Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt comments due by NOV 5
Simon Perreault <simon.perreault@viagenie.ca> Thu, 31 October 2013 14:24 UTC
Return-Path: <simon.perreault@viagenie.ca>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B8B21F9DD6 for <pcp@ietfa.amsl.com>; Thu, 31 Oct 2013 07:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FeJ740A+Kvxk for <pcp@ietfa.amsl.com>; Thu, 31 Oct 2013 07:24:14 -0700 (PDT)
Received: from jazz.viagenie.ca (jazz.viagenie.ca [IPv6:2620:0:230:8000::2]) by ietfa.amsl.com (Postfix) with ESMTP id 4EBB021F9DD5 for <pcp@ietf.org>; Thu, 31 Oct 2013 07:24:14 -0700 (PDT)
Received: from porto.nomis80.org (unknown [IPv6:2620:0:230:2001::1000]) by jazz.viagenie.ca (Postfix) with ESMTPSA id C3D1640060 for <pcp@ietf.org>; Thu, 31 Oct 2013 10:24:13 -0400 (EDT)
Message-ID: <5272680D.6060209@viagenie.ca>
Date: Thu, 31 Oct 2013 10:24:13 -0400
From: Simon Perreault <simon.perreault@viagenie.ca>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8
MIME-Version: 1.0
To: pcp@ietf.org
References: <b8f9ec4bebff4bea86d0e28901dca183@BN1PR03MB267.namprd03.prod.outlook.com>
In-Reply-To: <b8f9ec4bebff4bea86d0e28901dca183@BN1PR03MB267.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="windows-1257"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt comments due by NOV 5
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 14:24:15 -0000
Dave, Thanks a lot for the review! I'll be sure to incorporate your comments into a new revision shortly after the gates reopen. Le 2013-10-30 18:33, Dave Thaler a écrit : > 1) The claim that a port set makes code simpler needs an explanation to justify it. > E.g., if an app really needs 16 ports, and it fails to get 16 back in its first request, it still > has to handle that and say make multiple separate requests. Two observations: - Wouldn't that behaviour be a tiny bit evil? It reminds me of applications that create multiple flows in an attempt to trick an SFQ-based QoS into allocating them more bandwidth. - Often, apps that ask for N ports don't really need N ports. Ideally they would like to get N ports, but they can live with <N ports. No need for single-port fallback in that case. > So if it already has to have > code to deal with multiple separate requests, why is it simpler to add port set functionality > to and implement both? This seems counter-intuitive to a reader. That would only apply to apps that absolutely need N ports to function, and don't need them to be contiguous. Those apps need to fall back on single-port requests as you describe. But I would argue that these apps are really quite rare. We can add text describing these concerns in the next revision. > 2) Text on overlapping ranges needs more detail. Is it legal for a client to send requests for > overlapping ranges in parallel or not? I ask because this was an attack vector for IP reassembly > so can imagine we need the precision here to avoid similar attacks. This might have an impact > on the Security Considerations section. Hmmm... interesting. I see now that those requests would not be idempotent, contrary to single-port MAP requests. The first one to be processed by the server would "win". Responses to each request would depend on which one has won. I don't see an attack here, but the lack of idempotence bugs me. I don't quite know what action to take here except describe the situation in the next revision. > 3) The unstated assumption in section 5.3 seems to be that the client can reuse the same > mapping nonce in all independent requests that it wants to refresh as a block, is that right? Right. > Let's say internal port 100 and 110 both have the same mapping nonce, and internal port 105 > has a different mapping nonce (e.g., from a different PCP client on the same host). > If the first PCP client sends a refresh for port 100, Port Set Size = 11, what would the effect be > at the PCP server? Assuming the request nonce matches the nonce of the mapping at port 100, then: - The mapping at port 100 would be refreshed. - The mapping at port 110 would not be refreshed, but its remaining lifetime would be returned by the server, as described in draft-cheshire-pcp-unsupp-family. The response's nonce would be copied from the request's nonce. If you agree that this is how it should be, I'll add this to the example section. However, that would depend on keeping the normative reference to unsupp-family (see point 5 below). > 4) Section 4.1 says if the response does not include a PORT_SET, in a response it assumes > the server doesn't support it, and sends individual MAP requests for the rest of the ports it needs. > But section 4.2 says if the server does support PORT_SET but can only return 1 in its first response, > It must omit the PORT_SET option. I think that's wrong since it will confuse the client as noted above. > If it's included with a Port Set Size of 1, the client knows it can keep trying using PORT_SET for subsequent > blocks, which might get more than 1 port in each response. Agreed. I'll modify the draft accordingly unless others disagree. > 5) If we want this to go to RFC soon, we need to remove normative references to non-RFCs > (and this is easy, I suggested text), but I think we should also remove informative references to > individual drafts (i.e., drafts that aren't currently WG drafts in any WG), and instead only reference > in the reverse direction; those other drafts should reference this one instead of the other way around. AFAIK, informative references don't prevent publishing as an RFC. So I'll focus on normative references. I'll remove the reference to draft-boucadair-pcp-failure unless others disagree. About draft-cheshire-pcp-unsupp-family: we could remove the reference and let the document stand on its own. The new example showing the effect of nonce checking multiple mappings with differing nonces would be added to draft-cheshire. As an aside: the example in section "5.2 Stateless Mapping Discovery" is not specific to draft-tsou-stateless-nat44. It is intended to illustrate how discovery is done generically without the client knowing the kind of stateless NAT it is speaking to. In fact, if the NAT in that example had been one implementing draft-tsou, the numbers would have been different. Therefore I suggest keeping the example. Simon -- DTN made easy, lean, and smart --> http://postellation.viagenie.ca NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca STUN/TURN server --> http://numb.viagenie.ca
- [pcp] WGLC: draft-ietf-pcp-port-set-03.txt commen… Dave Thaler
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… meng.wei2
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Dave Thaler
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Simon Perreault
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Dave Thaler
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Ted Lemon
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Simon Perreault
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Qi Sun
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Fuyu (Eleven)
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Cong Liu
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Yuchi Chen
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Ted Lemon
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Simon Perreault
- Re: [pcp] WGLC: draft-ietf-pcp-port-set-03.txt co… Dave Thaler