Re: [pcp] PCP Issue #24, PCP mappings same public IP address as dynamic mappings [was RE: WGLC: draft-ietf-pcp-base-12.txt]

[Tina Tsou <tena@huawei.com>]

Dan,
Replies are in line with [Tina 1: ...].


We keep our promises with one another - no matter what!

Best Regards,
Tina TSOU
http://tinatsou.weebly.com/contact.html


-----Original Message-----
From: Dan Wing [mailto:dwing@cisco.com] 
Sent: Tuesday, June 07, 2011 11:27 AM
To: 'Tina Tsou'; 'Dave Thaler'; pcp@ietf.org
Subject: PCP Issue #24, PCP mappings same public IP address as dynamic
mappings [was RE: [pcp] WGLC: draft-ietf-pcp-base-12.txt]

I changed the subject on this thread to better represent what is being
discussed, which is 
http://trac.tools.ietf.org/wg/pcp/trac/ticket/24, "PCP mappings same public
IP address as dynamic mappings".

More below.

> -----Original Message-----
> From: Tina Tsou [mailto:tena@huawei.com]
> Sent: Tuesday, June 07, 2011 11:17 AM
> To: 'Dan Wing'; 'Dave Thaler'; pcp@ietf.org
> Subject: RE: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> 
> Dan,
> Comments are in line beginning with [Tina: ...].
> 
> 
> We keep our promises with one another - no matter what!
> 
> Best Regards,
> Tina TSOU
> http://tinatsou.weebly.com/contact.html
> 
> 
> -----Original Message-----
> From: Dan Wing [mailto:dwing@cisco.com]
> Sent: Saturday, June 04, 2011 5:49 PM
> To: 'Tina Tsou'; 'Dave Thaler'; pcp@ietf.org
> Subject: RE: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> 
> > -----Original Message-----
> > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> > Tina Tsou
> > Sent: Friday, June 03, 2011 10:26 PM
> > To: 'Dave Thaler'; pcp@ietf.org
> > Subject: Re: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> >
> > Dear all,
> > In section7, there is one description:
> > "It is REQUIRED that the PCP-controlled device assign the same
> >    external IP address to PCP-created explicit dynamic mappings and
> to
> >    implicit dynamic mappings."
> > It is only a requirement to CGN, but some existing CGN may not
> support
> > this requirement as defined in RFC4787-[REQ1]:
> > "Some NATs use the external IP address mapping in an arbitrary
> fashion
> >    (i.e., randomly): one internal IP address could have multiple
> >    external IP address mappings active at the same time for different
> >    sessions"
> 
> You quoted non-normative text; later in that same section of RFC4787
> it explains how random ("Arbitrary") assignment causes harm.  REQ-2
> says that "paired" is RECOMMENDED.
> 
> > Therefore, I suggest the PCP client should also support this
> > requirement which was actually defined in 00 version but deleted in
> > later versions (maybe I missed the reason of the text change):
> > If there is any existing PCP mapping, PCP client should only request
> > the same external IP address as the one of those existing mappings.
> The
> > reason is that it will allow applications that use multiple ports
> > originating from the same internal IP address to also have the same
> > external IP address.
> 
> 
> We (the NAT and PCP server) can't know if, when there is an implicit
> dynamic connection from a host's source port, that connection was
> done by the same application as the explicit mapping, or if the OS
> happened to assign that source port to some other (unrelated)
> application.
> [Tina: If the connection was done by one application as the explicit
> mapping, e.g., PCP mapping, the subsequent connection from the same
> internal
> IP address will use the same external IP address according to the PCP
> mapping. 

Agreed.


> The implicit mapping will not match in this case.  If the connection
> was done by one application as the implicit mapping, the subsequent
> connection can also use the same external IP address because the
> application
> can make the PCP client to meet the same requirement.]

Sorry, I do not understand the previous two sentences.

[Tina 1: I'm only talking about the PCP mapping case. 
If the previous connection is implicit mapping, it will not match.]

> If the NAT is EIM, it will reuse the same mapping it already
> has.  Because that is the definition of being a EIM NAT.
> And it is important that all implicit dynamic mappings use the
> same public IPv4 address (for all the reasons stated in the
> existing UDP and TCP RFCs).  We don't want PCP to make that
> situation worse because some other un-related application did
> a MAP request.
> 
> If it is a non-EIM NAT, I suppose there is a way to use separate
> pools, if the non-EIM NAT applies some sort of logic to the
> implicit sessions -- the logic described in #2 of
> http://tools.ietf.org/html/draft-ietf-pcp-base-12#section-11.1
> If you want/need that, please provide text.
> [Tina: The proposed texts are as below:
> In non-EIM NAT case, PCP client should only request the same external
> IP
> address as the one of those existing links for one application. The
> reason is that it will allow application that use multiple ports
> originating
> from the same internal IP address to also have the same
> external IP address.]

I think see what you're wanting the document to say.  

How about this proposed text, instead:


  If there is already an active explicit dynamic mapping,
  it will be mapped to a certain external IP address.
  When the PCP client makes another explicit dynamic mapping,
  it SHOULD place the external IP address of the existing
  mapping into the Requested External Address of the MAP 
  request.  By doing this, all of the PCP client's explicit
  dynamic mappings will be on the same external address.


Does that say the same thing?

Is it acceptable?
[Tina 1: Yes, it is the same thing and I agree with the texts. Thank you,
Dan.]

-d
  


> But I fear the interaction that is created if non-EIM NAT
> could create mappings on arbitrary IP addresses while EIM
> NAT creates mappings on the same IP address.  For example,
> if an application was tested with an EIM NAT (which always
> assigns PCP-created mappings and implicit mappings to the
> same external IP address), that application may well fail
> when deployed behind a non-EIM NAT that (a) allocates different
> IP addresses for different PCP mappings or (b) different IP
> addresses for PCP mappings versus implicit dynamic mappings.
> 
> -d
> 
> 
> >
> > Have a good weekend.
> >
> > We keep our promises with one another - no matter what!
> >
> > Best Regards,
> > Tina TSOU
> > http://tinatsou.weebly.com/contact.html
> >
> > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> > Dave Thaler
> > Sent: Friday, June 03, 2011 1:02 PM
> > To: pcp@ietf.org
> > Subject: Re: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> >
> > Some comments on -12 are in the marked up copy at
> > http://research.microsoft.com/users/dthaler/draft-ietf-pcp-base-
> 12.pdf
> >
> > -Dave
> >
> > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> > Dave Thaler
> > Sent: Friday, May 20, 2011 1:18 PM
> > To: pcp@ietf.org
> > Subject: [pcp] WGLC: draft-ietf-pcp-base-12.txt
> >
> > This message starts a two-week WGLC on
> > http://www.ietf.org/internet-drafts/draft-ietf-pcp-base-12.txt
> >
> > This last call will conclude on June 3rd at 5pm EST.
> >
> > Please send your comments to the list.
> >
> > We are scheduling a WebEx call shortly after the WGLC concludes,
> > and will send out details in separate email.
> >
> > Thanks,
> > -Dave and Alain
> >
> >