IETF Logo Mail Archive

Re: [Int-area] AD evaluation: draft-ietf-intarea-nat-reveal-analysis

Suresh Krishnan <suresh.krishnan@ericsson.com> Wed, 13 February 2013 06:19 UTC

Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C5B121F8992 for <int-area@ietfa.amsl.com>; Tue, 12 Feb 2013 22:19:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.021
X-Spam-Level:
X-Spam-Status: No, score=-102.021 tagged_above=-999 required=5 tests=[AWL=0.578, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AzLvPRn-4t3g for <int-area@ietfa.amsl.com>; Tue, 12 Feb 2013 22:19:08 -0800 (PST)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) by ietfa.amsl.com (Postfix) with ESMTP id DACE121F8675 for <int-area@ietf.org>; Tue, 12 Feb 2013 22:19:07 -0800 (PST)
X-AuditID: c6180641-b7f926d000000e79-18-511b305a3012
Received: from EUSAAHC008.ericsson.se (Unknown_Domain [147.117.188.96]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 4E.85.03705.A503B115; Wed, 13 Feb 2013 07:19:06 +0100 (CET)
Received: from eusaamw0706.eamcs.ericsson.se (147.117.20.31) by EUSAAHC008.ericsson.se (147.117.188.96) with Microsoft SMTP Server (TLS) id 14.2.318.4; Wed, 13 Feb 2013 01:19:05 -0500
Received: from [164.48.125.43] (147.117.20.214) by smtps-am.internal.ericsson.com (147.117.20.31) with Microsoft SMTP Server (TLS) id 8.3.279.1; Wed, 13 Feb 2013 01:19:05 -0500
Message-ID: <511B2FC0.1060209@ericsson.com>
Date: Wed, 13 Feb 2013 01:16:32 -0500
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: Brian Haberman <brian@innovationslab.net>
References: <51195E93.4090103@innovationslab.net> <51198814.1060809@ericsson.com> <51199062.4080505@innovationslab.net>
In-Reply-To: <51199062.4080505@innovationslab.net>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBLMWRmVeSWpSXmKPExsUyuXRPgm6UgXSgwbt9FhYze/4xWhx8/I7F 4sasmywOzB5Llvxk8ph5/AuLx5fLn9kCmKO4bFJSczLLUov07RK4Mo7O+85cMFmw4sHSHywN jPt4uxg5OSQETCS2/pnEBGGLSVy4t56ti5GLQ0jgCKPEpXfTmSCc3YwSj3rXQGW2MEq0NU1j AWnhFdCW2HjsKTOIzSKgKvHn5wt2EJsNaOyGnZ/BxooKhEn0vj7HCFEvKHFy5hOwXhEBXYnG jhVgNrNAkMTbfQ1g9cICvhLr33SzgthCAuUSX9YfZQOxOQWMJFrv/wayOYBOFZdY84YDolVP YsrVFkYIW15i+9s5zBCtmhJb13xnncAoPAvJ5llIWmYhaVnAyLyKkaO0OLUsN93IcBMjMLSP SbA57mBc8MnyEKM0B4uSOG+o64UAIYH0xJLU7NTUgtSi+KLSnNTiQ4xMHJxSDYzruHWFC++b X+5pPekUbfjrvE15QlTlld4d93isI1Z5tkuInnwVyflfkGuVnhZbWdnTsp7GCSy/31vJXuq/ nfLzRMTjeQLLok4ZyhrLngnv2LDpS5Dvika+iwf75nDkXFMp3D89Z3v6vsORkx+fEVOttCmY /L2Ke42/SM3RjU5KbOfNRfm2JSqxFGckGmoxFxUnAgBQr4ejOwIAAA==
Cc: draft-ietf-intarea-nat-reveal-analysis@tools.ietf.org, int-area@ietf.org
Subject: Re: [Int-area] AD evaluation: draft-ietf-intarea-nat-reveal-analysis
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2013 06:19:09 -0000

Hi Brian,

On 02/11/2013 07:44 PM, Brian Haberman wrote:
> Hi Suresh,
> 
> On 2/11/13 7:08 PM, Suresh Krishnan wrote:
>> Hi Brian,
>>    Thanks for the review. I wanted to clarify three points that you
>> raised and I will ask the authors take care of the rest.
>>
>> On 02/11/2013 04:11 PM, Brian Haberman wrote:
>>> 7. In Section 4.1.2, it would be good to describe any issues that the
>>> approach has with the original use of the Identification field for
>>> fragmentation reassembly.  If a middlebox changes the ID field, weird
>>> things can/will happen if those packets are fragmented somewhere.
>>
>> Agree. I think this is precisely the reason that the mechanism for
>> putting the HOST_ID in the IP-ID is a non-starter.
> 
> I agree.  But that rationale should be in the draft.

Ack. Med proposed a reference to RFC6864 Section 5.3. Is that sufficient?

> 
>>
>>> 11. Is Section 4.6 theoretical or is there a specific reference that can
>>> be added for this technique?
>>
>> There are several mechanisms that use port sets for IPv4 address
>> sharing. A+P (RFC6346) is one such mechanism.
> 
> Then I would ask that a reference be put in to give readers an example.

OK.

> 
>>
>>> 15. Section 5
>>>
>>> * Shouldn't there be an additional metric that covers the impact/cost of
>>> needing client or middlebox code changes?
>>>
>>> * Where did the 100% success ratio for IP-ID come from?  There have been
>>> documented cases of OSes setting the Identification field to zero.  If
>>> that is true, the success ratio can't be 100% can it?
>>
>> This technique involves the translator (and not the sender) setting the
>> IP-ID field. That is why it can still work with OSes on senders setting
>> the IP-ID to zero.
> 
> You still have the issue of the middlebox setting that ID to something
> that potentially impacts fragmentation reassembly.  So, I would still
> like to know how that 100% success ratio was collected.

Makes sense. I read the test result % to mean successful connection
establishment and identification. Med, can you elaborate a bit on what
exactly was tested and what the success % means.

Thanks
Suresh

v2.23.0 | Report a Bug | By Email