Re: [pcp] well-known address for PCP [was Re: Comments on draft-ietf-pcp-server-selection-01]
<mohamed.boucadair@orange.com> Mon, 19 August 2013 11:20 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7476E21F997A for <pcp@ietfa.amsl.com>; Mon, 19 Aug 2013 04:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.225
X-Spam-Level:
X-Spam-Status: No, score=-2.225 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nC9NiSnbGz3w for <pcp@ietfa.amsl.com>; Mon, 19 Aug 2013 04:20:52 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) by ietfa.amsl.com (Postfix) with ESMTP id D8CF621F99AD for <pcp@ietf.org>; Mon, 19 Aug 2013 04:20:47 -0700 (PDT)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm14.si.francetelecom.fr (ESMTP service) with ESMTP id 7F7D922E7B1; Mon, 19 Aug 2013 13:20:44 +0200 (CEST)
Received: from puexch31.nanterre.francetelecom.fr (unknown [10.101.44.29]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id 58967238061; Mon, 19 Aug 2013 13:20:44 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.12]) by puexch31.nanterre.francetelecom.fr ([10.101.44.29]) with mapi; Mon, 19 Aug 2013 13:20:43 +0200
From: mohamed.boucadair@orange.com
To: Dan Wing <dwing@cisco.com>, Stuart Cheshire <cheshire@apple.com>
Date: Mon, 19 Aug 2013 13:20:40 +0200
Thread-Topic: [pcp] well-known address for PCP [was Re: Comments on draft-ietf-pcp-server-selection-01]
Thread-Index: Ac6aKy82RiuXg2XZSBWJ6vmfnYVNGQCoSv8A
Message-ID: <94C682931C08B048B7A8645303FDC9F36EEDD8AFBC@PUEXCB1B.nanterre.francetelecom.fr>
References: <30b1cc1894564c29940db80068308797@BN1PR03MB267.namprd03.prod.outlook.com> <94C682931C08B048B7A8645303FDC9F36EE99C9035@PUEXCB1B.nanterre.francetelecom.fr> <09252e8f703e474e94db05bcf38d6571@BY2PR03MB269.namprd03.prod.outlook.com> <8D23D4052ABE7A4490E77B1A012B630775249BED@mbx-01.win.nominum.com> <c3510d5e33054cffb12156540cc16424@BY2PR03MB269.namprd03.prod.outlook.com> <8D23D4052ABE7A4490E77B1A012B630775249E3D@mbx-01.win.nominum.com> <3e7fd3c6a757446f8269079cecfffea0@BY2PR03MB269.namprd03.prod.outlook.com> <8D23D4052ABE7A4490E77B1A012B630775249F48@mbx-01.win.nominum.com> <d4c7ffbcdc9244d78c1af4bbeeea9be6@BY2PR03MB269.namprd03.prod.outlook.com> <913383AAA69FF945B8F946018B75898A1900EFA0@xmb-rcd-x10.cisco.com> <694128ccd41842df95f28fc29b7e0413@BY2PR03MB269.namprd03.prod.outlook.com> <9AE1155A-BF2E-452B-9855-60B3F8B0AF37@apple.com> <6F41587A-A7F9-489B-BDD3-7954906AC664@cisco.com>
In-Reply-To: <6F41587A-A7F9-489B-BDD3-7954906AC664@cisco.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.5.21.113319
Cc: "draft-ietf-pcp-server-selection@tools.ietf.org" <draft-ietf-pcp-server-selection@tools.ietf.org>, "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] well-known address for PCP [was Re: Comments on draft-ietf-pcp-server-selection-01]
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 11:20:57 -0000
Dan, For the typical use case you mentioned (i.e., PCP service operated by an operator), having an explicit provisioning means to enabled/disable PCP service is more likely for various reasons such as: * Avoid overloading the network with useless traffic (e.g., limit the usage of radio resources for the mobile network). * Flow-based access control policies may not be managed by an on-path device (e.g., separate PCP server and PCP-controlled device model) * Multiple flow-based policies may be enforced at multiple entry points. Having a means to interact with all of them in // is likely to be required. * The node which enforces the flow-based policies may not be able to relay the request to another upstream PCP-controlled device (e.g., not explicitly configured to do so) * The anycast-based model will require Epoch values are appropriately configured in multiple servers listening on the same address; if not the client won't be able to detect state loss when a failure occurs. * The anycast-based model cannot work in the proxy model if non-explicit server(s) is configured to the proxy: this is a simple forwarding issue (the proxy should listen on anycast address and use that same address to reach the upstream server). Cheers, Med >-----Message d'origine----- >De : pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] De la part de Dan >Wing >Envoyé : vendredi 16 août 2013 04:49 >À : Stuart Cheshire >Cc : draft-ietf-pcp-server-selection@tools.ietf.org; pcp@ietf.org >Objet : [pcp] well-known address for PCP [was Re: Comments on draft-ietf- >pcp-server-selection-01] > > >On Aug 15, 2013, at 7:06 PM, Stuart Cheshire <cheshire@apple.com> wrote: > >> On 8 Aug, 2013, at 07:28, Dave Thaler <dthaler@microsoft.com> wrote: >> >>> Stuart asserted that communicating with one is sufficient, and simpler >for the >>> client, because it's the PCP server's job to communicate with the other >ones >>> to permit incoming ICE connectivity checks. If you disagree with that, >>> please respond with a technical argument as to why having the client >>> communicate with both is better than having one server communicate >>> with the other. >> >> Dave has represented my opinion accurately, but I'll elaborate a little. >> >> Today, a network client makes a NAT mapping (or a firewall hole) by >sending an outbound TCP SYN. That is all. If there are nested NATs, the >client doesn't have to know about that. If there are parallel NATs with >multiple