IETF Logo Mail Archive

Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-yang-15: (with DISCUSS)

<mohamed.boucadair@orange.com> Mon, 24 September 2018 11:36 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36FE0127148; Mon, 24 Sep 2018 04:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jk4g9UFtC2Bf; Mon, 24 Sep 2018 04:36:07 -0700 (PDT)
Received: from orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD06F130E89; Mon, 24 Sep 2018 04:36:06 -0700 (PDT)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id 42Jhwj0ncgzymy; Mon, 24 Sep 2018 13:36:05 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.10]) by opfednr03.francetelecom.fr (ESMTP service) with ESMTP id 42Jhwh6kyYzDq80; Mon, 24 Sep 2018 13:36:04 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM5C.corporate.adroot.infra.ftgroup ([fe80::4bd:9b2b:3651:6fba%19]) with mapi id 14.03.0415.000; Mon, 24 Sep 2018 13:36:04 +0200
From: mohamed.boucadair@orange.com
To: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
CC: "opsawg@ietf.org" <opsawg@ietf.org>, "draft-ietf-opsawg-nat-yang@ietf.org" <draft-ietf-opsawg-nat-yang@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-yang-15: (with DISCUSS)
Thread-Index: AQHUUcbsUZwhBdZzSE2IUFTKQ+jAvaT+6IPQgAAPooCAACVKEP//7eSAgAAid6D//+H7AIAAP9zQ
Date: Mon, 24 Sep 2018 11:36:04 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302DFE5DD4@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <153754677994.7443.9092939251929421656.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302DFE5AA0@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <4E1DE484-9B3C-4977-A4F3-13F716A109AD@kuehlewind.net> <787AE7BB302AE849A7480A190F8B93302DFE5C3E@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <23FA14C7-66E0-4A3C-B0AB-91CB3DF48203@kuehlewind.net> <787AE7BB302AE849A7480A190F8B93302DFE5CBD@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <6A1A7EE4-DA1E-42E5-B85E-76A767D38524@kuehlewind.net>
In-Reply-To: <6A1A7EE4-DA1E-42E5-B85E-76A767D38524@kuehlewind.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.2]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/TkVkNVUKNzKx3hZr7V33JxoEOGI>
Subject: Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-yang-15: (with DISCUSS)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2018 11:36:09 -0000

