Re: [pcp] Issue Analysis of PCP in Mobile Network was (Fwd: New Version Notification for draft-chen-pcp-mobile-deployment-01.txt)

["Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>]

> -----Original Message-----
> From: GangChen [mailto:phdgang@gmail.com]
> Sent: Friday, August 17, 2012 8:42 AM
> To: Tirumaleswar Reddy (tireddy)
> Cc: pcp@ietf.org
> Subject: Re: [pcp] Issue Analysis of PCP in Mobile Network was (Fwd:
> New Version Notification for draft-chen-pcp-mobile-deployment-01.txt)
> 
> Thanks for the review.
> Please see my reply inline.
> 
> 2012/8/14, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com>:
> > Hi -
> >
> > 1. Section 2.1
> > Can you please clarify what kind of applications on Mobile devices
> would
> > require port range on Firewall ?
>  E.g. RTP/RTCP based applications. A pair of port is required to be
> reserved.
> 
> > MAP/PEER cannot be used to request Firewall to open a range of ports
> (other
> > than "all ports")
> 
> Acknowledged
> 
> > I am not sure what you mean by resource saving on the "Firewall node"
> -
> > clarify
> 
> If PCP is absent, firewall would have to handle unprompted keepalive
> messages.
> The resource saving is achieved by reducing such messages

Got it.

> 
> > 2. Section 5
> > There is similar problem in PMIPv6 with multiple APN.  But with IPv6,
> MN
> > will be assigned prefixes from multiple APN (using SLAAC). Firewall
> may be
> > located only in the Internet-APN. In case of IPv4, MAG can act as PCP
> Server
> > to the Mobile Node and MAG will have act as PCP Proxy and propagate
> the PCP
> > request to PCP Server in appropriate APN.  More clarity is required
> on this
> > section.
> 
> So, we would like to say more detailed description in a mobile case?

Yes, that would be good to provide detailed description.

> 
> 
> > 2. Section 7
> >    Thus a PCP server SHOULD take care to throttle unicast ANNOUNCE
> >    messages it sends towards a collection of MN.
> >
> > Comment>
> > Yes, this is a problem. For example RA throttle is dealt using the
> technique
> > in http://tools.ietf.org/html/draft-thubert-savi-ra-throttler-01
> > For example dedicated RA is unicast to each of the associated devices
> as
> > opposed to sent once as a layer 2 broadcast to all devices in a
> single
> > shot.
> > What is the plan to address such problem for ANNOUNCE ?
> > For e.g. permit ANNOUNCE only on selected trusted ports.
> 
> Could you detail what you mean by "selected trusted ports"?

I meant if it's possible to do something like http://tools.ietf.org/html/rfc6105 in RA Guard and block Multicast PCP restart announcements coming from certain interfaces. For e.g. treat PCP client facing interfaces or ports as untrusted and block Multicast PCP restart announcements coming from these interfaces. 
(The other part of the question was would these Mobile Networks typically have HA deployed for NAT/Firewall and ANNOUNCE in that case would rarely happen)

--Tiru.

> 
> > 3. Section 9
> >
> >    Because the UE has been authenticated to the MGW during context
> setup, if
> > the MGW
> >    delegates its trust to the NAT/FW device (PCP server), the NAT/FW
> >    device can trust the PCP requests from those users.
> >
> > Comment>
> > I guess if the Mobile network combines UE authentication with MGW +
> ingress
> > filtering (to prevent IP address spoofing, there may not be a need
> for
> > explicit PCP authentication). Refer to section 17.3.2 in base PCP
> spec.
> 
> Indeed. It's not required if address validation is enforced in the
> network. We would updated with this point.
> 
> BRs
> 
> Gang
> 
> > --Tiru.
> >
> >> -----Original Message-----
> >> From: GangChen [mailto:phdgang@gmail.com]
> >> Sent: Monday, July 16, 2012 9:25 PM
> >> To: pcp@ietf.org
> >> Subject: [pcp] Issue Analysis of PCP in Mobile Network was (Fwd: New
> >> Version Notification for draft-chen-pcp-mobile-deployment-01.txt)
> >>
> >> Hello all,
> >>
> >> We had a discussion of PCP in mobile context at last IETF meeting.
> >> This work was encouraged to continue the analysis of major issues
> when
> >> PCP is adopted in a mobile environment.
> >> Considering very specific features in mobile network, we made a
> >> thorough study to current PCP protocol design.
> >> Several typical issues have been pointed.
> >> PCP applicability to these issues is further presented in the memo.
> >> The authors would seek your reviews and comments.
> >> Hope the work is of value to the community.
> >>
> >> Best Regards
> >>
> >> Authors of PCP-mobile
> >>
> >> ---------- Forwarded message ----------
> >> From: internet-drafts@ietf.org
> >> Date: Mon, 16 Jul 2012 08:17:46 -0700
> >> Subject: New Version Notification for draft-chen-pcp-mobile-
> deployment-
> >> 01.txt
> >> To: phdgang@gmail.com
> >> Cc: caozhen@chinamobile.com, mohamed.boucadair@orange.com,
> >> ales.vizdal@t-mobile.cz, laurent.thiebaut@alcatel-lucent.com
> >>
> >>
> >> A new version of I-D, draft-chen-pcp-mobile-deployment-01.txt
> >> has been successfully submitted by Gang Chen and posted to the
> >> IETF repository.
> >>
> >> Filename:	 draft-chen-pcp-mobile-deployment
> >> Revision:	 01
> >> Title:		 Analysis of Port Control Protocol in Mobile Network
> >> Creation date:	 2012-07-16
> >> WG ID:		 Individual Submission
> >> Number of pages: 14
> >> URL:
> >> http://www.ietf.org/internet-drafts/draft-chen-pcp-mobile-
> deployment-
> >> 01.txt
> >> Status:
> >> http://datatracker.ietf.org/doc/draft-chen-pcp-mobile-deployment
> >> Htmlized:        http://tools.ietf.org/html/draft-chen-pcp-mobile-
> >> deployment-01
> >> Diff:
> >> http://tools.ietf.org/rfcdiff?url2=draft-chen-pcp-mobile-deployment-
> 01
> >>
> >> Abstract:
> >>    This memo provides a motivation description for the Port Control
> >>    Protocol (PCP) deployment in a 3GPP mobile network environment.
> The
> >>    document focuses on a mobile network specific issues (e.g. cell
> >> phone
> >>    battery power consumption, keep-alive traffic reduction), PCP
> >>    applicability to these issues is further studied and analysed.
> >>
> >>
> >>
> >>
> >> The IETF Secretariat
> >
> >