 
> A host in the LAN initiates a UDP "connection" to the WAN. The NAT allocates a
> binding on its WAN interface, e.g. 192.0.2.1:1234. The scope of this is
> "Internet" I would presume.
> 
> For some kinds of NAT devices, any host on the Internet can reach the host on
> the LAN by sending packets to 192.0.2.1:1234.
> 
> For other kinds, only hosts to which the host in the LAN has previously talked
> using this binding can reach it.
> 
> So even if hosts are in the same scope as 192.0.2.1:1234, they may not be able
> to use it.

OK. So, in my personal view of the universe, "in scope" means reachable
directly and without translation. We need to be precise about some
of these definitions, clearly.

   Brian

v2.23.0 | Report a Bug | By Email