Re: [OPSAWG] Benjamin Kaduk's No Objection on draft-ietf-opsawg-nat-yang-16: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Tue, 25 September 2018 21:34 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5744A130DD0; Tue, 25 Sep 2018 14:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1J-t5c9N0Hc; Tue, 25 Sep 2018 14:34:47 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88C14130DCA; Tue, 25 Sep 2018 14:34:46 -0700 (PDT)
X-AuditID: 1209190c-4c3ff70000001527-ed-5baaa9f475e7
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id C5.EC.05415.5F9AAAB5; Tue, 25 Sep 2018 17:34:45 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w8PLYhlZ008779; Tue, 25 Sep 2018 17:34:43 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w8PLYccg023177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 25 Sep 2018 17:34:41 -0400
Date: Tue, 25 Sep 2018 16:34:38 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: mohamed.boucadair@orange.com
Cc: The IESG <iesg@ietf.org>, "draft-ietf-opsawg-nat-yang@ietf.org" <draft-ietf-opsawg-nat-yang@ietf.org>, Joe Clarke <jclarke@cisco.com>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Message-ID: <20180925213438.GF24695@kduck.kaduk.org>
References: <153790024204.5176.8102975803900099153.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302DFE6A66@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DFE6A66@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprDKsWRmVeSWpSXmKPExsUixCmqrPt15apog8dveS3uL13ObDHjz0Rm i31X/zBaHH77lN3i+Y0/7BYrTm5mcmDzmPJ7I6vHkiU/mTxanp1kC2CO4rJJSc3JLEst0rdL 4Mo4eKiXvWCVakVHx0zWBsY9Ml2MnBwSAiYSi7fvYwexhQQWM0m0fA3sYuQCsjcySlw/cJ8J wrnKJLF1bRMzSBWLgKrEptZ/YB1sAioSDd2XweIiAgoS+9r6WUAamAVamSRW32pkAUkIC8RK TO56C9TAwcELtK5vmS3E0CWMEjeevASr4RUQlDg58wmYzSygI7Fz6x02kHpmAWmJ5f84IMLy Es1bZ4Pt4hRIkvjfvI8JxBYVUJbY23eIfQKj4Cwkk2YhmTQLYdIsJJMWMLKsYpRNya3SzU3M zClOTdYtTk7My0st0jXUy80s0UtNKd3ECI4ESZ4djGfeeB1iFOBgVOLh5bBdFS3EmlhWXJl7 iFGSg0lJlDeuByjEl5SfUpmRWJwRX1Sak1p8iFGCg1lJhFeJDyjHm5JYWZValA+TkuZgURLn ndCyOFpIID2xJDU7NbUgtQgmK8PBoSTBKwKMeCHBotT01Iq0zJwShDQTByfIcB6g4fUrQIYX FyTmFmemQ+RPMSpKifO2giQEQBIZpXlwvaBEJZG9v+YVozjQK8K8QSAreIBJDq77FdBgJqDB E3pWgAwuSURISTUwej2fwBV7VVd8jWxjf+lLc+blgfKCZ18cOr114z8m9V0PctU+W9ruzPx9 74bvnRlvz2q9zE8pts8Lnvk/4965kJ2Jq/+qHqjZfVviyz/+LedmXvSdW/WFoZ/v3qzAxnev L7qr7F1Rv/vOz5a603PyAt5dXhrmYmdZZ/H587IX2t9V4rVWuE48V6/EUpyRaKjFXFScCADV 3C1TLwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/IT_3ZtndCxQIaxnQ_my4ELfOpnM>
Subject: Re: [OPSAWG] Benjamin Kaduk's No Objection on draft-ietf-opsawg-nat-yang-16: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2018 21:34:49 -0000
On Tue, Sep 25, 2018 at 09:27:08PM +0000, mohamed.boucadair@orange.com wrote: > Hi Benjamin, > > Thank you for the comments. > > Please see inline. Also inline. > Cheers, > Med > > > -----Message d'origine----- > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] > > Envoyé : mardi 25 septembre 2018 20:31 > > À : The IESG > > Cc : draft-ietf-opsawg-nat-yang@ietf.org; Joe Clarke; opsawg-chairs@ietf.org; > > jclarke@cisco.com; opsawg@ietf.org > > Objet : Benjamin Kaduk's No Objection on draft-ietf-opsawg-nat-yang-16: (with > > COMMENT) > > > > Benjamin Kaduk has entered the following ballot position for > > draft-ietf-opsawg-nat-yang-16: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-opsawg-nat-yang/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Thanks for the easy-to-read document! I just have a few comments and > > potential nits > > I noticed. > > > > It