[pcp] Multi-homed NAT (was: What's the final conclusion?答复: [Technical Errata Reported] RFC6887 (3887))
Dave Thaler <dthaler@microsoft.com> Thu, 13 February 2014 03:03 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0235D1A00D3 for <pcp@ietfa.amsl.com>; Wed, 12 Feb 2014 19:03:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.952
X-Spam-Level:
X-Spam-Status: No, score=-95.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h3zU2GmLQy1y for <pcp@ietfa.amsl.com>; Wed, 12 Feb 2014 19:03:09 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0184.outbound.protection.outlook.com [207.46.163.184]) by ietfa.amsl.com (Postfix) with ESMTP id 48A081A0028 for <pcp@ietf.org>; Wed, 12 Feb 2014 19:03:09 -0800 (PST)
Received: from BY2PR03MB412.namprd03.prod.outlook.com (10.141.141.25) by BY2PR03MB409.namprd03.prod.outlook.com (10.141.141.11) with Microsoft SMTP Server (TLS) id 15.0.873.15; Thu, 13 Feb 2014 03:03:06 +0000
Received: from BY2PR03MB412.namprd03.prod.outlook.com ([10.141.141.25]) by BY2PR03MB412.namprd03.prod.outlook.com ([10.141.141.25]) with mapi id 15.00.0873.009; Thu, 13 Feb 2014 03:03:06 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Dan Wing <dwing@cisco.com>
Thread-Topic: Multi-homed NAT (was: What's the final conclusion?答复: [Technical Errata Reported] RFC6887 (3887))
Thread-Index: Ac8oZzWfW4x5PAEUTrq8YeFFYwPPGQ==
Date: Thu, 13 Feb 2014 03:03:03 +0000
Message-ID: <a3bde67a7aaf4a6bba0234a76ef06809@BY2PR03MB412.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.135.4.20]
x-forefront-prvs: 0121F24F22
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(199002)(189002)(51444003)(377454003)(51704005)(24454002)(13464003)(85306002)(74876001)(19580395003)(19580405001)(83322001)(65816001)(80022001)(81816001)(90146001)(81686001)(66066001)(92566001)(56816005)(63696002)(76176001)(53806001)(85852003)(87936001)(87266001)(83072002)(76482001)(95416001)(33646001)(86612001)(56776001)(54316002)(2656002)(224303002)(80976001)(95666001)(79102001)(74316001)(59766001)(77982001)(74706001)(54356001)(74502001)(93516002)(47736001)(93136001)(51856001)(74662001)(94946001)(74366001)(86362001)(50986001)(47976001)(47446002)(69226001)(49866001)(94316002)(31966008)(46102001)(76576001)(76786001)(76796001)(81342001)(81542001)(4396001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB409; H:BY2PR03MB412.namprd03.prod.outlook.com; CLIP:50.135.4.20; FPR:FC30F1E5.ACF2D5A6.CF17D7B.CED05D51.203FC; MLV:sfv; InfoNoRecordsA:1; MX:1; LANG:en;
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: Stuart Cheshire <cheshire@apple.com>, Brian Haberman <brian@innovationslab.net>, Zhangzhan <channy.zhang@huawei.com>, PCP Working Group <pcp@ietf.org>
Subject: [pcp] Multi-homed NAT (was: What's the final conclusion?答复: [Technical Errata Reported] RFC6887 (3887))
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 03:03:12 -0000
Updating subject line. More below. > -----Original Message----- > From: Dan Wing [mailto:dwing@cisco.com] > Sent: Wednesday, February 12, 2014 6:55 PM > To: Dave Thaler > Cc: Zhangzhan; Ted Lemon; PCP Working Group; Stuart Cheshire; > mohamed.boucadair@orange.com Boucadair; Reinaldo Penno; > pselkirk@isc.org; Brian Haberman > Subject: Re: What's the final conclusion?答复: [Technical Errata Reported] > RFC6887 (3887) > > > On Feb 12, 2014, at 6:35 PM, Dave Thaler <dthaler@microsoft.com> wrote: > > >> -----Original Message----- > >> From: Dan Wing [mailto:dwing@cisco.com] > >> Sent: Wednesday, February 12, 2014 6:23 PM > >> To: Zhangzhan > >> Cc: Ted Lemon; PCP Working Group; Stuart Cheshire; > >> mohamed.boucadair@orange.com Boucadair; Reinaldo Penno; > >> pselkirk@isc.org; Brian Haberman; Dave Thaler > >> Subject: Re: What's the final conclusion?答复: [Technical Errata > >> Reported] > >> RFC6887 (3887) > >> > >> > >> On Feb 12, 2014, at 5:29 PM, Zhangzhan (Channy) > >> <channy.zhang@huawei.com> wrote: > >> > >>> Maybe you misunderstand me. > >>> There is only one router for NAT and PCP. > >>> If the NAT gateway device (such as CGN) is PCP Server and has two or > >>> more > >> out interfaces to internet were doing different nat conversion in the ISP. > >>> Maybe using NAT address pool A, B, C... And the routing entries to > >>> internet > >> on NAT gateway is equivalent default route. In this case, the out > >> interface is uncertain, fully in accordance with the equivalent route > selection. > >>> If no PCP, service traffic can be selected out interface according > >>> to the > >> destination address and do different NAT conversion. > >>> But the PCP message is in before the normal service traffic. And PCP > >>> MAP > >> mode message does not include the destination address, the NAT > >> gateway device how to choose the out interfaces and the different NAT > >> address pools? > >>> Based on the current PCP protocol, I think that can't be solved. Or > >>> what I > >> understand something wrong? > >> > >> With such a network topology, you are correct that the current MAP > >> opcode doesn't work. > > > > I'm not sure it's fair to say it "doesn't work". It just means that > > the NAT picks one using any implementation-specific mechanism. In the > > stated example above, both possible answers go to the Internet, so what > wouldn't "work"? > > Good point. Same with a TCP SYN -- it gets assigned to one CGN, or the other > -- it wouldn't be assigned to both. I had figured that both don't really, really, > go to the Internet, like what NTT does with their IPv6 default route in Japan > (which doesn't go to the Internet). Yes that's an alternate example that's good to discuss (hence the change in subject line), which draft-penno-pcp-zones does. In a multi-homed NAT case, I'd expect the implementation to prefer the one that actually goes to the Internet. That is, since MAP tries to open a port for "anyone", then when multiple choices exist that support different sets of remote peers, one should by default prefer the one with the larger set, as being closer to the desire of "anyone". And of course there could be implementation-specific configuration to override the default, or protocol support a la draft-penno-pcp-zones to specify non-default behavior. -Dave > > -d > > > > > > On the topic of the errata, I agree with Ted it is not an errata. > > It's simply an implementation detail that the RFC doesn't specify, so it's up > to the reader. > > > > -Dave
- [pcp] Multi-homed NAT (was: What's the final conc… Dave Thaler
- Re: [pcp] Multi-homed NAT (was: What's the final … Dave Thaler