IETF Logo Mail Archive

Re: [pcp] well-known address for PCP [was Re: Comments on draft-ietf-pcp-server-selection-01]

<mohamed.boucadair@orange.com> Mon, 19 August 2013 11:20 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7476E21F997A for <pcp@ietfa.amsl.com>; Mon, 19 Aug 2013 04:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.225
X-Spam-Level:
X-Spam-Status: No, score=-2.225 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nC9NiSnbGz3w for <pcp@ietfa.amsl.com>; Mon, 19 Aug 2013 04:20:52 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) by ietfa.amsl.com (Postfix) with ESMTP id D8CF621F99AD for <pcp@ietf.org>; Mon, 19 Aug 2013 04:20:47 -0700 (PDT)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm14.si.francetelecom.fr (ESMTP service) with ESMTP id 7F7D922E7B1; Mon, 19 Aug 2013 13:20:44 +0200 (CEST)
Received: from puexch31.nanterre.francetelecom.fr (unknown [10.101.44.29]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id 58967238061; Mon, 19 Aug 2013 13:20:44 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.12]) by puexch31.nanterre.francetelecom.fr ([10.101.44.29]) with mapi; Mon, 19 Aug 2013 13:20:43 +0200
From: mohamed.boucadair@orange.com
To: Dan Wing <dwing@cisco.com>, Stuart Cheshire <cheshire@apple.com>
Date: Mon, 19 Aug 2013 13:20:40 +0200
Thread-Topic: [pcp] well-known address for PCP [was Re: Comments on draft-ietf-pcp-server-selection-01]
Thread-Index: Ac6aKy82RiuXg2XZSBWJ6vmfnYVNGQCoSv8A
Message-ID: <94C682931C08B048B7A8645303FDC9F36EEDD8AFBC@PUEXCB1B.nanterre.francetelecom.fr>
References: <30b1cc1894564c29940db80068308797@BN1PR03MB267.namprd03.prod.outlook.com> <94C682931C08B048B7A8645303FDC9F36EE99C9035@PUEXCB1B.nanterre.francetelecom.fr> <09252e8f703e474e94db05bcf38d6571@BY2PR03MB269.namprd03.prod.outlook.com> <8D23D4052ABE7A4490E77B1A012B630775249BED@mbx-01.win.nominum.com> <c3510d5e33054cffb12156540cc16424@BY2PR03MB269.namprd03.prod.outlook.com> <8D23D4052ABE7A4490E77B1A012B630775249E3D@mbx-01.win.nominum.com> <3e7fd3c6a757446f8269079cecfffea0@BY2PR03MB269.namprd03.prod.outlook.com> <8D23D4052ABE7A4490E77B1A012B630775249F48@mbx-01.win.nominum.com> <d4c7ffbcdc9244d78c1af4bbeeea9be6@BY2PR03MB269.namprd03.prod.outlook.com> <913383AAA69FF945B8F946018B75898A1900EFA0@xmb-rcd-x10.cisco.com> <694128ccd41842df95f28fc29b7e0413@BY2PR03MB269.namprd03.prod.outlook.com> <9AE1155A-BF2E-452B-9855-60B3F8B0AF37@apple.com> <6F41587A-A7F9-489B-BDD3-7954906AC664@cisco.com>
In-Reply-To: <6F41587A-A7F9-489B-BDD3-7954906AC664@cisco.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.5.21.113319
Cc: "draft-ietf-pcp-server-selection@tools.ietf.org" <draft-ietf-pcp-server-selection@tools.ietf.org>, "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] well-known address for PCP [was Re: Comments on draft-ietf-pcp-server-selection-01]
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 11:20:57 -0000

Dan,

For the typical use case you mentioned (i.e., PCP service operated by an operator), having an explicit provisioning means to enabled/disable PCP service is more likely for various reasons such as:

* Avoid overloading the network with useless traffic (e.g., limit the usage of radio resources for the mobile network). 
* Flow-based access control policies may not be managed by an on-path device (e.g., separate PCP server and PCP-controlled device model)
* Multiple flow-based policies may be enforced at multiple entry points. Having a means to interact with all of them in // is likely to be required.
* The node which enforces the flow-based policies may not be able to relay the request to another upstream PCP-controlled device (e.g., not explicitly configured to do so)
* The anycast-based model will require Epoch values are appropriately configured in multiple servers listening on the same address; if not the client won't be able to detect state loss when a failure occurs.
* The anycast-based model cannot work in the proxy model if non-explicit server(s) is configured to the proxy: this is a simple forwarding issue (the proxy should listen on anycast address and use that same address to reach the upstream server).  

