Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores
Tony Tauber <ttauber@1-4-5.net> Wed, 13 June 2012 12:27 UTC
Return-Path: <ttauber@1-4-5.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7738B21F8593 for <grow@ietfa.amsl.com>; Wed, 13 Jun 2012 05:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.71
X-Spam-Level:
X-Spam-Status: No, score=-100.71 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CrDQK1wj84rz for <grow@ietfa.amsl.com>; Wed, 13 Jun 2012 05:27:12 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 1A73121F8534 for <grow@ietf.org>; Wed, 13 Jun 2012 05:27:12 -0700 (PDT)
Received: by obbeh20 with SMTP id eh20so974160obb.31 for <grow@ietf.org>; Wed, 13 Jun 2012 05:27:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=CzJ1XRtwhljCzvmVKiz69idcXqAL5Aul1KN6ccWb3kQ=; b=Nc180K3GS4gQtgrktatI0buelAbUAZJ0+p38KGgoQGsvFEq/VP2Wi8NU+7StOlHjR7 HCYS+a9s3a8zEJoo40al8aW/SJbKW01OXKRxACF5HDQv5ZZ0z7BmlQtcgV6d02DCJB82 06zO3aLg4+OL9a6f8kgQikmblDXg//59PDYdP3IyPS9e92lMOfVnDzoi1AA18OeouThF XFj+Bv72iC54s0Ya3C46vsxyZC3uR1aGM6rOlmuVWbrz1eJJxMDT8/5hyhcM5BjAMVvF Lz31hfvmOv5xlxfH3ChRGIoLMJyoGn8SXT4ldrCfrkcFHbJvaieNCVDoJwVKbr2gH/n8 VRjg==
MIME-Version: 1.0
Received: by 10.182.47.66 with SMTP id b2mr24334098obn.2.1339590431478; Wed, 13 Jun 2012 05:27:11 -0700 (PDT)
Received: by 10.76.124.204 with HTTP; Wed, 13 Jun 2012 05:27:11 -0700 (PDT)
X-Originating-IP: [24.104.152.66]
In-Reply-To: <4FD8726A.6040509@anthony-kirkham.com>
References: <CAL9jLabADdWCwDhBdaBJ4fVdk9a=OeJQYFQM4Z_+-P56cVWftw@mail.gmail.com> <01e301cd4580$208f3900$4001a8c0@gateway.2wire.net> <B01905DA0C7CDC478F42870679DF0F101105C4C714@qtdenexmbm24.AD.QINTRA.COM> <4FD8726A.6040509@anthony-kirkham.com>
Date: Wed, 13 Jun 2012 08:27:11 -0400
Message-ID: <CAGQUKceQo3neZB7TTvCHK9hkM41ftNJaHx4dRXsVuYjhJa+5eQ@mail.gmail.com>
From: Tony Tauber <ttauber@1-4-5.net>
To: tkirkham@anthony-kirkham.com
Content-Type: multipart/alternative; boundary="14dae93998cdd013e504c259b38e"
X-Gm-Message-State: ALoCoQmpLQVmVWZR6vkwN/E3TNQI+1sFTzMaWGkXU58cTnE+7A+8pjUqgl/z6ZZ3nf1YFOAb3S90
Cc: "grow@ietf.org" <grow@ietf.org>, "grow-chairs@tools.ietf.org" <grow-chairs@tools.ietf.org>
Subject: Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2012 12:27:13 -0000
Using squat/stolen space will mean ICMP messages from the SP core wouldn't be able to reach the legitimate address holder's network but neither would traffic of the customers of that SP. I don't believe that the same is true of "private" space; so there are actually _more_ problems with the "squat" approach. In general, big fan, support publication. Thanks, Tony T. On Wed, Jun 13, 2012 at 6:58 AM, Anthony Kirkham < tkirkham@anthony-kirkham.com> wrote: > Donald, > > Thanks for the review, I plan to do another update in the next few days, > I'm just waiting to see if any further feedback arrives. > > A couple of specific comments: > > re - squat space. The intent was not to make recommendations on the > practice, just to document the effects. > > re - 5. Unexpected interactions with some NAT implementations: What you > say is exactly what I intended to illustrate. I will update the wording so > its clear I'm not talking about a routing loop. > > Regards > Tony K > > > On 9/06/12 7:17 AM, Smith, Donald wrote: > >> There is a mention of "squat" space that doesn't make any recommendations >> as to use or not. >> >> I can understand not expressing an opinion on the rfc1918/private space >> shouldn't this state that squating is bad? >> "This effect in itself is often not a problem. However, if anti- >> spoofing controls are applied at network perimeters, then responses >> returned from hops with private IP addresses will be dropped." >> >> Any rfc1918 filtering mechinisim will cause this issue not just bcp38 >> type anti-spoofing. >> Firewalls, junipers and many platforms drop rfc1918 space but not as part >> of bcp38 . >> BTW BCP84 ala rfc3704 is an update/addition to bcp38 you should probably >> add them to this reference. >> >> >> And for consistecy I recommend using an expression such as "any rfc1918 >> or bogon filtering..." >> >> Under section 4 the author says urpf or ingress filtering. >> "If the router's interface address is a >> private IP address, then this ICMP reply packet may be discarded due >> to uRPF or ingress filtering, thereby causing the PMTUD mechanism to >> fail." >> >> Under >> 5. Unexpected interactions with some NAT implementations >> The first section works. As stated it might confuse someone but honestly >> unless the 4th hop also matches the 2 hop it doesn't look like a routing >> loop to me. It looks like rfc1918 reuse. >> >> >> Type escape sequence to abort. >> Tracing the route to 198.51.100.100 >> >> 1 10.1.1.2 0 msec 