Re: [pcp] Multi-homed NAT (was: What's the final conclusion?答复: [Technical Errata Reported] RFC6887 (3887))
Dave Thaler <dthaler@microsoft.com> Thu, 13 February 2014 03:55 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F0A71A00DD for <pcp@ietfa.amsl.com>; Wed, 12 Feb 2014 19:55:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.313
X-Spam-Level:
X-Spam-Status: No, score=-96.313 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, CN_BODY_35=0.339, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pImbNwsk_jHf for <pcp@ietfa.amsl.com>; Wed, 12 Feb 2014 19:55:06 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0244.outbound.protection.outlook.com [207.46.163.244]) by ietfa.amsl.com (Postfix) with ESMTP id 285131A00D8 for <pcp@ietf.org>; Wed, 12 Feb 2014 19:55:06 -0800 (PST)
Received: from BY2PR03MB412.namprd03.prod.outlook.com (10.141.141.25) by BY2PR03MB411.namprd03.prod.outlook.com (10.141.141.22) with Microsoft SMTP Server (TLS) id 15.0.873.15; Thu, 13 Feb 2014 03:55:03 +0000
Received: from BY2PR03MB412.namprd03.prod.outlook.com ([10.141.141.25]) by BY2PR03MB412.namprd03.prod.outlook.com ([10.141.141.25]) with mapi id 15.00.0873.009; Thu, 13 Feb 2014 03:55:03 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "Zhangzhan (Channy)" <channy.zhang@huawei.com>, Dan Wing <dwing@cisco.com>
Thread-Topic: Multi-homed NAT (was: What's the final conclusion?答复: [Technical Errata Reported] RFC6887 (3887))
Thread-Index: Ac8oZzWfW4x5PAEUTrq8YeFFYwPPGQABkIyAAABsuMA=
Date: Thu, 13 Feb 2014 03:55:03 +0000
Message-ID: <3881c4e57bf54bea836ca214c98c528f@BY2PR03MB412.namprd03.prod.outlook.com>
References: <a3bde67a7aaf4a6bba0234a76ef06809@BY2PR03MB412.namprd03.prod.outlook.com> <1DA8CEC3F3E989439069663C05A865D334F97B5A@nkgeml508-mbx.china.huawei.com>
In-Reply-To: <1DA8CEC3F3E989439069663C05A865D334F97B5A@nkgeml508-mbx.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.135.4.20]
x-forefront-prvs: 0121F24F22
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(51704005)(13464003)(24454002)(51444003)(199002)(189002)(377454003)(94946001)(51856001)(74662001)(74366001)(93516002)(74502001)(47736001)(93136001)(81542001)(4396001)(69226001)(47446002)(31966008)(49866001)(94316002)(50986001)(47976001)(86362001)(81342001)(76796001)(76576001)(46102001)(76786001)(53806001)(63696002)(56816005)(92566001)(85852003)(87936001)(83322001)(19580405001)(19580395003)(81816001)(65816001)(80022001)(85306002)(74876001)(81686001)(66066001)(90146001)(2656002)(80976001)(224303002)(77982001)(59766001)(54356001)(74706001)(95666001)(74316001)(79102001)(76482001)(33646001)(95416001)(87266001)(83072002)(54316002)(56776001)(86612001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB411; H:BY2PR03MB412.namprd03.prod.outlook.com; CLIP:50.135.4.20; FPR:FC20F0E5.ACF2DBA2.3CF171BB.8ED8DD51.20513; InfoNoRecordsA:1; MX:1; LANG:en;
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: Stuart Cheshire <cheshire@apple.com>, Brian Haberman <brian@innovationslab.net>, PCP Working Group <pcp@ietf.org>
Subject: Re: [pcp] Multi-homed NAT (was: What's the final conclusion?答复: [Technical Errata Reported] RFC6887 (3887))
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 03:55:09 -0000
> -----Original Message----- > From: Zhangzhan (Channy) [mailto:channy.zhang@huawei.com] > Sent: Wednesday, February 12, 2014 7:44 PM > To: Dave Thaler; Dan Wing > Cc: Ted Lemon; PCP Working Group; Stuart Cheshire; > mohamed.boucadair@orange.com Boucadair; Reinaldo Penno; > pselkirk@isc.org; Brian Haberman > Subject: 答复: Multi-homed NAT (was: What's the final conclusion?答复: > [Technical Errata Reported] RFC6887 (3887)) > > To Dave: > > Based on my understanding for your meaning: > It's more appropriate to select an optimal one instead of default behavior in > this scene. > > But in such a network topology: > > ,-----. > ,' `. > .( ISP1 ) > ,-------. .-' `. ,' > ,-' ISP0 `-. .' `-----' > Host \ CGN .-' ,-------. > +----+-----+ +---+------+ .' ,' `. > |PCP Client|-------|PCP Server|.'