IETF Logo Mail Archive

Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores

"Smith, Donald" <Donald.Smith@CenturyLink.com> Fri, 08 June 2012 21:17 UTC

Return-Path: <Donald.Smith@CenturyLink.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF4811E81A4 for <grow@ietfa.amsl.com>; Fri, 8 Jun 2012 14:17:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.149
X-Spam-Level:
X-Spam-Status: No, score=-2.149 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, J_CHICKENPOX_15=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HoEuQyVRg58s for <grow@ietfa.amsl.com>; Fri, 8 Jun 2012 14:17:56 -0700 (PDT)
Received: from suomp64i.qwest.com (suomp64i.qwest.com [155.70.16.237]) by ietfa.amsl.com (Postfix) with ESMTP id 90D0F11E81A3 for <grow@ietf.org>; Fri, 8 Jun 2012 14:17:56 -0700 (PDT)
Received: from lxomavmpc030.qintra.com (lxomavmpc030.qintra.com [151.117.207.30]) by suomp64i.qwest.com (8.14.4/8.14.4) with ESMTP id q58LHqd2022372 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 8 Jun 2012 16:17:53 -0500 (CDT)
Received: from lxomavmpc030.qintra.com (unknown [127.0.0.1]) by IMSA (Postfix) with ESMTP id C24E01E006F; Fri, 8 Jun 2012 16:17:47 -0500 (CDT)
Received: from suomp60i.qintra.com (unknown [10.6.10.61]) by lxomavmpc030.qintra.com (Postfix) with ESMTP id A5E481E0049; Fri, 8 Jun 2012 16:17:47 -0500 (CDT)
Received: from suomp60i.qintra.com (localhost [127.0.0.1]) by suomp60i.qintra.com (8.14.4/8.14.4) with ESMTP id q58LHlW4003604; Fri, 8 Jun 2012 16:17:47 -0500 (CDT)
Received: from qtdenexhtm22.AD.QINTRA.COM (qtdenexhtm22.ad.qintra.com [151.119.91.231]) by suomp60i.qintra.com (8.14.4/8.14.4) with ESMTP id q58LHkCd003591 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Fri, 8 Jun 2012 16:17:46 -0500 (CDT)
Received: from qtdenexmbm24.AD.QINTRA.COM ([151.119.91.226]) by qtdenexhtm22.AD.QINTRA.COM ([151.119.91.231]) with mapi; Fri, 8 Jun 2012 15:17:46 -0600
From: "Smith, Donald" <Donald.Smith@CenturyLink.com>
To: "'t.petch'" <ietfc@btconnect.com>, 'Christopher Morrow' <christopher.morrow@gmail.com>, "'grow-chairs@tools.ietf.org'" <grow-chairs@tools.ietf.org>, "'grow@ietf.org'" <grow@ietf.org>
Date: Fri, 08 Jun 2012 15:17:45 -0600
Thread-Topic: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores
Thread-Index: Ac1FgJ6vgtEZ35ZmSaqKaQwu8OLjdQACC/Wg
Message-ID: <B01905DA0C7CDC478F42870679DF0F101105C4C714@qtdenexmbm24.AD.QINTRA.COM>
References: <CAL9jLabADdWCwDhBdaBJ4fVdk9a=OeJQYFQM4Z_+-P56cVWftw@mail.gmail.com> <01e301cd4580$208f3900$4001a8c0@gateway.2wire.net>
In-Reply-To: <01e301cd4580$208f3900$4001a8c0@gateway.2wire.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2012 21:17:57 -0000

There is a mention of "squat" space that doesn't make any recommendations as to use or not.

I can understand not expressing an opinion on the rfc1918/private space shouldn't this state that squating is bad?
"This effect in itself is often not a problem.  However, if anti-
   spoofing controls are applied at network perimeters, then responses
   returned from hops with private IP addresses will be dropped."

Any rfc1918 filtering mechinisim will cause this issue not just bcp38 type anti-spoofing.
Firewalls, junipers and many platforms drop rfc1918 space but not as part of bcp38 .
BTW BCP84 ala rfc3704 is an update/addition to bcp38 you should probably add them to this reference.


And for consistecy I recommend using an expression such as "any rfc1918 or bogon filtering..."

Under section 4 the author says urpf or ingress filtering.
"If the router's interface address is a
   private IP address, then this ICMP reply packet may be discarded due
   to uRPF or ingress filtering, thereby causing the PMTUD mechanism to
   fail."

Under
5. Unexpected interactions with some NAT implementations
The first section works. As stated it might confuse someone but honestly unless the 4th hop also matches the 2 hop it doesn't look like a routing loop to me. It looks like rfc1918 reuse.


Type escape sequence to abort.
   Tracing the route to 198.51.100.100

     1 10.1.1.2 0 msec 0 msec 0 msec
     2 198.51.100.13 0 msec 4 msec 0 msec
     3 10.1.1.2 0 msec 4 msec 0 msec        <<<<
     4 198.51.100.5 4 msec 0 msec 4 msec
     5 198.51.100.1 0 msec 0 msec 0 msec

Section 6 references rfc2827 should probably include bcp84 and rfc3704.

Your first example of a security gap is really a no worse if you use private or public addresss but you call that out so I am ok with it.

NIT
This:
Some applications discover the outside address of
   their local CPE to determine if that address is reserver for special
   use.
Should be this:
Some applications discover the outside address of
   their local CPE to determine if that address is reserved for special
   use.


When packets collide the controllers cease transmission AND wait a random time before retransmission (mostly)!
Donald.Smith@CenturyLink.com


> -----Original Message-----
> From: grow-bounces@ietf.org [mailto:grow-bounces@ietf.org] On Behalf Of
> t.petch
> Sent: Friday, June 08, 2012 8:06 AM
> To: Christopher Morrow; grow-chairs@tools.ietf.org; grow@ietf.org
> Subject: Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores
>
> I would like to see this published as an RFC.
>
> The only discussion I see whether or not the title of 12.2 should have
> an initial capital - I think that it should.
>
> Tom Petch
>
> ----- Original Message -----
> From: "Christopher Morrow" <christopher.morrow@gmail.com>
> To: <grow-chairs@tools.ietf.org>; <grow@ietf.org>
> Sent: Tuesday, June 05, 2012 7:41 PM
> > Folks,
> > There's been work on the draft:
> >    <http://tools.ietf.org/html/draft-ietf-grow-private-ip-sp-cores>
> >
> > I think the commenters' comments were addressed by the authors.
> > Can we move this to WGLC now and clear that 6/19/2012 (June 19,
> 2012).
> >
> > Abstract of the draft:
> >   "The purpose of this document is to provide a discussion of the
> >    potential problems of using private, RFC1918, or non-globally-
> >    routable addressing within the core of an SP network.  The
> discussion
> >    focuses on link addresses and to a small extent loopback
> addresses.
> >    While many of the issues are well recognised within the ISP
> >    community, there appears to be no document that collectively
> >    describes the issues."
> >
> > Could there be some discussion on WGLC and  we'll see about  moving
> > this along to the IESG?
> >
> > -chris
> > _______________________________________________
> > GROW mailing list
> > GROW@ietf.org
> > https://www.ietf.org/mailman/listinfo/grow
> >
>
>
> _______________________________________________
> GROW mailing list
> GROW@ietf.org
> https://www.ietf.org/mailman/listinfo/grow

This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

v2.23.0 | Report a Bug | By Email