IETF Logo Mail Archive

[pcp] PCP Issue #24, PCP mappings same public IP address as dynamic mappings [was RE: WGLC: draft-ietf-pcp-base-12.txt]

"Dan Wing" <dwing@cisco.com> Tue, 07 June 2011 18:26 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A3BE11E8139 for <pcp@ietfa.amsl.com>; Tue, 7 Jun 2011 11:26:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.3
X-Spam-Level:
X-Spam-Status: No, score=-109.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lK9aEi+irlJL for <pcp@ietfa.amsl.com>; Tue, 7 Jun 2011 11:26:42 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by ietfa.amsl.com (Postfix) with ESMTP id 079B111E8147 for <pcp@ietf.org>; Tue, 7 Jun 2011 11:26:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=6773; q=dns/txt; s=iport; t=1307471202; x=1308680802; h=from:to:references:in-reply-to:subject:date:message-id: mime-version:content-transfer-encoding; bh=PUfpaub9bSWw2stDqtIuV/fCfJv91+PzbYWPJSrB9xc=; b=EX035WF054a/Rbb9ePfVy4Uw5lFFVG6+KSy7vMGYU9kaWbWnpCJkTbNY wFvCAa/caeh6E3oJY9uyYHErpKYQzzLofo0Ug9O2rZVrsDuQnHeEQ9r6s iZTSrCr7AmhAeDCPbeKMjNYUy9+DOrz9jxRsUfvmLKB14iPBBvvgEa89s o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgwBAFps7k2rRDoG/2dsb2JhbABTlziBZo0Dd4hxommeEoYhBIZ4mXc
X-IronPort-AV: E=Sophos;i="4.65,333,1304294400"; d="scan'208";a="372035707"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by sj-iport-2.cisco.com with ESMTP; 07 Jun 2011 18:26:39 +0000
Received: from dwingWS ([10.32.240.194]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p57IQdfS023919; Tue, 7 Jun 2011 18:26:39 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Tina Tsou' <tena@huawei.com>, 'Dave Thaler' <dthaler@microsoft.com>, pcp@ietf.org
References: <9B57C850BB53634CACEC56EF4853FF653B0BA0FD@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <9B57C850BB53634CACEC56EF4853FF653B0E7836@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <01bb01cc2277$eb072b70$c1158250$@com> <04d801cc231a$6b2747c0$4175d740$@com> <004001cc253f$3600ef20$a202cd60$@com>
In-Reply-To: <004001cc253f$3600ef20$a202cd60$@com>
Date: Tue, 07 Jun 2011 11:26:39 -0700
Message-ID: <02a201cc2540$7156a460$5403ed20$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcwXKk61FuyajK7hRbulosJtjQ9K5wK/sVTgABOocjAAKHAzUACJWLSwAAAnAzA=
Content-Language: en-us
Subject: [pcp] PCP Issue #24, PCP mappings same public IP address as dynamic mappings [was RE: WGLC: draft-ietf-pcp-base-12.txt]
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2011 18:26:43 -0000

I changed the subject on this thread to better represent what is being
discussed, which is 
http://trac.tools.ietf.org/wg/pcp/trac/ticket/24, "PCP mappings same public
IP address as dynamic mappings".

More below.

> -----Original Message-----
> From: Tina Tsou [mailto:tena@huawei.com]
> Sent: Tuesday, June 07, 2011 11:17 AM
> To: 'Dan Wing'; 'Dave Thaler'; pcp@ietf.org
> Subject: RE: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> 
> Dan,
> Comments are in line beginning with [Tina: ...].
> 
> 
> We keep our promises with one another - no matter what!
> 
> Best Regards,
> Tina TSOU
> http://tinatsou.weebly.com/contact.html
> 
> 
> -----Original Message-----
> From: Dan Wing [mailto:dwing@cisco.com]
> Sent: Saturday, June 04, 2011 5:49 PM
> To: 'Tina Tsou'; 'Dave Thaler'; pcp@ietf.org
> Subject: RE: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> 
> > -----Original Message-----
> > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> > Tina Tsou
> > Sent: Friday, June 03, 2011 10:26 PM
> > To: 'Dave Thaler'; pcp@ietf.org
> > Subject: Re: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> >
> > Dear all,
> > In section7, there is one description:
> > "It is REQUIRED that the PCP-controlled device assign the same
> >    external IP address to PCP-created explicit dynamic mappings and
> to
> >    implicit dynamic mappings."
> > It is only a requirement to CGN, but some existing CGN may not
> support
> > this requirement as defined in RFC4787-[REQ1]:
> > "Some NATs use the external IP address mapping in an arbitrary
> fashion
> >    (i.e., randomly): one internal IP address could have multiple
> >    external IP address mappings active at the same time for different
> >    sessions"
> 
> You quoted non-normative text; later in that same section of RFC4787
> it explains how random ("Arbitrary") assignment causes harm.  REQ-2
> says that "paired" is RECOMMENDED.
> 
> > Therefore, I suggest the PCP client should also support this
> > requirement which was actually defined in 00 version but deleted in
> > later versions (maybe I missed the reason of the text change):
> > If there is any existing PCP mapping, PCP client should only request
> > the same external IP address as the one of those existing mappings.
> The
> > reason is that it will allow applications that use multiple ports
> > originating from the same internal IP address to also have the same
> > external IP address.
> 
> 
> We (the NAT and PCP server) can't know if, when there is an implicit
> dynamic connection from a host's source port, that connection was
> done by the same application as the explicit mapping, or if the OS
> happened to assign that source port to some other (unrelated)
> application.
> [Tina: If the connection was done by one application as the explicit
> mapping, e.g., PCP mapping, the subsequent connection from the same
> internal
> IP address will use the same external IP address according to the PCP
> mapping. 