------------( ISP2) > +----+-----+ +---+------+ `-. `. ,' > \ / `. `-------' > `-. ,-' `-. ,-----. > `-------' `. / \ > `-( ISP3 ) > \ / > `-----' > > If users in ISP1 want to visit the host in ISP0, suppose the global nat address > of host is IP pool 1. > Normally, if no PCP, if users in ISP2 want to visit the host, the global nat > address of host is IP pool 2. > IP pool 1 and IP pool 2 are certainly different address segments, and > belonging to different ISP. > > Now PCP is used to mapping the global nat address, suppose CGN select IP > pool 1 as the optimal one. If users in ISP2 want to visit the host, must visit the > IP pool 1 through ISP1's network. But usually this is not acceptable to IPS2. Yes that diagram is a different scenario than the one you originally mentioned, where all connect to the Internet. (There is no Internet in your picture here.) This is the scenario Dan was referring to. -Dave > -----邮件原件----- > 发件人: Dave Thaler [mailto:dthaler@microsoft.com] > 发送时间: 2014年2月13日 11:03 > 收件人: Dan Wing > 抄送: Zhangzhan (Channy); Ted Lemon; PCP Working Group; Stuart > Cheshire; mohamed.boucadair@orange.com Boucadair; Reinaldo Penno; > pselkirk@isc.org; Brian Haberman > 主题: Multi-homed NAT (was: What's the final conclusion?答复: [Technical > Errata Reported] RFC6887 (3887)) > > Updating subject line. > > More below. > > > -----Original Message----- > > From: Dan Wing [mailto:dwing@cisco.com] > > Sent: Wednesday, February 12, 2014 6:55 PM > > To: Dave Thaler > > Cc: Zhangzhan; Ted Lemon; PCP Working Group; Stuart Cheshire; > > mohamed.boucadair@orange.com Boucadair; Reinaldo Penno; > > pselkirk@isc.org; Brian Haberman > > Subject: Re: What's the final conclusion?答复: [Technical Errata > > Reported] > > RFC6887 (3887) > > > > > > On Feb 12, 2014, at 6:35 PM, Dave Thaler <dthaler@microsoft.com> wrote: > > > > >> -----Original Message----- > > >> From: Dan Wing [mailto:dwing@cisco.com] > > >> Sent: Wednesday, February 12, 2014 6:23 PM > > >> To: Zhangzhan > > >> Cc: Ted Lemon; PCP Working Group; Stuart Cheshire; > > >> mohamed.boucadair@orange.com Boucadair; Reinaldo Penno; > > >> pselkirk@isc.org; Brian Haberman; Dave Thaler > > >> Subject: Re: What's the final conclusion?答复: [Technical Errata > > >> Reported] > > >> RFC6887 (3887) > > >> > > >> > > >> On Feb 12, 2014, at 5:29 PM, Zhangzhan (Channy) > > >> <channy.zhang@huawei.com> wrote: > > >> > > >>> Maybe you misunderstand me. > > >>> There is only one router for NAT and PCP. > > >>> If the NAT gateway device (such as CGN) is PCP Server and has two > > >>> or more > > >> out interfaces to internet were doing different nat conversion in the > ISP. > > >>> Maybe using NAT address pool A, B, C... And the routing entries to > > >>> internet > > >> on NAT gateway is equivalent default route. In this case, the out > > >> interface is uncertain, fully in accordance with the equivalent > > >> route > > selection. > > >>> If no PCP, service traffic can be selected out interface according > > >>> to the > > >> destination address and do different NAT conversion. > > >>> But the PCP message is in before the normal service traffic. And > > >>> PCP MAP > > >> mode message does not include the destination address, the NAT > > >> gateway device how to choose the out interfaces and the different > > >> NAT address pools? > > >>> Based on the current PCP protocol, I think that can't be solved. > > >>> Or what I > > >> understand something wrong? > > >> > > >> With such a network topology, you are correct that the current MAP > > >> opcode doesn't work. > > > > > > I'm not sure it's fair to say it "doesn't work". It just means that > > > the NAT picks one using any implementation-specific mechanism. In > > > the stated example above, both possible answers go to the Internet, > > > so what > > wouldn't "work"? > > > > Good point. Same with a TCP SYN -- it gets assigned to one CGN, or > > the other > > -- it wouldn't be assigned to both. I had figured that both don't > > really, really, go to the Internet, like what NTT does with their IPv6 > > default route in Japan (which doesn't go to the Internet). > > Yes that's an alternate example that's good to discuss (hence the change in > subject line), which draft-penno-pcp-zones does. In a multi-homed NAT > case, I'd expect the implementation to prefer the one that actually goes to > the Internet. > That is, since MAP tries to open a port for "anyone", then when multiple > choices exist that support different sets of remote peers, one should by > default prefer the one with the larger set, as being closer to the desire of > "anyone". > > And of course there could be implementation-specific configuration to > override the default, or protocol support a la draft-penno-pcp-zones to > specify non-default behavior. > > -Dave > > > > > -d > > > > > > > > > > On the topic of the errata, I agree with Ted it is not an errata. > > > It's simply an implementation detail that the RFC doesn't specify, > > > so it's up > > to the reader. > > > > > > -Dave
- [pcp] Multi-homed NAT (was: What's the final conc… Dave Thaler
- Re: [pcp] Multi-homed NAT (was: What's the final … Dave Thaler