Re: [nbs] NBS and TCP connection identification

Jan M <jmgm@iki.fi> Thu, 14 October 2010 05:45 UTC

Return-Path: <jmgm@iki.fi>
X-Original-To: nbs@core3.amsl.com
Delivered-To: nbs@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3BB713A6ABF for <nbs@core3.amsl.com>; Wed, 13 Oct 2010 22:45:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yI6hnLe67Kl3 for <nbs@core3.amsl.com>; Wed, 13 Oct 2010 22:45:12 -0700 (PDT)
Received: from smtp.melen.org (foxgw.melen.org [84.20.145.65]) by core3.amsl.com (Postfix) with ESMTP id 3C16C3A6ACE for <nbs@ietf.org>; Wed, 13 Oct 2010 22:44:58 -0700 (PDT)
Received: from smtp.melen.org (wolfxx123.shadow.melen.org [192.168.1.251]) by smtp.melen.org (Postfix) with ESMTP id 46031314D4BA; Thu, 14 Oct 2010 05:45:39 +0000 (UTC)
Received: from [IPv6:::1] (unknown [IPv6:2001:1bc8:101:f200::25]) by smtp.melen.org (Postfix) with ESMTP id BE5D1314D49B; Thu, 14 Oct 2010 05:45:37 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
From: Jan M <jmgm@iki.fi>
In-Reply-To: <7C1C5C58-BE14-48E7-AFAA-9ECEDE3B2441@ericsson.com>
Date: Thu, 14 Oct 2010 08:45:35 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <BC6EB98A-5DB8-4E9E-8FE3-3BB56D048850@iki.fi>
References: <4C97D9A8.2050001@oracle.com> <ACE9611A-9107-46EC-ADD2-56E553DC1C3A@ericsson.com> <4C9826D0.2060703@oracle.com> <1285067950.2068.59.camel@bit> <4C98D525.1030808@oracle.com> <DC2EB1A1-B9BE-49B0-B443-B513873B9AF2@ericsson.com> <EBB53DE6-2EEB-43C2-9451-0A38EBD10BAA@free.fr> <CD376A37-C756-47E5-BBC7-205595F523AB@ericsson.com> <C3056CB3-DDD3-4B13-A80F-552350031FEF@free.fr> <C0F28CE9-B47D-416A-907D-394AC2FAF487@ericsson.com> <383DC7DE-389D-471E-8402-3B5816880F55@iki.fi> <7C1C5C58-BE14-48E7-AFAA-9ECEDE3B2441@ericsson.com>
To: Christian Vogt <christian.vogt@ericsson.com>
X-Mailer: Apple Mail (2.1081)
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: "nbs@ietf.org" <nbs@ietf.org>
Subject: Re: [nbs] NBS and TCP connection identification
X-BeenThere: nbs@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Name based sockets discussion list <nbs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nbs>, <mailto:nbs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nbs>
List-Post: <mailto:nbs@ietf.org>
List-Help: <mailto:nbs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nbs>, <mailto:nbs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2010 05:45:14 -0000

Hi Christian,

On Oct 13, 2010, at 9:19 PM, Christian Vogt wrote:

>> How will a host with a RFC1918 address be able to synthesize its name or will all RFC1918 hosts have the same name? How will NBS separate these hosts or is it assumed that server will always sees the same name? Or do the end hosts see different names e.g. server sees the synthesized name of NAT and client sees the name of RFC1918?
> 
> Yes, synthesized names are derived from the IP address seen by the recipient.  Therefore, if multiple legacy hosts are behind a NAT, their synthetic names will be the same.
> 
> An alternative could be to also encode the initiator's port number into a synthesized name, in addition to the initiator's IP address.  In this case, the synthetic names of multiple legacy hosts are behind a NAT would differ.  I am yet unconvinced whether this would be useful, though.  Thoughts?
> 
>> If there was a host at certain IP A (obtained via DHCP) with synthesized name A when the next host (different) gets the same IP A from DHCP will it have the same name A?  What should the peer be able to determine from this name and how will it know that it is different or same instance as the previous?
> 
> Yes, if DHCP hands out the same IP address to different hosts sequentially, and if those hosts are both legacy, the hosts' synthesized names will look the same.  But this is in line with the semantics of a synthesized name:  A synthesized name refers to the host that used the encoded IP address at the time of session initiation.  By implication, synthesized names are good only throughout a session -- for session identification across address changes.  Synthesized names cannot be used to re-identify a host across sessions.
> 
> Does this make sense?

Actually I don't see how this could work for either session identification. If the host initiates the session with RFC1918 address behind the NAT then the peer sees synthesized name NAT.in-addr.arpa and client thinks it is RFC1918.in-addr.arpa. Now it tries to use this name on the other interface it has and it sends to the peer "Hi, I'm RFC1918.in-addr.arpa I would like to add V.X.Y.Z. address to the existing RFC1918.in-addr.arpa session" but the peer has only session NAT.in-addr.arpa so it wont be able to identify the session or am I missing something? So I guess you need some network support to resolve that the name of the session is actually NAT.in-addr.arpa not RFC1918.in-addr.arpa?

Additionally the session identification comes even more complex when you have multiple hosts behind the as not all can identify themselves as NAT.example.com or how do you plan to avoid situation where multiple hosts are saying that "Hi I'm NAT.in-addr.arpa and I would like to add address to address on port 80" so how would the peer know which session to associate new address as the source port is probably not usable as you can't count on it to be same all session to be added?

   Regards,
    Jan