Agreed.


> The implicit mapping will not match in this case.  If the connection
> was done by one application as the implicit mapping, the subsequent
> connection can also use the same external IP address because the
> application
> can make the PCP client to meet the same requirement.]

Sorry, I do not understand the previous two sentences.


> If the NAT is EIM, it will reuse the same mapping it already
> has.  Because that is the definition of being a EIM NAT.
> And it is important that all implicit dynamic mappings use the
> same public IPv4 address (for all the reasons stated in the
> existing UDP and TCP RFCs).  We don't want PCP to make that
> situation worse because some other un-related application did
> a MAP request.
> 
> If it is a non-EIM NAT, I suppose there is a way to use separate
> pools, if the non-EIM NAT applies some sort of logic to the
> implicit sessions -- the logic described in #2 of
> http://tools.ietf.org/html/draft-ietf-pcp-base-12#section-11.1
> If you want/need that, please provide text.
> [Tina: The proposed texts are as below:
> In non-EIM NAT case, PCP client should only request the same external
> IP
> address as the one of those existing links for one application. The
> reason is that it will allow application that use multiple ports
> originating
> from the same internal IP address to also have the same
> external IP address.]

I think see what you're wanting the document to say.  

How about this proposed text, instead:


  If there is already an active explicit dynamic mapping,
  it will be mapped to a certain external IP address.
  When the PCP client makes another explicit dynamic mapping,
  it SHOULD place the external IP address of the existing
  mapping into the Requested External Address of the MAP 
  request.  By doing this, all of the PCP client's explicit
  dynamic mappings will be on the same external address.


Does that say the same thing?

Is it acceptable?

-d
  


> But I fear the interaction that is created if non-EIM NAT
> could create mappings on arbitrary IP addresses while EIM
> NAT creates mappings on the same IP address.  For example,
> if an application was tested with an EIM NAT (which always
> assigns PCP-created mappings and implicit mappings to the
> same external IP address), that application may well fail
> when deployed behind a non-EIM NAT that (a) allocates different
> IP addresses for different PCP mappings or (b) different IP
> addresses for PCP mappings versus implicit dynamic mappings.
> 
> -d
> 
> 
> >
> > Have a good weekend.
> >
> > We keep our promises with one another - no matter what!
> >
> > Best Regards,
> > Tina TSOU
> > http://tinatsou.weebly.com/contact.html
> >
> > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> > Dave Thaler
> > Sent: Friday, June 03, 2011 1:02 PM
> > To: pcp@ietf.org
> > Subject: Re: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> >
> > Some comments on -12 are in the marked up copy at
> > http://research.microsoft.com/users/dthaler/draft-ietf-pcp-base-
> 12.pdf
> >
> > -Dave
> >
> > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> > Dave Thaler
> > Sent: Friday, May 20, 2011 1:18 PM
> > To: pcp@ietf.org
> > Subject: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> >
> > This message starts a two-week WGLC on
> > http://www.ietf.org/internet-drafts/draft-ietf-pcp-base-12.txt
> >
> > This last call will conclude on June 3rd at 5pm EST.
> >
> > Please send your comments to the list.
> >
> > We are scheduling a WebEx call shortly after the WGLC concludes,
> > and will send out details in separate email.
> >
> > Thanks,
> > -Dave and Alain
> >
> >

v2.23.0 | Report a Bug | By Email