Cheers,
Med

>-----Message d'origine-----
>De : pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] De la part de Dan
>Wing
>Envoyé : vendredi 16 août 2013 04:49
>À : Stuart Cheshire
>Cc : draft-ietf-pcp-server-selection@tools.ietf.org; pcp@ietf.org
>Objet : [pcp] well-known address for PCP [was Re: Comments on draft-ietf-
>pcp-server-selection-01]
>
>
>On Aug 15, 2013, at 7:06 PM, Stuart Cheshire <cheshire@apple.com> wrote:
>
>> On 8 Aug, 2013, at 07:28, Dave Thaler <dthaler@microsoft.com> wrote:
>>
>>> Stuart asserted that communicating with one is sufficient, and simpler
>for the
>>> client, because it's the PCP server's job to communicate with the other
>ones
>>> to permit incoming ICE connectivity checks.  If you disagree with that,
>>> please respond with a technical argument as to why having the client
>>> communicate with both is better than having one server communicate
>>> with the other.
>>
>> Dave has represented my opinion accurately, but I'll elaborate a little.
>>
>> Today, a network client makes a NAT mapping (or a firewall hole) by
>sending an outbound TCP SYN. That is all. If there are nested NATs, the
>client doesn't have to know about that. If there are parallel NATs with
>multiple network ingress and egress points, then the client doesn't have to
>know about that either. The NAT that sees the outbound TCP SYN is
>responsible for communicating with its NAT peers to ensure that the right
>state is created so that inbound traffic is handled correctly.
>>
>> Right now the Mac OS X and iOS PCP client handles only a single PCP
>server. I suspect it will only ever handle a single PCP server. I suspect
>that many consumer electronics products like network security cameras will
>also only support a single PCP server. So if you're a network router vendor
>that's selling a product that lets the customer load-balance across
>multiple ingress and egress paths, then you'd better make it look like a
>single PCP server to the client, or it won't work and you won't be able to
>sell it. If you're providing nested NAT, then you'd better make it look
>*exactly* like a single PCP server to the client (i.e. recursive PCP), or
>it won't work and you won't be able to sell it.
>>
>> I had originally advocated that the PCP client sends its PCP requests to
>a fixed well-known anycast address, and it's up to the network to do the
>right thing with that. In a simple network with a single NAT, the NAT
>intercepts the PCP request and handles it. In a more complicated network,
>the network may have to do more complicated things, but that's transparent
>to the client.
>>
>> However, I was not successful arguing for a fixed well-known any cast
>address, so instead the client sends its requests to its default router. I
>suspect Mac OS X and iOS may only ever send their PCP requests to their
>default router.
>
>We have encountered use cases where such a well-known anycast address would
>be very useful, most notably with draft-wing-pcp-flowdata where an existing
>non-PCP-aware router or NAT is in the local network and the ISP is
>operating a PCP-speaking and draft-wing-pcp-flowdata-aware router, and we
>want to use draft-wing-pcp-flowdata to ask the ISP to provide
>differentiated service for a certain flow (e.g., make Skype or Netflix work
>better than BitTorrent in the downstream direction).  Reinaldo wrote up
>draft-kiesel-pcp-ip-based-srv-disc, but as it wasn't on PCP's agenda I have
>not researched how Reinaldo's proposal differs from draft-cheshire-pcp-
>anycast.
>
>-d
>
>
>> This means that if you want to sell some fancy network product that
>supports parallel and/or nested NATs and firewalls, it had better work with
>clients that only send requests to their default router, because that's all
>you're going to see in the field for quite some time.
>>
>> It's easy to write documents telling PCP clients what they should be
>doing, but I'd like to see some vendors stepping up and volunteering for
>that commitment. Do we have a vendor of some $49 network security camera
>volunteering to support multiple PCP servers? How would that even work? If
>it requires *any* user configuration, it's a non-starter. Once you accept
>manual user configuration, it's easier to just make some port mappings by
>hand. The win of PCP is that it allows plug-and-play zero configuration
>operation. The moment the user has to configure the device with the address
>of its PCP server, it's easier to configure the NAT gateway with a manual
>port mapping. And if you suppose a DHCP option to do this configuration,
>the home gateway has to be updated to support that DHCP option, and if you
>have to update the home gateway then it's easier to put recursive PCP
>support into the gateway (works today with all PCP clients) than it is to
>add support for the PCP DHCP option
> (d
>> oesn't work until clients are updated to understand the new option).
>>
>> Stuart Cheshire
>>
>> _______________________________________________
>> pcp mailing list
>> pcp@ietf.org
>> https://www.ietf.org/mailman/listinfo/pcp
>
>_______________________________________________
>pcp mailing list
>pcp@ietf.org
>https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email