0 msec 0 msec >> 2 198.51.100.13 0 msec 4 msec 0 msec >> 3 10.1.1.2 0 msec 4 msec 0 msec<<<< >> 4 198.51.100.5 4 msec 0 msec 4 msec >> 5 198.51.100.1 0 msec 0 msec 0 msec >> >> Section 6 references rfc2827 should probably include bcp84 and rfc3704. >> >> Your first example of a security gap is really a no worse if you use >> private or public addresss but you call that out so I am ok with it. >> >> NIT >> This: >> Some applications discover the outside address of >> their local CPE to determine if that address is reserver for special >> use. >> Should be this: >> Some applications discover the outside address of >> their local CPE to determine if that address is reserved for special >> use. >> >> >> When packets collide the controllers cease transmission AND wait a random >> time before retransmission (mostly)! >> Donald.Smith@CenturyLink.com >> >> >> -----Original Message----- >>> From: grow-bounces@ietf.org [mailto:grow-bounces@ietf.org] On Behalf Of >>> t.petch >>> Sent: Friday, June 08, 2012 8:06 AM >>> To: Christopher Morrow; grow-chairs@tools.ietf.org; grow@ietf.org >>> Subject: Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-**cores >>> >>> I would like to see this published as an RFC. >>> >>> The only discussion I see whether or not the title of 12.2 should have >>> an initial capital - I think that it should. >>> >>> Tom Petch >>> >>> ----- Original Message ----- >>> From: "Christopher Morrow"<christopher.morrow@**gmail.com<christopher.morrow@gmail.com> >>> > >>> To:<grow-chairs@tools.ietf.org**>;<grow@ietf.org> >>> Sent: Tuesday, June 05, 2012 7:41 PM >>> >>>> Folks, >>>> There's been work on the draft: >>>> <http://tools.ietf.org/html/**draft-ietf-grow-private-ip-sp-**cores<http://tools.ietf.org/html/draft-ietf-grow-private-ip-sp-cores> >>>> > >>>> >>>> I think the commenters' comments were addressed by the authors. >>>> Can we move this to WGLC now and clear that 6/19/2012 (June 19, >>>> >>> 2012). >>> >>>> Abstract of the draft: >>>> "The purpose of this document is to provide a discussion of the >>>> potential problems of using private, RFC1918, or non-globally- >>>> routable addressing within the core of an SP network. The >>>> >>> discussion >>> >>>> focuses on link addresses and to a small extent loopback >>>> >>> addresses. >>> >>>> While many of the issues are well recognised within the ISP >>>> community, there appears to be no document that collectively >>>> describes the issues." >>>> >>>> Could there be some discussion on WGLC and we'll see about moving >>>> this along to the IESG? >>>> >>>> -chris >>>> ______________________________**_________________ >>>> GROW mailing list >>>> GROW@ietf.org >>>> https://www.ietf.org/mailman/**listinfo/grow<https://www.ietf.org/mailman/listinfo/grow> >>>> >>>> >>> ______________________________**_________________ >>> GROW mailing list >>> GROW@ietf.org >>> https://www.ietf.org/mailman/**listinfo/grow<https://www.ietf.org/mailman/listinfo/grow> >>> >> This communication is the property of CenturyLink and may contain >> confidential or privileged information. Unauthorized use of this >> communication is strictly >> prohibited and may be unlawful. If you have received this communication >> in error, please immediately notify the sender by reply e-mail and destroy >> all copies of the communication and any attachments. >> ______________________________**_________________ >> GROW mailing list >> GROW@ietf.org >> https://www.ietf.org/mailman/**listinfo/grow<https://www.ietf.org/mailman/listinfo/grow> >> >> >> > > -- > > > ______________________________**_________________ > GROW mailing list > GROW@ietf.org > https://www.ietf.org/mailman/**listinfo/grow<https://www.ietf.org/mailman/listinfo/grow> >
- [GROW] WGLC: draft-ietf-grow-private-ip-sp-cores Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… t.petch
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Nick Hilliard
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Warren Kumari
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Smith, Donald
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… George, Wes
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Shishio Tsuchiya
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Anthony Kirkham
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Tony Tauber
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Smith, Donald
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Smith, Donald
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Anthony Kirkham
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Jeffrey Haas
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Anthony Kirkham
- Re: [GROW] WGLC: draft-ietf-grow-private-ip-sp-co… Anthony Kirkham