IETF Logo Mail Archive

Re: [Int-area] AD evaluation: draft-ietf-intarea-nat-reveal-analysis

Suresh Krishnan <suresh.krishnan@ericsson.com> Tue, 12 February 2013 00:11 UTC

Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E850121F8A66 for <int-area@ietfa.amsl.com>; Mon, 11 Feb 2013 16:11:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.925
X-Spam-Level:
X-Spam-Status: No, score=-101.925 tagged_above=-999 required=5 tests=[AWL=0.674, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9d9JXZWmCS4T for <int-area@ietfa.amsl.com>; Mon, 11 Feb 2013 16:11:21 -0800 (PST)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) by ietfa.amsl.com (Postfix) with ESMTP id 5883C21F8A61 for <int-area@ietf.org>; Mon, 11 Feb 2013 16:11:21 -0800 (PST)
X-AuditID: c618062d-b7fcb6d000007ada-d5-511988a88b87
Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 15.36.31450.8A889115; Tue, 12 Feb 2013 01:11:20 +0100 (CET)
Received: from eusaamw0706.eamcs.ericsson.se (147.117.20.31) by EUSAAHC004.ericsson.se (147.117.188.84) with Microsoft SMTP Server (TLS) id 14.2.318.4; Mon, 11 Feb 2013 19:11:20 -0500
Received: from [142.133.112.63] (147.117.20.214) by smtps-am.internal.ericsson.com (147.117.20.31) with Microsoft SMTP Server (TLS) id 8.3.279.1; Mon, 11 Feb 2013 19:11:19 -0500
Message-ID: <51198814.1060809@ericsson.com>
Date: Mon, 11 Feb 2013 19:08:52 -0500
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: Brian Haberman <brian@innovationslab.net>
References: <51195E93.4090103@innovationslab.net>
In-Reply-To: <51195E93.4090103@innovationslab.net>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBLMWRmVeSWpSXmKPExsUyuXRPiO6KDslAg1XLFCxm9vxjtDj4+B2L xY1ZN1kcmD2WLPnJ5DHz+BcWjy+XP7MFMEdx2aSk5mSWpRbp2yVwZZw4cJSt4CJXxfM/T5ka GDdzdDFyckgImEj8n7GZFcIWk7hwbz1bFyMXh5DAEUaJx7cb2CGc3YwSh9s3QTlbGSVW/1jI BNLCK6At0dB2CcxmEVCV2HT/MguIzQY0dsPOz2BxUYEwid7X5xgh6gUlTs58AlYjIqAr0dix AsxmFgiSeLuvAaxeWMBXYv2bbrCThAQMJf40/WUGsTkFjCRerjsPVM8BdKq4xJo3HBCtehJT rrYwQtjyEtvfzmGGaNWU2LrmO+sERuFZSDbPQtIyC0nLAkbmVYwcpcWpZbnpRgabGIGhfUyC TXcH456XlocYpTlYlMR5g1wvBAgJpCeWpGanphakFsUXleakFh9iZOLglGpgbCm9crfwboCp vq+x7ILlvx9OnX1UotfJwejrns7un8pnJT4kLFXicTnestHJ++n7W6pHSs7nSYSbl578V7Kc 0fOc1dFXV2avLp0VKnPqBJtQ5uc61mc+nxNW/2AMWBihwnNQWenRjYjJmzK///6drRozi9/t b3s8+2Lh7oWK+gc5l3w4s1JykhJLcUaioRZzUXEiAOl2E1A7AgAA
Cc: draft-ietf-intarea-nat-reveal-analysis@tools.ietf.org, int-area@ietf.org
Subject: Re: [Int-area] AD evaluation: draft-ietf-intarea-nat-reveal-analysis
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2013 00:11:22 -0000

Hi Brian,
  Thanks for the review. I wanted to clarify three points that you
raised and I will ask the authors take care of the rest.

On 02/11/2013 04:11 PM, Brian Haberman wrote:
> 7. In Section 4.1.2, it would be good to describe any issues that the
> approach has with the original use of the Identification field for
> fragmentation reassembly.  If a middlebox changes the ID field, weird
> things can/will happen if those packets are fragmented somewhere.

Agree. I think this is precisely the reason that the mechanism for
putting the HOST_ID in the IP-ID is a non-starter.

> 11. Is Section 4.6 theoretical or is there a specific reference that can
> be added for this technique?

There are several mechanisms that use port sets for IPv4 address
sharing. A+P (RFC6346) is one such mechanism.

> 15. Section 5
> 
> * Shouldn't there be an additional metric that covers the impact/cost of
> needing client or middlebox code changes?
> 
> * Where did the 100% success ratio for IP-ID come from?  There have been
> documented cases of OSes setting the Identification field to zero.  If
> that is true, the success ratio can't be 100% can it?

This technique involves the translator (and not the sender) setting the
IP-ID field. That is why it can still work with OSes on senders setting
the IP-ID to zero.

Thanks
Suresh

v2.23.0 | Report a Bug | By Email