IETF Logo Mail Archive

Re: [MBONED] MNAT draft

Leonard Giuliano <lenny@juniper.net> Thu, 12 November 2020 04:29 UTC

Return-Path: <lenny@juniper.net>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE8333A13C4 for <mboned@ietfa.amsl.com>; Wed, 11 Nov 2020 20:29:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=xkAX3u6A; dkim=pass (1024-bit key) header.d=juniper.net header.b=DqT1ZU3U
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6s4GsyLjbDyG for <mboned@ietfa.amsl.com>; Wed, 11 Nov 2020 20:29:21 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A8C43A1050 for <mboned@ietf.org>; Wed, 11 Nov 2020 20:29:20 -0800 (PST)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AC4NTem029622; Wed, 11 Nov 2020 20:29:19 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=date : from : to : cc : subject : in-reply-to : message-id : references : mime-version : content-type; s=PPS1017; bh=7fOzx017/gOvmz0ePDWDJx3cChbVRCBZ2tuRo0/299c=; b=xkAX3u6AH6N9al1SVEjxwIP2sw9Up5IevqSk4cNgqvMgntQ0K0LFiB4sEukYD+oV3C22 ofsCNP98gfI4pFBA5z9Wfqd4RnOk5qOIkqxgDFf3ir1LihZLCtF7CDQ/EF1zU5wjCx2X 4YTG40/XnpJMXcLj8NnFx8k3WIabKcW67oiWhR6yIfJE9OrFN+87lQaqKOgkqsZ3nDOy y6FgRyw6QQ1PZQE7hXwQbsYG51gpmQ5eXFmfA/Xbb42iGy511Px0qM32IndC6rUVf0uo h7tfy29AzvRUsGajKZZeZNLxcEw156zsugEZ2FB0120xf8Z1xJ547XIRspUKqueD+RKx 1A==
Received: from nam04-dm6-obe.outbound.protection.outlook.com (mail-dm6nam08lp2049.outbound.protection.outlook.com [104.47.73.49]) by mx0b-00273201.pphosted.com with ESMTP id 34rd91snja-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 11 Nov 2020 20:29:19 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ewjusy5InfNEp9u2bPprfI9ohk40x3n8PoTH67Xgb4WdDaYOSFBPM29cXPBtIhpODX3YWfEKwGRgmBLB/II5Dy9d/ajkGuzRLXBhTpDZ72fkSCGNZNgthpic4HdFxXOB6cn5LT2dg/l/mfthnIV7BjLcdOPwO+kZeASTETSSGUTslSfRrC5xrNaPN+zgswmWWMrtJd9vo7oGoU9WuBf/y/WQf9+DNJB6RSo/EOaQZH+OKCxg5hbDVGA+hPjRN3KdEElw5izdJnyvHDz5JFrWwKkiOaKMyEKUg0Nffy4aTITAhmlOZzjdLtSez4iQO3Iq+7dBKxT+LIEOQBJC+BEjdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7fOzx017/gOvmz0ePDWDJx3cChbVRCBZ2tuRo0/299c=; b=Vso0z84PuOw4cmWKSZCnDT4tE5l4eQNtrxA6trXK1gZ+uAAccCQZloVWoprRH42Ph9OAZ+jvb51kCJ0B6gZVEr8a9zxlounxAqWK2gy7i0S3kQFNGY+kqtGca2TdmCMaVNaRtIr7b0S1aEgGUSqk7D9bqRrSjl+KxgjBK0EQyhzR5w8WMSruqD3Qk9wGlCoRBWDoiLoHOt6PbULVZCr8g2JX014GaePvIfSSe9AOJ2LuJEBF8nzSs3cxLkU6Enli/YxmoH86GyYDds7QrQjj7y7OPFrhBUaKkYpupU+hxHAv9NC52DbwYpKMjGM3s4agM2OwniJXlKT/JWvflQjlbw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.242.13) smtp.rcpttodomain=akamai.com smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7fOzx017/gOvmz0ePDWDJx3cChbVRCBZ2tuRo0/299c=; b=DqT1ZU3UyvKSm2EG3QszFZ1wTrgCwoTaMPlt5syT16onvORtZV/Ng4xuZVot1EBqE5CJDjBjearxZW6SkUNlfFybba2MlXmhzt5PM+6VN+2ZHbYkX0yIhBAbjA+EL4al6NDA8/lhhWvQPevmdlS2TULzqZdId/Omb/6yIm6AtAM=
Received: from DM5PR22CA0001.namprd22.prod.outlook.com (2603:10b6:3:101::11) by BN7PR05MB4019.namprd05.prod.outlook.com (2603:10b6:406:86::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.14; Thu, 12 Nov 2020 04:29:16 +0000
Received: from DM3NAM05FT031.eop-nam05.prod.protection.outlook.com (2603:10b6:3:101:cafe::5c) by DM5PR22CA0001.outlook.office365.com (2603:10b6:3:101::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.21 via Frontend Transport; Thu, 12 Nov 2020 04:29:16 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.242.13) smtp.mailfrom=juniper.net; akamai.com; dkim=none (message not signed) header.d=none;akamai.com; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.242.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.242.13) by DM3NAM05FT031.mail.protection.outlook.com (10.152.98.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3589.12 via Frontend Transport; Thu, 12 Nov 2020 04:29:15 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 11 Nov 2020 20:29:14 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 11 Nov 2020 20:29:14 -0800