Re-,

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : Mirja Kuehlewind (IETF) [mailto:ietf@kuehlewind.net]
> Envoyé : lundi 24 septembre 2018 11:39
> À : BOUCADAIR Mohamed IMT/OLN
> Cc : opsawg@ietf.org; draft-ietf-opsawg-nat-yang@ietf.org; opsawg-
> chairs@ietf.org; The IESG
> Objet : Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-yang-
> 15: (with DISCUSS)
> 
> Hi med,
> 
> inline...
> 
> > Am 24.09.2018 um 11:31 schrieb <mohamed.boucadair@orange.com>
> <mohamed.boucadair@orange.com>:
> >
> > Re-,
> >
> > Please see inline.
> >
> > Cheers,
> > Med
> >
> >> -----Message d'origine-----
> >> De : Mirja Kuehlewind (IETF) [mailto:ietf@kuehlewind.net]
> >> Envoyé : lundi 24 septembre 2018 11:23
> >> À : BOUCADAIR Mohamed IMT/OLN
> >> Cc : The IESG; opsawg@ietf.org; draft-ietf-opsawg-nat-yang@ietf.org;
> opsawg-
> >> chairs@ietf.org
> >> Objet : Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-
> yang-
> >> 15: (with DISCUSS)
> >>
> >> Hi Med,
> >>
> >> please see inline.
> >>
> >>> Am 24.09.2018 um 10:55 schrieb <mohamed.boucadair@orange.com>
> >> <mohamed.boucadair@orange.com>:
> >>>
> >>> Re-,
> >>>
> >>> Please see inline.
> >>>
> >>> Cheers,
> >>> Med
> >>>
> >>>> -----Message d'origine-----
> >>>> De : Mirja Kuehlewind (IETF) [mailto:ietf@kuehlewind.net]
> >>>> Envoyé : lundi 24 septembre 2018 10:14
> >>>> À : BOUCADAIR Mohamed IMT/OLN
> >>>> Cc : The IESG; opsawg@ietf.org; draft-ietf-opsawg-nat-yang@ietf.org;
> >> opsawg-
> >>>> chairs@ietf.org
> >>>> Objet : Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-
> >> yang-
> >>>> 15: (with DISCUSS)
> >>>>
> >>>> Hi Med,
> >>>>
> >>>> thanks for you reply. It makes sense that you may want different values
> >> for
> >>>> different protocol in the case of UDP and TCP.
> >>> However, I think the question
> >>>> is not that much which protocol but which properties does the protocol
> >> have,
> >>>> e.g. all connection-oriented protocol probably have some kind of
> handshake
> >>>> that can be used to trigger these timers.
> >>>>
> >>>
> >>> [Med] I hear you... but the issue is the other way around: availability
> of
> >> a stateful implementation which adheres to that design approach.
> >>
> >> Understood. And I also understand that your motivation is to aline with
> >> existing implementations, which makes sense. I just wonder if there is a
> way
> >> to make it even easier to enable new implementations for other protocols
> in
> >> future (without defining a new protocol-specific extension).
> >>
> >>>
> >>>
> >>>> Is it maybe possible to model these times generally for certain protocol
> >>>> feature and the have the ability to overwrite these „default“ values
> with
> >>>> protocol-specific values?
> >>>
> >>> [Med] There are ways to overwrite default values, e.g., define a type and
> >> derive new one from it. Nevertheless, it is simpler to define explicit
> timers
> >> as we have done in the document given that protocol differentiation is a
> >> requirement. One for UDP, one for ICMP, and state-specific timers for TCP.
> >> Future documents can re-use state-specific timers for generic
> configuration
> >> matters, if needed.
> >>
> >> What about maybe renaming the timers and don’t have tcp in the name but
> >> explain in the text that these timer are used for tcp but could/should
> also
> >> be used for other connection-oriented protocols…? Would that be an option
> >> that could eventually help? E.g. call the "tcp-trans-open-timeout“ just
> >> "trans-open-timeout“ and explain that RFC 7857 specifies this for TCP but
> >> other implementation for connection-oriented protocols could use the same
> >> timer? Just thinking...
> >>
> >
> > [Med] No problem to change the name if this helps, but I'm afraid this
> effort may be useless if there is no reference document that explains how
> these timers can be used for other protocols.
> 
> Understood. I don’t think people go ahead an implement this without a
> reference doc (however, some might actually have implementation for other
> protocols that are just not documented in an RFC, anyway) but at least you
> would not necessary need to extend the yang model as soon as we have the
> reference docs.
> 

[Med] Another approach is that the reference document can indicate that tcp-* timers are used to instruct the behavior, and hence no medication will be required to the module. Given that we may be speculating about what would be defined in the future, I do still have a preference for the current approach in the draft. If a generic approach is defined in a future standard, then it is easy to define an extension by reusing what is already defined for TCP.  

> >
> >
> >>>
> >>>>
> >>>> Given that these protocol specific differences especially in NAT are a
> >> huge
> >>>> problem for the deployment of new protocol it would be really nice if
> this
> >>>> could be model in a generic as possible way. E.g. would be nice to be
> able
> >> to
> >>>> use the same config for the config for quic (one a NAT is implemented to
> >>>> detect the quic handshake over udp).
> >>>
> >>> [Med] For the quic example, one would argue that the UDP-related config
> >> parameters are sufficient; there is even no need to inspect whether this
> is
> >> quic or plain UDP packet.
> >>
> >> No, that’s exactly the problem. QUIC is a connection-oriented protocol, so
> it
> >> would potentially be possible and desirable to have longer time-outs than
> you
> >> usually have for other UDP traffic.
> >
> > [Med] We can already do that with this model: per-port-timeout. An entry
> for 443, for example may be provided in such case. No?
> 
> That already help. However, you might not always want to configure a long
> time-out without e.g. also having the trans-open-timeout as well which would
> be possible to implement with quic as the handshake is visible in clear.
> 
> Btw. is the per port time-out protocol-independent? Because HTTPS is also
> using 443 (over TCP) and I guess you would want the usually tcp timers there.
> So not sure if that config using the per-port-timeout would work at all?
> 

[Med] Good catch. A leaf is missing to indicate the protocol. If no protocol is indicated, this means "any protocol". Updated my local copy. Thanks.

v2.23.0 | Report a Bug | By Email