Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores
Anthony Kirkham <tkirkham@anthony-kirkham.com> Wed, 13 June 2012 10:58 UTC
Return-Path: <tkirkham@anthony-kirkham.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C83D521F852A for <grow@ietfa.amsl.com>; Wed, 13 Jun 2012 03:58:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_15=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsO8SxTBO9QN for <grow@ietfa.amsl.com>; Wed, 13 Jun 2012 03:58:59 -0700 (PDT)
Received: from nschwmtas05p.mx.bigpond.com (nschwmtas05p.mx.bigpond.com [61.9.189.149]) by ietfa.amsl.com (Postfix) with ESMTP id B9F8121F8474 for <grow@ietf.org>; Wed, 13 Jun 2012 03:58:58 -0700 (PDT)
Received: from nschwcmgw05p ([61.9.190.165]) by nschwmtas05p.mx.bigpond.com with ESMTP id <20120613105856.UCQW2821.nschwmtas05p.mx.bigpond.com@nschwcmgw05p>; Wed, 13 Jun 2012 10:58:56 +0000
Received: from Anthonys-MacBook-Pro.local ([123.211.150.122]) by nschwcmgw05p with BigPond Outbound id Mmyr1j0012ehmur01myt13; Wed, 13 Jun 2012 10:58:56 +0000
X-Authority-Analysis: v=2.0 cv=D4zF24tj c=1 sm=1 a=+yKKctPzAZhvBC3CJUMNgg==:17 a=_1pLAPWVdgkA:10 a=5guEdk2PV24A:10 a=Ib5BsLsVyy8A:10 a=bVeADsv9IVkA:10 a=kj9zAlcOel0A:10 a=xR3Tfk4wAAAA:8 a=J_N6KFswAAAA:8 a=48vgC7mUAAAA:8 a=pGLkceISAAAA:8 a=iSoXIPpArbcnMEQ-6CQA:9 a=CjuIK1q_8ugA:10 a=Pwbduc0PQ3sA:10 a=lZB815dzVvQA:10 a=MSl-tDqOz04A:10 a=tdsJYqgepGP4buZd:21 a=dYBJvqu5JNsmEfjc:21 a=+yKKctPzAZhvBC3CJUMNgg==:117
Message-ID: <4FD8726A.6040509@anthony-kirkham.com>
Date: Wed, 13 Jun 2012 20:58:50 +1000
From: Anthony Kirkham <tkirkham@anthony-kirkham.com>
Organization: Anthony-Kirkham.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: "Smith, Donald" <Donald.Smith@CenturyLink.com>
References: <CAL9jLabADdWCwDhBdaBJ4fVdk9a=OeJQYFQM4Z_+-P56cVWftw@mail.gmail.com> <01e301cd4580$208f3900$4001a8c0@gateway.2wire.net> <B01905DA0C7CDC478F42870679DF0F101105C4C714@qtdenexmbm24.AD.QINTRA.COM>
In-Reply-To: <B01905DA0C7CDC478F42870679DF0F101105C4C714@qtdenexmbm24.AD.QINTRA.COM>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "'grow@ietf.org'" <grow@ietf.org>, "'grow-chairs@tools.ietf.org'" <grow-chairs@tools.ietf.org>
Subject: Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: tkirkham@anthony-kirkham.com
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2012 10:58:59 -0000
Donald, Thanks for the review, I plan to do another update in the next few days, I'm just waiting to see if any further feedback arrives. A couple of specific comments: re - squat space. The intent was not to make recommendations on the practice, just to document the effects. re - 5. Unexpected interactions with some NAT implementations: What you say is exactly what I intended to illustrate. I will update the wording so its clear I'm not talking about a routing loop. Regards Tony K On 9/06/12 7:17 AM, Smith, Donald wrote: > There is a mention of "squat" space that doesn't make any recommendations as to use or not. > > I can understand not expressing an opinion on the rfc1918/private space shouldn't this state that squating is bad? > "This effect in itself is often not a problem. However, if anti- > spoofing controls are applied at network perimeters, then responses > returned from hops with private IP addresses will be dropped." > > Any rfc1918 filtering mechinisim will cause this issue not just bcp38 type anti-spoofing. > Firewalls, junipers and many platforms drop rfc1918 space but not as part of bcp38 . > BTW BCP84 ala rfc3704 is an update/addition to bcp38 you should probably add them to this reference. > > > And for consistecy I recommend using an expression such as "any rfc1918 or bogon filtering..." > > Under section 4 the author says urpf or ingress filtering. > "If the router's interface address is a > private IP address, then this ICMP reply packet may be discarded due > to uRPF or ingress filtering, thereby causing the PMTUD mechanism to > fail." > > Under > 5. Unexpected interactions with some NAT implementations > The first section works. As stated it might confuse someone but honestly unless the 4th hop also matches the 2 hop it doesn't look like a routing loop