IETF Logo Mail Archive

Re: [pcp] Official reviewers Request for Learn NAT64 PREFIX64s using PCP

Iljitsch van Beijnum <iljitsch@muada.com> Fri, 17 May 2013 12:58 UTC

Return-Path: <iljitsch@muada.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A4C21F93E8 for <pcp@ietfa.amsl.com>; Fri, 17 May 2013 05:58:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UnFyDQTMv+Lr for <pcp@ietfa.amsl.com>; Fri, 17 May 2013 05:58:06 -0700 (PDT)
Received: from sequoia.muada.com (sequoia.muada.com [IPv6:2001:1af8:3100:a006:1::]) by ietfa.amsl.com (Postfix) with ESMTP id 721F021F881F for <pcp@ietf.org>; Fri, 17 May 2013 05:58:06 -0700 (PDT)
Received: from [192.168.178.12] (53564520.cm-6-7b.dynamic.ziggo.nl [83.86.69.32]) (authenticated bits=0) by sequoia.muada.com (8.13.3/8.13.3) with ESMTP id r4HCqEO0036726 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 17 May 2013 14:52:14 +0200 (CEST) (envelope-from iljitsch@muada.com)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: <45A697A8FFD7CF48BCF2BE7E106F0604090861C4@xmb-rcd-x04.cisco.com>
Date: Fri, 17 May 2013 14:57:56 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <751A0C06-CDD7-4FCD-84D0-C0E5BFFE12A7@muada.com>
References: <45A697A8FFD7CF48BCF2BE7E106F0604090861C4@xmb-rcd-x04.cisco.com>
To: Reinaldo Penno <repenno@cisco.com>
X-Mailer: Apple Mail (2.1503)
Cc: pcp@ietf.org, draft-ietf-pcp-nat64-prefix64@tools.ietf.org
Subject: Re: [pcp] Official reviewers Request for Learn NAT64 PREFIX64s using PCP
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2013 12:58:07 -0000

On 16 mei 2013, at 13:19, Reinaldo Penno (repenno) <repenno@cisco.com> wrote:

>> Title  : Learn NAT64 PREFIX64s using PCP
>> URL    : http://tools.ietf.org/html/draft-ietf-pcp-nat64-prefix64-00
>> Authors: M. Boucadair

Ok, here is a brief review. Brief in the sense that I didn't re-familiarize myself with the related RFCs.

This is clearly useful.

I found 3.2, and especially 3.2.2 very sparse, I was looking to learn more about how this mechanism is useful in practice here. Some more applications/protocols could be listed. However, a lot of information is provided in 3.3. Unfortunately, there are two issues with this:

1. SIP is a very complex protocol that not everyone may be familiar with

2. Unless I misunderstood, a lot of what happens here is pure NAT64, and unrelated to the knowledge of the Pref64:

"the PCP Client issues a PCP MAP request with
   PORT_RESERVATION_OPTION to reserve a pair of ports preserving parity
   and contiguity [I-D.boucadair-pcp-rtp-rtcp].  A pair of ports and an
   external IPv4 address are then returned by the PCP server to the
   requesting PCP Client."

It would be more useful to concentrate on the functionality that is only possible when the Pref64 is known at this point. For instance, in the case of BitTorrent, IPv4 addresses of prospective peers may be learned from a tracker. In order for the client to connect to those peers, it needs to synthesize IPv6 representations for those IPv4 addresses by combining them with the Pref64.

It would be useful to spell out that the ability to reserve ports and learn the external IPv4 address used by the NAT64 (or any NAT) allows for receiving incoming sessions. For this, the Pref64 is not needed. The Pref64, on the other hand, allows for setting up outgoing connections to systems for which only a literal IPv4 address (and not a fully qualified domain name) is known. But for this, no other PCP functionality is required. (Although in practice it gets more complex when ports are used in both directions simultaneously.)

The abstract starts with "This document defines a new PCP extension to learn the IPv6 prefix(es) used by a PCP-controlled NAT64 device" but the PREFIX64 option only allows for one Pref64 and the option may only appear once, so the (es) part shouldn't be there. (Would the ability to learn multiple Pref64s be useful?? I guess load balancing across NAT64s with each a Pref64 of their own is possible.)

In 4.1 a reference to section 7.3 of RFC 6887 would be useful.

Although I was unhappy with the SIP example earlier, I think it's appropriate in section 5 as it shows the full complexity of a real-world system now that we've learned all the details of the mechanism. I think the section title should have "SIP" in it, though.

In the security considerations, I would expect a discussion about what happens when a malicious third party impersonates a PCP server and provides a fake Pref64.

Iljitsch

v2.23.0 | Report a Bug | By Email