IETF Logo Mail Archive

Re: [pcp] PCP proxying / relaying

Alain Durand <adurand@juniper.net> Fri, 11 March 2011 23:13 UTC

Return-Path: <adurand@juniper.net>
X-Original-To: pcp@core3.amsl.com
Delivered-To: pcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45FB53A6A33 for <pcp@core3.amsl.com>; Fri, 11 Mar 2011 15:13:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.626
X-Spam-Level:
X-Spam-Status: No, score=-106.626 tagged_above=-999 required=5 tests=[AWL=-0.027, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r63XG4RmbBPu for <pcp@core3.amsl.com>; Fri, 11 Mar 2011 15:13:55 -0800 (PST)
Received: from exprod7og109.obsmtp.com (exprod7og109.obsmtp.com [64.18.2.171]) by core3.amsl.com (Postfix) with ESMTP id A47943A6778 for <pcp@ietf.org>; Fri, 11 Mar 2011 15:13:53 -0800 (PST)
Received: from source ([66.129.224.36]) (using TLSv1) by exprod7ob109.postini.com ([64.18.6.12]) with SMTP ID DSNKTXqtAK8VHljTj60VMv0tsoqk1xay/nIP@postini.com; Fri, 11 Mar 2011 15:15:14 PST
Received: from EMBX01-HQ.jnpr.net ([fe80::c821:7c81:f21f:8bc7]) by P-EMHUB01-HQ.jnpr.net ([fe80::fc92:eb1:759:2c72%11]) with mapi; Fri, 11 Mar 2011 15:10:44 -0800
From: Alain Durand <adurand@juniper.net>
To: Dan Wing <dwing@cisco.com>
Date: Fri, 11 Mar 2011 15:11:43 -0800
Thread-Topic: [pcp] PCP proxying / relaying
Thread-Index: AcvgQYyW66Qv9MVsQoKMS3rmbohW1Q==
Message-ID: <AADBA053-9635-4482-B5D5-54B34EFEC0AA@juniper.net>
References: <2d0501cbe029$7a96b850$6fc428f0$@com>
In-Reply-To: <2d0501cbe029$7a96b850$6fc428f0$@com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] PCP proxying / relaying
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2011 23:13:56 -0000

Dan:

It seems to me that our 'old' idea of using the AFTR IANA assigned address (192.0.0.1)
as the default address of the PCP server (instead of sending to the default router) would
actually solve this problem more elegantly...

What do you think?

   - Alain.

On Mar 11, 2011, at 3:18 PM, Dan Wing wrote:

> A subscriber might have multiple IP addresses, from the same ISP.  There are
> 
> several ways this could occur:
> 
>  * IPv6 subscriber with a /64 (e.g., native IPv6, with a CPE implementing 
>    Simple CPE Security [RFC6092]).  This is unrelated to IPv4, and might
>    be an IPv6-only subscriber, a Dual-Stack Lite subscriber, 6rd
> subscriber,
>    dual-stack subscriber, and so on.
> 
>  * Dual-Stack Lite subscriber, with an IPv6 /64 and multiple IPv4 addresses
> 
>  * IPv4-only subscriber with multiple IPv4 addresses (e.g., "business
> service"),
>    behind a CGN.
> 
> (There are probably others, which don't yet exist on anyone's radar, such as
> an ISP offering filtering (firewalling) for an IPv4 subscriber, in order to
> block incoming IPv4 address sweeps, pings, etc., prior to consuming access
> link bandwidth.)
> 
> 
> For all of these cases, consensus seems to be that we do not want any
> arbitrary host to create, modify, or delete mappings for any other arbitrary
> host.  Rather, we want only the subscriber's CPE to do that.  The subscriber
> would need to log into the CPE to do that, using the CPE's administrative
> interface (e.g., HTTP with the administrative username/password).
> 
> 
> If PCP is implemented in end hosts (e.g., PCs), this is complicated by PCP
> clients which send PCP requests to their default gateway.  Several network
> topologies could exist.  For example, with DS-Lite or other dual-stack
> technologies with an ISP-operated PCP-aware CGN, two scenarios would be in
> operation at the same time, one scenario for each address family.
> 
> Whenever there are multiple IPv4 addresses at the subscriber's premise,
> either because of DS-Lite or because of a "business class" service, the
> scneario looks like this:
>   [IPv4 host]--[PCP-aware CPE router]--------[PCP server and CGN at
> ISP]--<Internet>
> 
> For IPv6, the PCP-aware router in the CPE implements Simple CPE Security
> [RFC6092] and the scenario looks like this:
>   [IPv6 host]--[PCP-aware CPE router]--<Internet>
> 
> 
> There are two ways that PCP can be handled in the CPE router:
> 
>  1.  CPE router passes packet using internal node's IPv4 address.  This
>      is simple routing.
>  2.  CPE router passes packet using the CPE router's own IPv4 
>      external address (e.g., for DS-Lite would be 192.0.0.2).  This
>      requires doing "PCP proxying" or "PCP Relaying" (see below).
>  3.  CPE router passes packet using the CPE router's external 
>      IPv6 address.  This requires doing "PCP proxying" or "PCP 
>      Relaying".
> 
> PCP proxying:  described in draft-bpw-pcp-proxy-00.txt.  Implements
> a PCP server in the CPE router which understands most of the protocol.
> 
> PCP relaying:  this is more akin to how DHCP Relay works today.  In
> DHCP relay, a DHCP-aware router on the local LAN picks up the 
> broadcasted message, populates the GIADDR field (so that the router
> does not need to maintain state) and forwards the DHCP message to
> the DHCP server's IP address.  The packet's source address is
> re-written to the router's IP address, so the DHCP server's response
> goes back to the router, which uses the GIADDR to send the message
> back to its original interface.  
> 
> Critical distinction between PCP Proxy and PCP relay is this:  the
> relay understands very, very little of the protocol.
> 
> 
> A concern I have, which others have raised usually in conjunction
> with the term "ALG", is that PCP proxying might prevent the PCP
> protocol from being extended.  For example, introducing a new 
> OpCode requires updating the PCP Client and PCP server (which is 
> normal, necessary, and expected) but if it requires also updating
> the PCP Proxy, we will have harmed ourselves.  As we all know,
> software in CPE routers is seldom, if ever, upgraded by users.
> Most don't know their CPE routers even run software that can be
> upgraded, don't know how to do it, or are afraid of bricking it.
> 
> 
> My question to the group, and to Francis:  how close to a "relay"
> can we get, so that the PCP-aware software in the CPE router 
> does the least amount of work?
> 
> -d
> 
> 
> 
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email