IETF Logo Mail Archive

Re: [pcp] How can I make a ~stateless forwarding PCP proxy again?

"Reinaldo Penno (repenno)" <repenno@cisco.com> Mon, 05 May 2014 19:41 UTC

Return-Path: <repenno@cisco.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C2881A019A for <pcp@ietfa.amsl.com>; Mon, 5 May 2014 12:41:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rg6EaI5_zYQ1 for <pcp@ietfa.amsl.com>; Mon, 5 May 2014 12:41:27 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 94A481A01AF for <pcp@ietf.org>; Mon, 5 May 2014 12:41:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2863; q=dns/txt; s=iport; t=1399318884; x=1400528484; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=IBpEGokNUaOpmpp8+dgmJgrzH1FcC/rg5HggbGBJQIk=; b=hnxkxpo7PZvW+gWFLVZDCF/ail5BIBWs10S9Sy4ES+JXrD8Z6MvEYJ50 Gh1PdFuSa2hB+PdKeT1ffAcdIZEX4vDtv/8TIGhuoejjQtJOpcfgHP7xv sZQTlIuwaIEanLaHVDjdPhOOZiEGbH1V/kUS80J4VTD46QRAg984lUE7H k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjwFAOroZ1OtJV2c/2dsb2JhbABZgwZPWL0LhzuBGhZ0giUBAQEEAQEBaxsCAQgRBAEBCyQnCx0IAgQBEggTiCYNzTETBI4hOIMqgRUErCiDNIIv
X-IronPort-AV: E=Sophos;i="4.97,990,1389744000"; d="scan'208";a="322611108"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-4.cisco.com with ESMTP; 05 May 2014 19:41:23 +0000
Received: from xhc-aln-x07.cisco.com (xhc-aln-x07.cisco.com [173.36.12.81]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s45JfN0R017719 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 5 May 2014 19:41:23 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.212]) by xhc-aln-x07.cisco.com ([173.36.12.81]) with mapi id 14.03.0123.003; Mon, 5 May 2014 14:41:23 -0500
From: "Reinaldo Penno (repenno)" <repenno@cisco.com>
To: Markus Stenberg <markus.stenberg@iki.fi>, "pcp@ietf.org" <pcp@ietf.org>
Thread-Topic: [pcp] How can I make a ~stateless forwarding PCP proxy again?
Thread-Index: AQHPaIvbEzCvnrZ5eUCbgJ908UuMc5syYlxh
Date: Mon, 05 May 2014 19:41:22 +0000
Message-ID: <45A697A8FFD7CF48BCF2BE7E106F06040B8C957D@xmb-rcd-x04.cisco.com>
References: <FDB45976-B7A3-4C59-B2D1-C01982D0205F@iki.fi>
In-Reply-To: <FDB45976-B7A3-4C59-B2D1-C01982D0205F@iki.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.127.192]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/pcp/OJbU0xJe6LMe0FoBWuCE8UPdHXo
Subject: Re: [pcp] How can I make a ~stateless forwarding PCP proxy again?
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 19:41:30 -0000

Hi Markus,

we had this discussion in the past but and I, for one, backed the idea of PCP being able to support stateless proxies.  So, you are not alone there but maybe you want to write a draft about it so the WG can discuss it.

thanks,

Reinaldo

________________________________________
From: pcp [pcp-bounces@ietf.org] on behalf of Markus Stenberg [markus.stenberg@iki.fi]
Sent: Monday, May 05, 2014 10:59 AM
To: pcp@ietf.org
Subject: [pcp] How can I make a ~stateless forwarding PCP proxy again?

Let’s assume I have client, proxy, and server. Proxy isn’t even firewall, nor is it NAT.

[1] Client sends to proxy (first-hop router).  Proxy replaces internal IP with it’s own, adds THIRD_PARTY, and forwards to real server it decides based on magic.

[2] Server sends back response to proxy.

[3] Proxy has no per-client state, and drops packet as it can’t find client’s address from anywhere.

Motivation:

For homenet use cases, for inner routers within home, you _won’t_ want actually firewall or NAT to be involved, but you _do_ need a proxy to make decisions about which CER to talk to with different source addresses as it’s not really addressed by current solutions and routers know more about network topology changes than the client will in any case.

For example, IPv4 uplink may change somewhere ‘in the network’, and current PCP client implementations I play with wouldn’t even know about how to learn of it, not to even mention react to it. This is reality in my NAT-‘enabled’ home, as at a time I have only one upstream NAT active, but it may change, based on active-standby model (and yes, it could be on different routers).

As another example, IPv6 traffic within a home network is routed based on source prefix, but I have yet to see PCP client implementation that does server selection based on this (is it even specified?).  Yet making firewall holes would be still nice.

As I _do_ control both (mostly fictional) proxy implementation as well as the (mostly functional) server implementation, my current plan is to add option which just contains client’s address at proxy, and strip it on way back from proxy to client. Is there a better solution?

Cheers,

-Markus

P.S. I’ll accept that it’s host’s responsibility always if and only if every device (mostly with fruity logo on them) on my home that talks PCP actually deals with this stuff somehow magically. I’m not holding my breath, though.

_______________________________________________
pcp mailing list
pcp@ietf.org
https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email