network ingress and egress points, then the client doesn't have to >know about that either. The NAT that sees the outbound TCP SYN is >responsible for communicating with its NAT peers to ensure that the right >state is created so that inbound traffic is handled correctly. >> >> Right now the Mac OS X and iOS PCP client handles only a single PCP >server. I suspect it will only ever handle a single PCP server. I suspect >that many consumer electronics products like network security cameras will >also only support a single PCP server. So if you're a network router vendor >that's selling a product that lets the customer load-balance across >multiple ingress and egress paths, then you'd better make it look like a >single PCP server to the client, or it won't work and you won't be able to >sell it. If you're providing nested NAT, then you'd better make it look >*exactly* like a single PCP server to the client (i.e. recursive PCP), or >it won't work and you won't be able to sell it. >> >> I had originally advocated that the PCP client sends its PCP requests to >a fixed well-known anycast address, and it's up to the network to do the >right thing with that. In a simple network with a single NAT, the NAT >intercepts the PCP request and handles it. In a more complicated network, >the network may have to do more complicated things, but that's transparent >to the client. >> >> However, I was not successful arguing for a fixed well-known any cast >address, so instead the client sends its requests to its default router. I >suspect Mac OS X and iOS may only ever send their PCP requests to their >default router. > >We have encountered use cases where such a well-known anycast address would >be very useful, most notably with draft-wing-pcp-flowdata where an existing >non-PCP-aware router or NAT is in the local network and the ISP is >operating a PCP-speaking and draft-wing-pcp-flowdata-aware router, and we >want to use draft-wing-pcp-flowdata to ask the ISP to provide >differentiated service for a certain flow (e.g., make Skype or Netflix work >better than BitTorrent in the downstream direction). Reinaldo wrote up >draft-kiesel-pcp-ip-based-srv-disc, but as it wasn't on PCP's agenda I have >not researched how Reinaldo's proposal differs from draft-cheshire-pcp- >anycast. > >-d > > >> This means that if you want to sell some fancy network product that >supports parallel and/or nested NATs and firewalls, it had better work with >clients that only send requests to their default router, because that's all >you're going to see in the field for quite some time. >> >> It's easy to write documents telling PCP clients what they should be >doing, but I'd like to see some vendors stepping up and volunteering for >that commitment. Do we have a vendor of some $49 network security camera >volunteering to support multiple PCP servers? How would that even work? If >it requires *any* user configuration, it's a non-starter. Once you accept >manual user configuration, it's easier to just make some port mappings by >hand. The win of PCP is that it allows plug-and-play zero configuration >operation. The moment the user has to configure the device with the address >of its PCP server, it's easier to configure the NAT gateway with a manual >port mapping. And if you suppose a DHCP option to do this configuration, >the home gateway has to be updated to support that DHCP option, and if you >have to update the home gateway then it's easier to put recursive PCP >support into the gateway (works today with all PCP clients) than it is to >add support for the PCP DHCP option > (d >> oesn't work until clients are updated to understand the new option). >> >> Stuart Cheshire >> >> _______________________________________________ >> pcp mailing list >> pcp@ietf.org >> https://www.ietf.org/mailman/listinfo/pcp > >_______________________________________________ >pcp mailing list >pcp@ietf.org >https://www.ietf.org/mailman/listinfo/pcp
- [pcp] Comments on draft-ietf-pcp-server-selection… Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Ted Lemon
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Ted Lemon
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Ted Lemon
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Ted Lemon
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Tirumaleswar Reddy (tireddy)
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Tirumaleswar Reddy (tireddy)
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Dave Thaler
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Ted Lemon
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Tirumaleswar Reddy (tireddy)
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Tirumaleswar Reddy (tireddy)
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Stuart Cheshire
- [pcp] well-known address for PCP [was Re: Comment… Dan Wing
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Ted Lemon
- Re: [pcp] well-known address for PCP [was Re: Com… Reinaldo Penno (repenno)
- Re: [pcp] well-known address for PCP [was Re: Com… Dan Wing
- [pcp] Multiple anycast adresses for PCP server se… Toerless Eckert
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… mohamed.boucadair
- Re: [pcp] well-known address for PCP [was Re: Com… mohamed.boucadair
- Re: [pcp] Comments on draft-ietf-pcp-server-selec… Dan Wing