Received: from eng-mail03.juniper.net (eng-mail03.juniper.net [10.108.12.11]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 0AC4TEZi021925; Wed, 11 Nov 2020 20:29:14 -0800 (envelope-from lenny@juniper.net)
Received: from eng-mail03.juniper.net (localhost [127.0.0.1]) by eng-mail03.juniper.net (8.15.2/8.14.9) with ESMTPS id 0AC4ToCn005549 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Wed, 11 Nov 2020 20:29:50 -0800 (PST) (envelope-from lenny@juniper.net)
Received: from localhost (lenny@localhost) by eng-mail03.juniper.net (8.16.1/8.16.1/Submit) with ESMTP id 0AC4Ti5P005546; Wed, 11 Nov 2020 20:29:44 -0800 (PST) (envelope-from lenny@juniper.net)
X-Authentication-Warning: eng-mail03.juniper.net: lenny owned process doing -bs
Date: Wed, 11 Nov 2020 20:29:44 -0800
From: Leonard Giuliano <lenny@juniper.net>
To: "Holland, Jake" <jholland@akamai.com>
CC: "mboned@ietf.org" <mboned@ietf.org>
In-Reply-To: <893D0BA2-37C6-4A43-A05D-8B63249F2B9F@akamai.com>
Message-ID: <4a8c8590-3e35-afaa-c42a-e4f74feb997e@juniper.net>
References: <893D0BA2-37C6-4A43-A05D-8B63249F2B9F@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6a9e7373-c73a-4418-9d3c-08d886c3839f
X-MS-TrafficTypeDiagnostic: BN7PR05MB4019:
X-Microsoft-Antispam-PRVS: <BN7PR05MB4019C02FD3DD5E9F18FC4202A4E70@BN7PR05MB4019.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: nApKL+lkZQDIaVSxifQgdzTJIfnHwsYrQpoinDnN8I4j2AQnW9Pmn7zA4kKTlpOcvYbSnHNoFPunShoOabtRS8qDODdhR5qw/KnwcSYA7zwJKPPconUn+fcS7sR6OR6zKhebLmNH635IwUYFF7S1wmbcSrqCK0l5IGkKak7lxUrr0kXAQ11rdwOErDk7Ga+KMsunzN9OTJvfgy4CTePICGJukJWmqqZ9rlN3QZ0Kr0GPTi6lQUTCBkZEdAnFPR3xCUpVa3roohJdE5inoclk6LM5PzjaypPlFV1iVOJ96goUUOQIoeJcz3i4j3KW7BG/jAErfPeOilh2bCj58/fhssNGVFb1PS8ifFwdnbzHvGHNPnpiwmT92jeWYUdH7ILWU1vi5HXx5TiIKlx46AujA9G11rXMRgKk9bb9SUs8bDnMCj/vKpzQ06i+fbWzipYaM1sjYlMLmnlHwLQFZKv8mhWpQzpXmam74TEDoFt5P1g=
X-Forefront-Antispam-Report: CIP:66.129.242.13; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(136003)(396003)(346002)(39860400002)(376002)(46966005)(8676002)(66574015)(356005)(336012)(86362001)(31696002)(426003)(316002)(6916009)(478600001)(8936002)(2616005)(31686004)(81166007)(4326008)(2906002)(82310400003)(966005)(82740400003)(5660300002)(47076004)(83380400001)(26005)(36756003)(70206006)(186003)(70586007); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Nov 2020 04:29:15.6526 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a9e7373-c73a-4418-9d3c-08d886c3839f
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.242.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: DM3NAM05FT031.eop-nam05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB4019
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-11_12:2020-11-10, 2020-11-11 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 suspectscore=0 mlxscore=0 phishscore=0 clxscore=1015 impostorscore=0 priorityscore=1501 spamscore=0 adultscore=0 bulkscore=0 mlxlogscore=999 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011120024
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/UPKFpzIhMfevYdkgVSoYU1SNJgs>
Subject: Re: [MBONED] MNAT draft
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2020 04:29:23 -0000

