[Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
Magnus Westerlund via Datatracker <noreply@ietf.org> Thu, 05 March 2020 11:08 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: hipsec@ietf.org
Delivered-To: hipsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C84E83A12BF; Thu, 5 Mar 2020 03:08:09 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Magnus Westerlund via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-hip-native-nat-traversal@ietf.org, hip-chairs@ietf.org, hipsec@ietf.org, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, gonzalo.camarillo@ericsson.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.119.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <158340648969.14566.11476213026719970345@ietfa.amsl.com>
Date: Thu, 05 Mar 2020 03:08:09 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/td6f-VjRpDxNW_SyLJPaPko_cAg>
Subject: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 11:08:10 -0000
Magnus Westerlund has entered the following ballot position for draft-ietf-hip-native-nat-traversal-30: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- So I think the below are important things that needs to be discussed before proceeding. However, I might have missed things as I didn't have time to read the whole document in detail. Several of the issues are pieces for discussion to ensure that the right thing really is done. 1. So this document recommends the usage of port 10500 as default listening port. A port registered by Ari and also used for RFC 5770. I get the impression that the port was registered separately from RFC 5770. So the port is assigned to Ari. Would Ari be willing to release the port for re-assignment to IESG control. RFC 6335 has the recommendation for ports for IETF protocols that the assignee is IESG and the contact chair@ietf.org. This to have the change control with IETF as body rather than with individuals. If Ari agrees to this, I think it would be good to have the IANA section be updated to note the re-assignment and provide the necessary information. 2. Secondly, as this solution is different from the RFC 5770 should this solution have a different service name? The reason I am asking is that it depends on how for example how an initiator determine which of the NAT traversal solution. If there is any intention to use DNS SRV for example different service name would make sense. This is primarily to verify that this has been considered. 3. So I don't quite understand what the co-existance story are for the relay having an listener on port 10500? Is that port only used for UDP/HIPv1 (RFC5770) and UDP/HIPv2 (This doc). And the listening stack can determine which version is used to determine which of the protocol is run. And the issue with multiplexing is only existing for the ports that one gathers? Can you please add a paragraph or two somewhere in the document. I think it should be referenced by the port registration update. 4. MTU impact of NAT traversal. Section 5.1 states "It is worth noting that UDP encapsulation of HIP packets reduces the Maximum Transfer Unit (MTU) size of the control plane by 12 bytes." There is also a similar text in Section 5.11: It is worth noting that UDP encapsulation of ESP reduces the MTU size of data plane by 8 bytes. I think the document needs a discussion and impact on MTU which this NAT traversal has on the HIP packets being sent. - First of all there appears to be more packet expansions happening in some cases, for example the RELAY_HMAC option expands packets on one leg. - Secondly, HIP requires IP fragementation support, however IP fragmentation through NAT is commonly not working. Thus an HIP packet being UDP encapsulated that results in packet exceeding MTU will likely end up in an MTU black hole on path. The addition of the NAT traversal encapsulation actually increases the need for MTU discovery or care in MTU handling by the HIP initiator. I think there need to be discussion of that in the document. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- May I inquire about the reasoning why this document do not obsolete RFC 5770?
- [Hipsec] Magnus Westerlund's Discuss on draft-iet… Magnus Westerlund via Datatracker
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Ari Keränen
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Magnus Westerlund
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Magnus Westerlund
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Jeff Ahrenholz
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Magnus Westerlund
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu