IETF Logo Mail Archive

Re: [homenet] Comments requested for draft CER-ID

Michael Kloberdans <M.Kloberdans@cablelabs.com> Mon, 27 October 2014 15:53 UTC

Return-Path: <M.Kloberdans@cablelabs.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1FBE1A888E for <homenet@ietfa.amsl.com>; Mon, 27 Oct 2014 08:53:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.226
X-Spam-Level:
X-Spam-Status: No, score=0.226 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nZJdS6cd-TUJ for <homenet@ietfa.amsl.com>; Mon, 27 Oct 2014 08:53:01 -0700 (PDT)
Received: from ondar.cablelabs.com (ondar.cablelabs.com [192.160.73.61]) by ietfa.amsl.com (Postfix) with ESMTP id E11DB1A87D1 for <homenet@ietf.org>; Mon, 27 Oct 2014 08:53:00 -0700 (PDT)
Received: from kyzyl.cablelabs.com (kyzyl [10.253.0.7]) by ondar.cablelabs.com (8.14.7/8.14.7) with ESMTP id s9RFqxgc005200; Mon, 27 Oct 2014 09:53:00 -0600
Received: from exchange.cablelabs.com (10.5.0.19) by kyzyl.cablelabs.com (F-Secure/fsigk_smtp/407/kyzyl.cablelabs.com); Mon, 27 Oct 2014 09:52:59 -0600 (MDT)
X-Virus-Status: clean(F-Secure/fsigk_smtp/407/kyzyl.cablelabs.com)
Received: from EXCHANGE.cablelabs.com ([::1]) by EXCHANGE.cablelabs.com ([::1]) with mapi id 14.03.0195.001; Mon, 27 Oct 2014 09:52:59 -0600
From: Michael Kloberdans <M.Kloberdans@cablelabs.com>
To: Markus Stenberg <markus.stenberg@iki.fi>
Thread-Topic: [homenet] Comments requested for draft CER-ID
Thread-Index: AQHP8eZyBnMT2tvAoEOB5hY9+dInupxEUmmA//+rVgCAAGzQgP//rcuA
Date: Mon, 27 Oct 2014 15:52:58 +0000
Message-ID: <D073C4AF.D36F%m.kloberdans@cablelabs.com>
References: <D0739ED2.D31D%m.kloberdans@cablelabs.com> <A06B0EA0-5817-4584-9010-776FC1CE1C90@iki.fi> <D073AA38.D326%m.kloberdans@cablelabs.com> <9C9AAA6C-61E0-4BAB-9BB4-DA02B74835FD@iki.fi>
In-Reply-To: <9C9AAA6C-61E0-4BAB-9BB4-DA02B74835FD@iki.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.4.2.9]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E7A84F915DE57E4B9EF38FCC857690EE@cablelabs.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/p_DExq0uHNv25a_jXQSSOaIqaDk
Cc: "homenet@ietf.org" <homenet@ietf.org>
Subject: Re: [homenet] Comments requested for draft CER-ID
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 15:53:02 -0000

Markus,
CER-ID can apply to more than just the cable industry.  DSL modems and
satellite services can also take advantage of the benefits if we don’t
lock down the interface.  Also, some home owners may not want the natural
boundary being the Cable modem or DSL modem and this provides a way to
make that happen.

Do you still want to discuss how or why CER-ID is implemented this way?

Thank you for your comments so far.


Michael Kloberdans
Lead Architect / Home Networking     CableLabs®

858 Coal Creek Circle.  Louisville, CO. 80027
303-661-3813 (v)




On 10/27/14, 8:47 AM, "Markus Stenberg" <markus.stenberg@iki.fi> wrote:

>On 27.10.2014, at 16.17, Michael Kloberdans <m.kloberdans@cablelabs.com>
>wrote:
>> All home routers should know their role; CER or IR.  The status of CER
>> places the burden of providing the firewall and NAPT as it was
>>determined
>> to be the edge router.  The interior routers need to understand their
>>role
>> and disable their firewall and NAPT abilities.  This is why the CER-ID
>>is
>> a numeric value (indicating CER status) or a double colon (indicating IR
>> status). 
>
>I agree with that. However, I disagree with how you are doing it.
>
>> In the case of the eRouter (combined cable modem and
>> router/switch/wireless), it performs a /48 check between the IA_NA and
>>the
>> IA_PD ranges.  If the ISP sends a double colon or null in the CER-ID
>>ORO,
>> AND if the IA_NA is in a different /48 than the given IA_PD, the eRouter
>> becomes the CER.  It must now declare to the IRs that it is the CER.  A
>> directly connected IR will see the CER value in the ORO and, in the
>> absence of another controlling protocol, disable its firewall and NAPT
>> functions.
>
>Why cannot it determine it is CER by bits coming from particular type of
>plug? Cable modem plug looks different from ethernet/wireless? It would
>be much more secure that way.
>
>> The nice advantage of the double colon is for network literate people
>>like
>> yourself to manually determine where the boundary between public and
>> private network will be.  If you didn¹t want the Cable or DSL modem to
>>be
>> the CER, manually give them a Œ::² and assign a CER-ID to a downstream
>> router.  Thus, CER-ID allows for automatic detection of the CER and
>> uniform behavior of IRs within the home and also a way to design your
>> network the way you desire.
>
>Again, bits coming from cable port <> not sounds much simpler to me. And
>more secure. 
>
>Cheers,
>
>-Markus

v2.23.0 | Report a Bug | By Email