IETF Logo Mail Archive

Re: [pcp] PCP Failure Scenarios - Re: draft-wing-pcp-proposed-packet-format-00

Reinaldo Penno <rpenno@juniper.net> Fri, 08 October 2010 05:58 UTC

Return-Path: <rpenno@juniper.net>
X-Original-To: pcp@core3.amsl.com
Delivered-To: pcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CFF6D3A682A for <pcp@core3.amsl.com>; Thu, 7 Oct 2010 22:58:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.569
X-Spam-Level:
X-Spam-Status: No, score=-6.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BleZtNXLqNf for <pcp@core3.amsl.com>; Thu, 7 Oct 2010 22:57:57 -0700 (PDT)
Received: from exprod7og107.obsmtp.com (exprod7og107.obsmtp.com [64.18.2.167]) by core3.amsl.com (Postfix) with ESMTP id 80B7F3A682D for <pcp@ietf.org>; Thu, 7 Oct 2010 22:57:53 -0700 (PDT)
Received: from source ([66.129.224.36]) (using TLSv1) by exprod7ob107.postini.com ([64.18.6.12]) with SMTP ID DSNKTK6zHDBMn3H8GJeWYmR+8VAwRaozCS1q@postini.com; Thu, 07 Oct 2010 22:59:01 PDT
Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.2.254.0; Thu, 7 Oct 2010 22:51:32 -0700
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Fri, 8 Oct 2010 01:51:32 -0400
From: Reinaldo Penno <rpenno@juniper.net>
To: "mohamed.boucadair@orange-ftgroup.com" <mohamed.boucadair@orange-ftgroup.com>, "Francis.Dupont@fdupont.fr" <Francis.Dupont@fdupont.fr>
Date: Fri, 08 Oct 2010 01:51:27 -0400
Thread-Topic: [pcp] PCP Failure Scenarios - Re: draft-wing-pcp-proposed-packet-format-00
Thread-Index: ActmQ6lponfjWnLwRtGlQfi6Jm5ArQAZ0IJAAAB7XlQ=
Message-ID: <C8D3FF6F.2C08D%rpenno@juniper.net>
In-Reply-To: <9221_1286516438_4CAEAED6_9221_149796_1_94C682931C08B048B7A8645303FDC9F327C10081C5@PUEXCB1B.nanterre.francetelecom.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-Entourage/13.6.0.100712
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] PCP Failure Scenarios - Re: draft-wing-pcp-proposed-packet-format-00
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2010 05:58:01 -0000

On 10/7/10 10:40 PM, "mohamed.boucadair@orange-ftgroup.com"
<mohamed.boucadair@orange-ftgroup.com> wrote:

> 
> Dear all, 
> 
> Please see inline.
> 
> Cheers,
> Med 
> 
> -----Message d'origine-----
> De : Francis.Dupont@fdupont.fr [mailto:Francis.Dupont@fdupont.fr]
> Envoyé : jeudi 7 octobre 2010 19:18
> À : Reinaldo Penno
> Cc : BOUCADAIR Mohamed NCPI/NAD/TIP; Dan Wing; pcp@ietf.org
> Objet : Re: [pcp] PCP Failure Scenarios - Re:
> draft-wing-pcp-proposed-packet-format-00
> 
>  In your previous mail you wrote:
> 
>    I disagree with such statements at this point since I still need to see
> data
>    to back them up.
>    
>    For example,
>    
>    1 - First and foremost, please define CGN.
> 
> => a NAT which is so big and noisy I don't want one at home.
> Seriously I have a convenient definition for this particular discussion:
> a NAT where clients (guys at the internal side, the other/external is
> the or to the Internet) may not trust together. As an immediate
> consequence to forward a packet from the Internet to the wrong client
> is a major security issue.
> 
>    2 - Then we please define a reliable NAT - such that state is never ever
>    lost. Please see (4)
> 
> => reliable for the port forwarding entries. Note this is done even with
> not CGN NAT (the NAT in front of me is not a CGN and its (port forwarding)
> config is very reliable (save in a flash memory and downloaded at each
> reboot)).
> 
> Med: Agree. I'm mainly concerned with a basic requirement which is the
> following excerpt from
> http://tools.ietf.org/html/draft-xu-behave-nat-state-sync-02:
> 
> "The NAT states mentioned in this document only mean those NAT states
>    which are created dynamically, rather than those static NAT states
>    which are configured manually on NAT devices. For those static NAT
>    states, they are essentially part of the configuration data. The
>    replication of configuration data among a group of devices is
>    absolutely outside the scope of this document."
> 
> "Static entries" mentioned above apply also for PCP-instructed ones.

I disagree according to
http://datatracker.ietf.org/doc/draft-ietf-behave-v6v4-framework/

"State:  "State" refers to dynamic information that is stored in a
      network element.  For example, if two systems are communicating
      using a TCP connection, each stores information about the
      connection, which is called "connection state".  In this context,
      the term refers to dynamic correlations between IP addresses on
      either side of a translator, or {IP address, transport protocol,
      transport port number} tuples on either side of the translator.
      Of stateful algorithms, there are at least two major flavors
      depending on the kind of state they maintain:"

PCP entries are clearly dynamic state created by protocol exchange and have
a lifetime. 




> 
> BTW, I think we need to have a clear definition somewhere to agree on the
> terminology. Note that several levels of reliability in the NAT can be
> envisaged as described in
> http://tools.ietf.org/html/draft-xu-behave-stateful-nat-standby-04.
> 
>    3 - The BEHAVE RFCs do not mention the necessity of keeping NAT binding
>    state across reboots/power off, why keeping PF dynamic state is needed?
> 
> => PF is *not* equivalent in the security point of view to a dynamic
> NAT binding (*) so BEHAVE RFCs are right but don't apply.
> 
>    4 - CLI to clear mapping state will be implemented for sure due to security
>    reasons. How should we deal with that?
>    
> => yes, when my PCP server crashes (or when I kill it) all the PF entries
> it has installed are flushed, and this is done by the AFTR code as fast
> as possible. There are many reasons for this and security is one of
> them as lifetimes are managed by the PCP server, and when the PCP server
> restarts its first action is to reinstall the PFs it keeps in stable
> storage (a BSD DB which is my approximation from the top of stable storage).
> BTW a missing PF is bad but is not a security issue.
> 
>    Therefore, I'm fine with removing the Epoch, but clients will need to deal
>    with the PCP Server loosing all state during certain types of events - such
>    event could be a admin clearing all mappings due to a security concern.
>    
> => the Epoch doesn't help you because it doesn't provide an usable
> proactive way to warn clients about such events.
> 
> Regards
> 
> Francis.Dupont@fdupont.fr
> 
> *********************************
> This message and any attachments (the "message") are confidential and intended
> solely for the addressees.
> Any unauthorised use or dissemination is prohibited.
> Messages are susceptible to alteration.
> France Telecom Group shall not be liable for the message if altered, changed
> or falsified.
> If you are not the intended addressee of this message, please cancel it
> immediately and inform the sender.
> ********************************
>

v2.23.0 | Report a Bug | By Email