IETF Logo Mail Archive

[Int-area] Some comments for 4rd

Tina Tsou <tena@huawei.com> Wed, 13 April 2011 23:13 UTC

Return-Path: <tena@huawei.com>
X-Original-To: int-area@ietfc.amsl.com
Delivered-To: int-area@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 40A36E07EA for <int-area@ietfc.amsl.com>; Wed, 13 Apr 2011 16:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.797
X-Spam-Level:
X-Spam-Status: No, score=-104.797 tagged_above=-999 required=5 tests=[AWL=1.801, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G3KhR5Uyfqbk for <int-area@ietfc.amsl.com>; Wed, 13 Apr 2011 16:13:18 -0700 (PDT)
Received: from usaga02-in.huawei.com (usaga02-in.huawei.com [206.16.17.70]) by ietfc.amsl.com (Postfix) with ESMTP id 071DAE07F1 for <int-area@ietf.org>; Wed, 13 Apr 2011 16:13:18 -0700 (PDT)
Received: from huawei.com (localhost [127.0.0.1]) by usaga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LJM00HI65U46A@usaga02-in.huawei.com> for int-area@ietf.org; Wed, 13 Apr 2011 16:13:17 -0700 (PDT)
Received: from TingZousc1 ([10.193.34.188]) by usaga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0LJM00ABM5U3OF@usaga02-in.huawei.com> for int-area@ietf.org; Wed, 13 Apr 2011 16:13:16 -0700 (PDT)
Date: Wed, 13 Apr 2011 16:13:15 -0700
From: Tina Tsou <tena@huawei.com>
To: int-area@ietf.org
Message-id: <00ef01cbfa30$5eb5ad50$1c2107f0$@com>
MIME-version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Content-type: multipart/alternative; boundary="Boundary_(ID_h0X3MlDi3ojzRGawOFAr6A)"
Content-language: en-us
Thread-index: Acv513EEgB0AidJaRV+R6cpHxz5MQgAWIj5w
x-cr-hashedpuzzle: BTsg Bg0F CEGB CQ2v DI05 Dw8E EdX1 EioQ Eqz3 FRNU GU7m GhF0 Hpli H9Cr IP0/ J8gd; 1; aQBuAHQALQBhAHIAZQBhAEAAaQBlAHQAZgAuAG8AcgBnAA==; Sosha1_v1; 7; {7D19ED87-13AD-44D8-9AF8-3A76036A9902}; dABlAG4AYQBAAGgAdQBhAHcAZQBpAC4AYwBvAG0A; Wed, 13 Apr 2011 23:13:13 GMT; UwBvAG0AZQAgAGMAbwBtAG0AZQBuAHQAcwAgAGYAbwByACAANAByAGQA
x-cr-puzzleid: {7D19ED87-13AD-44D8-9AF8-3A76036A9902}
Subject: [Int-area] Some comments for 4rd
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2011 23:13:21 -0000

Hi all,
I have some comments for 4rd.
 
http://tools.ietf.org/html/draft-despres-intarea-4rd-01
http://tools.ietf.org/html/draft-sun-intarea-4rd-applicability-01
 
1.       In section 4.3.4 of 4rd draft, Figure 4
In section 2.5.1 of RFC3513, it says:
" For all unicast addresses, except those that start with binary value 000,
Interface IDs are required to be 64 bits long and to be constructed in
Modified EUI-64 format."
 
The last 64bits of CE IPv6 address should comply with this requirement, if
you do not have any specific reasons to set them to 0.
 
2.       In section 4.5.1 and 4.5.2, (d) of 4rd draft
In this case, the packet comes from the internet to the CE/end user, there
is no address sharing in this direction, why should the Datagram ID be
replaced by a locally generated one?
 
3.       ICMP does not work in 4rd
ICMP packet contains no port information, a user can send a ping packet to
peer, but when the BR receives the response packet, the BR does not know how
to construct the CE's IPv6 address based on just the IPv4 address, without
the IPv4 port info.
 
A possible solution is to put the port information into the identification
field of an ICMP packet:
a)       When receiving a ICMP packet from the end user, CE should get a
number from its IPv4 port range, and put it into the identification field of
the ICMP packet.
b)       When receiving a response ICMP message from the internet side, BR
should derive the CE's IPv6 address based on the IPv4 destination address
and the identification(port) info.
c)       If BR does not replace the identification filed of a packet, then
only a) and b) is sufficient; or BR just replace identification of packet
when the packet is not ICMP packet; 
if the BR replace identification of all packets, then BR have to maintain a
mapping table of internal identification VS external identification, and
when receiving a response ICMP packet from the internet side, BR should
replace the identification based on the mapping table before forwarding it
to CE.
 
4.       Unable to communicate to users sharing a same IP address
Users sharing a same public IPv4 address would not be able to communicate
directly, because they have the same IP address; the IP stack would not send
out a packet to the network if it thinks the destination is itself, but
return the packet to itself, just like you send a packet to 127.0.0.1.
Maybe they can communicate to each other via native IPv6; 
 
5.       In section 5 of applicability draft
"Shared address issues [I-D.ietf-intarea-shared-addressing-issues] describes
a method for
   the random selection of TCP Sequence Number, that reduces the ability of
attacker to correctly guess the 5-ruple."
 
   Random selection of TCP Sequence Number is to prevent the attacker from
guessing the next TCP SN, not the 5-tuple.
 
 
 
We keep our promises with one another - no matter what!
 
Best Regards,
Tina TSOU
http://tinatsou.weebly.com/contact.html

v2.23.0 | Report a Bug | By Email