Jake,

Thanks for posting this draft.  Some comments:

-Based on the discussion in MBONED in IETF 108, my understanding of the 
purpose of this translation is to handle the situation where routers 
within a domain (eg, BGP-free core) do not have routes to the source and 
thus RPF will fail.  Is that the case, or am I misunderstanding the 
motivation of this translation?  I found 1.3 to be pretty vague and it's 
not terribly clear to me from the doc what is the exact problem being 
solved here.

-If my assumption was correct, and this is trying to solve the issue of 
RPF failing bc intermediate routers lack source routes in the MRIB, there 
have been some other solutions proposed to solve this problem.  GTM 
(RFC7716) is one example, and I recall from long ago an "rpf-hint" was 
proposed, but I think that may have been abandoned in later versions of 
the Rosen MVPN draft.  Anyway, might be worth covering why these solutions 
fell short in solving the problem.

-I could find no mention of what is being translated, the source or the 
group?  Again, I would have assumed just the source, but this is never 
mentioned explicitly.  I can't think of a good reason for translating the 
group address, but maybe I'm missing something.  In any event, might be 
worth explaining whether it's the source or group or both being translated 
and why.

-Sect 1, 2nd para: "for the purpose of working around various 
addressing-related issues"
	-this is pretty vague; might be good to specify some examples of those issues

-Sect 2.1: given that directionality of mcast routing can be relative 
(control plane goes in one direction, traffic in the other), might be 
helpful to specify that the "ingress node" is the translating node closest 
to the source while "egress node" is the node closest to the receiver to 
make it absolutely clear.

-Sect 1.3, 3rd bullet: "...packet replication channels with static group addresses ..."
	-static groups or static routing?

-Sect 1.3, next sentence: "...use of static provisioning of multicast groups..."
	-same as above, static provisioning, or static routing?  Can you 
be more specific about what is static here?

-Sec 2.1, last sentence: yes, a diagram would be very helpful.  The slide 
referenced was very helpful.

-Sect 2.1.1, penultimate para: "Premesis" misspelled.

-Sect 2.4.3, last para: "addreessing" misspelled


-Lenny

On Mon, 9 Nov 2020, Holland, Jake wrote:

| 
| 
| Hi mboned,
| 
| I also wanted to draw to your attention a new draft I'll be
| going over in the upcoming meeting.  It's about automating
| multicast NAT to get global multicast traffic delivered in
| spite of restrictions that may prevent the use of the global
| addresses inside particular networks, for a few different
| reasons:
| https://urldefense.com/v3/__https://tools.ietf.org/html/draft-jholland-mboned-mnat-00__;!!NEt6yMaO-gk!WWrhysPgI-3oi4ENEZG06n5mKR9GaBavMtFzqhprxgPbUsFr9BxIDx7LOA1GhU4$
| 
| This work came out of the feedback I got about stoppers for
| ISPs to deploy delivery for externally sourced multicast
| traffic to clients inside their networks. So I think it's a
| suitable topic for mboned to consider as part of solving that
| end-to-end delivery problem.
| 
| I touched on this (under the name GNATS) in IETF 108[1], but
| now I've finally posted a draft with something closer to a
| detailed explanation of how it might work.  It's still kinda
| rough, but feedback is very welcome.
| 
| I took Lenny's suggestion to call it "Multicast NAT", but
| this name perhaps conflicts with some existing features in
| existing routers[2] that are only loosely related to what
| this doc is describing.  Maybe I need to change it to
| "Multicast NAT Service" or something, or maybe it needs a
| different name altogether, not sure.
| 
| I'm not sure how firm this particular approach is.  I'm still
| working on cobbling together a prototype and might encounter
| a need for some significant changes or extensions to the
| model, but I wanted to get a strawman version out there to kick
| around and see if anybody has a problem with the approach I'm
| proposing.
| 
| Assuming I don't find a fatal flaw in this approach before we
| meet, I'd like the WG to consider adoption (or suggest a
| better path forward), so please take a look at the draft if
| you get a chance.
| 
| Thanks and regards,
| Jake
| 
| [1] Page 7-9 of the slides from mboned 108:
| https://urldefense.com/v3/__https://www.ietf.org/proceedings/108/slides/slides-108-mboned-status-update-on-multicast-to-the-browser-00.pdf*page=7__;Iw!!NEt6yMaO-gk!WWrhysPgI-3oi4ENEZG06n5mKR9GaBavMtFzqhprxgPbUsFr9BxIDx7LNL6bFeI$
| 
| [2] For example, Juniper and Cisco each have configuration docs
| for multicast NAT:
| https://urldefense.com/v3/__https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16/nat-xe-16-book/iadnat-multicast-dynamic.html__;!!NEt6yMaO-gk!WWrhysPgI-3oi4ENEZG06n5mKR9GaBavMtFzqhprxgPbUsFr9BxIDx7LiRw-85I$
| https://www.juniper.net/documentation/en_US/junos/topics/example/nat-multicast-traffic-configuring.html
| 
| 
| _______________________________________________
| MBONED mailing list
| MBONED@ietf.org
| https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/mboned__;!!NEt6yMaO-gk!WWrhysPgI-3oi4ENEZG06n5mKR9GaBavMtFzqhprxgPbUsFr9BxIDx7LI6pWc6A$
|

v2.23.0 | Report a Bug | By Email