to me. It looks like rfc1918 reuse. > > > Type escape sequence to abort. > Tracing the route to 198.51.100.100 > > 1 10.1.1.2 0 msec 0 msec 0 msec > 2 198.51.100.13 0 msec 4 msec 0 msec > 3 10.1.1.2 0 msec 4 msec 0 msec<<<< > 4 198.51.100.5 4 msec 0 msec 4 msec > 5 198.51.100.1 0 msec 0 msec 0 msec > > Section 6 references rfc2827 should probably include bcp84 and rfc3704. > > Your first example of a security gap is really a no worse if you use private or public addresss but you call that out so I am ok with it. > > NIT > This: > Some applications discover the outside address of > their local CPE to determine if that address is reserver for special > use. > Should be this: > Some applications discover the outside address of > their local CPE to determine if that address is reserved for special > use. > > > When packets collide the controllers cease transmission AND wait a random time before retransmission (mostly)! > Donald.Smith@CenturyLink.com > > >> -----Original Message----- >> From: grow-bounces@ietf.org [mailto:grow-bounces@ietf.org] On Behalf Of >> t.petch >> Sent: Friday, June 08, 2012 8:06 AM >> To: Christopher Morrow; grow-chairs@tools.ietf.org; grow@ietf.org >> Subject: Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores >> >> I would like to see this published as an RFC. >> >> The only discussion I see whether or not the title of 12.2 should have >> an initial capital - I think that it should. >> >> Tom Petch >> >> ----- Original Message ----- >> From: "Christopher Morrow"<christopher.morrow@gmail.com> >> To:<grow-chairs@tools.ietf.org>;<grow@ietf.org> >> Sent: Tuesday, June 05, 2012 7:41 PM >>> Folks, >>> There's been work on the draft: >>> <http://tools.ietf.org/html/draft-ietf-grow-private-ip-sp-cores> >>> >>> I think the commenters' comments were addressed by the authors. >>> Can we move this to WGLC now and clear that 6/19/2012 (June 19, >> 2012). >>> Abstract of the draft: >>> "The purpose of this document is to provide a discussion of the >>> potential problems of using private, RFC1918, or non-globally- >>> routable addressing within the core of an SP network. The >> discussion >>> focuses on link addresses and to a small extent loopback >> addresses. >>> While many of the issues are well recognised within the ISP >>> community, there appears to be no document that collectively >>> describes the issues." >>> >>> Could there be some discussion on WGLC and we'll see about moving >>> this along to the IESG? >>> >>> -chris >>> _______________________________________________ >>> GROW mailing list >>> GROW@ietf.org >>> https://www.ietf.org/mailman/listinfo/grow >>> >> >> _______________________________________________ >> GROW mailing list >> GROW@ietf.org >> https://www.ietf.org/mailman/listinfo/grow > This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly > prohibited and may be unlawful. If you have received this communication > in error, please immediately notify the sender by reply e-mail and destroy > all copies of the communication and any attachments. > _______________________________________________ > GROW mailing list > GROW@ietf.org > https://www.ietf.org/mailman/listinfo/grow > > --
- [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… t.petch
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Nick Hilliard
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Warren Kumari
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Smith, Donald
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… George, Wes
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Shishio Tsuchiya
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Anthony Kirkham
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Tony Tauber
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Smith, Donald
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Smith, Donald
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Anthony Kirkham
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Jeffrey Haas
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Anthony Kirkham
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Anthony Kirkham