was somewhat interesting to me that basically everything is config rw, > > including ports and > > addresses that would normally be assigned internally by the NAT, but I don't > > see this as > > problematic. > > [Med] This is a good point. Actually, we are using rw because the same structure is also used for static mappings. That is, the external port and IP address are also provided. I had even internalized that, just somehow didn't make the connection. Thanks for setting me straight. > > > > Section 2.1 > > > > Considerations about instructing explicit > > dynamic means (e.g., [RFC6887], [RFC6736], or [RFC8045]) are out of > > scope. [...] > > > > I'm having trouble parsing this; is it maybe "instructing by explicit > > dynamic means" or "explicit dynamic mappings"? > > [Med] Changed to "Considerations about instructing by explicit dynamic means". Thanks. > > > > > Section 3 > > > > What's the relationship between hold-down-timeout and hold-down-max -- that > > is, if the maximum number of ports in the pool gets hit, to the oldest > > ports in the pool get ejected even if they haven't timed out, or what > > happens? > > > > [Med] deallocated ports are added to the hold-down pool till a max is reached; ports are removed from that pool upon the expiry of the hold-down-timeout. New deallocated ports cannot be added if the pool reaches its max. Okay, so if the hold-down pool is full and a mapping's expiration timer expires, does that port immediately become free to use, or does the mapping persist until there is space in the hold-down pool, or something else? > > I don't expect this to need to be in the document, but I'm curious what the > > use case for the all-algs-enable leaf is. > > [Med] This is to allow to enable all "default" ALGs that are widely supported (FTP, RSTP, in particular). This is an optimization as each of the ALGs can be enabled separately. Okay. I guess I don't quite see how this implies the semantics that it overrides the per-ALG settings, but it's documented well enough that I don't object to it being this way. Thanks! -Benjamin > > > > I may be confused, but is the ordering relationship between low-threshold > > and high-threshold correct? From the description it would seem like we > > need low < high, but I'm reading the text as requiring low >= high. > > Also, the error-message for that "must" stanza talks about port numbers, > > not percentage thresholds. > > [Med] Good c atch. You are completely right. Fixed. > > > > > container connection-limits { > > [...] > > list limit-per-protocol { > > [...] > > leaf limit { > > type uint32; > > description > > "Rate-limit the number of protocol-specific mappings > > and sessions per instance."; > > > > This is a maximum, not a rate-limit, I think? > > [Med] Yes. Fixed. > > > > > Section A.6 > > > > EAMs may be enabled jointly with statefull NAT64. This example shows > > a NAT64 function that supports static mappings: > > > > nit: "stateful" > > [Med] Fixed. Thanks > > >
- [OPSAWG] Benjamin Kaduk's No Objection on draft-i… Benjamin Kaduk
- Re: [OPSAWG] Benjamin Kaduk's No Objection on dra… mohamed.boucadair
- Re: [OPSAWG] Benjamin Kaduk's No Objection on dra… Benjamin Kaduk
- Re: [OPSAWG] Benjamin Kaduk's No Objection on dra… mohamed.boucadair
- Re: [OPSAWG] Benjamin Kaduk's No Objection on dra… Benjamin Kaduk
- Re: [OPSAWG] Benjamin Kaduk's No Objection on dra… mohamed.boucadair
- Re: [OPSAWG] Benjamin Kaduk's No Objection on dra… mohamed.boucadair