IETF Logo Mail Archive

Re: [pcp] PCP proxying / relaying

"Dan Wing" <dwing@cisco.com> Thu, 17 March 2011 18:48 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: pcp@core3.amsl.com
Delivered-To: pcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 110153A6966 for <pcp@core3.amsl.com>; Thu, 17 Mar 2011 11:48:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.353
X-Spam-Level:
X-Spam-Status: No, score=-110.353 tagged_above=-999 required=5 tests=[AWL=0.246, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CKGn2zow4KI7 for <pcp@core3.amsl.com>; Thu, 17 Mar 2011 11:48:46 -0700 (PDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 2C5EB3A693F for <pcp@ietf.org>; Thu, 17 Mar 2011 11:48:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=2255; q=dns/txt; s=iport; t=1300387814; x=1301597414; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=nsc3p24bahtzGVIYtFrj11x8lbTzylOdHNJ9zPnASnk=; b=Qlnum+hxwG3rScVyKFN2AWFrY2l3o1utqr8sL4dUAnDtz1N/syuqY1rU tFJbT8ACie7Kr8cBc1vo077c5uiRRFE+O2k3AvI7r7UB8ChN/r+baRc5n XveO0wjHwyeG8caWgxgoEjKwLEIZkgUyt7IayLrhEWkJDdjc5rTOzfW84 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap0BAD/0gU2tJXHB/2dsb2JhbACYHT+BJYtNd6dJnDqFYwSFLw
X-IronPort-AV: E=Sophos;i="4.63,200,1299456000"; d="scan'208";a="348395875"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by sj-iport-5.cisco.com with ESMTP; 17 Mar 2011 18:50:13 +0000
Received: from dwingWS ([10.32.240.196]) by rcdn-core2-6.cisco.com (8.14.3/8.14.3) with ESMTP id p2HIoDZ4001744; Thu, 17 Mar 2011 18:50:13 GMT
From: Dan Wing <dwing@cisco.com>
To: Francis.Dupont@fdupont.fr
References: Your message of Wed, 16 Mar 2011 11:55:15 MST. <011801cbe40b$b0691140$113b33c0$@com> <201103171455.p2HEtA3o068515@givry.fdupont.fr>
In-Reply-To: <201103171455.p2HEtA3o068515@givry.fdupont.fr>
Date: Thu, 17 Mar 2011 11:50:12 -0700
Message-ID: <06e801cbe4d4$26087800$72196800$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Acvks1eXBFYlrGYsTNOhkEm4LtOSRQAIJPQg
Content-language: en-us
Cc: pcp@ietf.org
Subject: Re: [pcp] PCP proxying / relaying
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2011 18:48:47 -0000

> -----Original Message-----
> From: Francis.Dupont@fdupont.fr [mailto:Francis.Dupont@fdupont.fr]
> Sent: Thursday, March 17, 2011 7:55 AM
> To: Dan Wing
> Cc: 'Alain Durand'; pcp@ietf.org
> Subject: Re: [pcp] PCP proxying / relaying
> 
> 
>  In your previous mail you wrote:
> 
>    This seems quite similar to how today's ALGs function.  Can this be
> modeled
>    in the CPE router like an ALG?
> 
> => if you extend the ALG notion for NATs to routers it would be an ALG.
> 
>    A difference from a normal ALG is that sometimes a PCP response
> needs to be
> 
> => normal ALG? an ALG can do anything: it is supposed to have access
> to all functions (in a traditional OS it is at least in part in the
> kernel (*)).
> 
>    generated by the CPE router itself (rather than forwarding the
> request to
>    the upstream PCP server).  But perhaps that is why the earlier PCP
> Proxy
>    paper (draft-bpw-pcp-proxy-00) mentioned 'faking' a response.
> 
> => yes, the word 'fake' meant the response is built directly by the
> proxy
> (which at the difference of an ALG is a standard application: its only
> complexity is that it is multiplexed on two sides: the internal where
> it
> acts as a server, the external where it acts as a client. But if you
> don't
> require it to be able to handle a zillion of messages per second it is
> still a low complexity).
> 
> Regards
> 
> Francis.Dupont@fdupont.fr
> 
> PS (*): there are two standard ways to implement such an ALG:
>  - fully in the kernel (not the best: kernel programming is hairy,
>   a nightmare to debug and bugs are named panics :-)
>  - use a hook to intercept "interesting" packets and a second one
>   to reinject processed packets (BTW NATs/firewalls often provides
>   such hooks which are still available in the "router mode").
> 
> PPS: in case it is not clear I think ALGs are BAD!

Agreed ALGs are bad.  But your argument against the IANA-assigned
address is that it's hard to implement.  My point is that ALGs,
which demonstrably exist on NATs and (before that) firewalls,
do the same thing as PCP would need if we use an IANA-assigned
address.

Does that remove your objection to consider an IANA-assigned
address?

-d

v2.23.0 | Report a Bug | By Email