IETF Logo Mail Archive

Re: [pcp] GET and GETNEXT OpCodes

"Dan Wing" <dwing@cisco.com> Thu, 10 March 2011 18:04 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: pcp@core3.amsl.com
Delivered-To: pcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6ADA3A6930 for <pcp@core3.amsl.com>; Thu, 10 Mar 2011 10:04:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.569
X-Spam-Level:
X-Spam-Status: No, score=-110.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0pYyFf8Y0V6C for <pcp@core3.amsl.com>; Thu, 10 Mar 2011 10:04:49 -0800 (PST)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id A4C3D3A6A25 for <pcp@ietf.org>; Thu, 10 Mar 2011 10:04:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=4443; q=dns/txt; s=iport; t=1299780368; x=1300989968; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=TBuYcMcS4CIa+WdhYkDLYhOG1cXdFOcefjqn3oY0rcw=; b=FmdVaykNz+AoB63Djo7TY+1Jj7IznSrohF2oL1NpE3WgtSIXPykrzJQl 2f8YAhhVhgJ3o4TvSdFwXmMH3hbXbllaZES9cXlqoKYbOgaqduz0HVHkV 9tk2QWMDVbk93rDHVs1+DtLOu1PhKhk6jSILpTNc5QF/a1Uysw7J5+z8U o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AggBANaheE2rR7Hu/2dsb2JhbACYXIFki213pTScR4ViBIUk
X-IronPort-AV: E=Sophos;i="4.62,297,1297036800"; d="scan'208";a="319227876"
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-2.cisco.com with ESMTP; 10 Mar 2011 18:06:07 +0000
Received: from dwingWS ([10.32.240.195]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id p2AI67Ol018761; Thu, 10 Mar 2011 18:06:07 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Francis Dupont' <Francis.Dupont@fdupont.fr>, xiaohong.deng@orange-ftgroup.com
References: Your message of Thu, 10 Mar 2011 11:55:34 +0800. <0962B0BEF842A24191AD9BE41A8DD2FC015EB84F@ch-mailsrv.rd.francetelecom.fr> <201103101438.p2AEcPva047524@givry.fdupont.fr>
In-Reply-To: <201103101438.p2AEcPva047524@givry.fdupont.fr>
Date: Thu, 10 Mar 2011 10:06:06 -0800
Message-ID: <256d01cbdf4d$d4103960$7c30ac20$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcvfMNcTuTa7eAMhSLeGY3u0r3iFWwAGmonQ
Content-Language: en-us
Cc: pcp@ietf.org
Subject: Re: [pcp] GET and GETNEXT OpCodes
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2011 18:04:51 -0000

> -----Original Message-----
> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> Francis Dupont
> Sent: Thursday, March 10, 2011 6:38 AM
> To: xiaohong.deng@orange-ftgroup.com
> Cc: pcp@ietf.org
> Subject: Re: [pcp] GET and GETNEXT OpCodes
> 
> 
>  In your previous mail you wrote:
> 
>    I want to make a comment :
>    usually UPnP IGD Control Point issues "AddPortMapping" after
> rebooting.
> 
> => yes, the failure model (which is IMHO *not* adapted to ISP CGNs)
> of UPnP IGD was explicited in the version 2 and is to reinstall
> mappings as the server (IWF in our case) is not required to use
> stable storage.
> 
>    I suppose PCP Client will do similarly, which means PCP client would
>    also make mapping requests on reboot, which look like renewals to
> the
>    server like Stuart stated.
> 
> => you assume implicitely two important things:
>  - a failure model where it is enough for the client to reinstall
>   its explicit dynamic mappings. This has two problems: it can take
>   time to detect a failure on the PCP server side (NAT-PMP uses
> multicast
>   to solve this point) and this opens the door of explicit dynamic
>   mapping thefts when the PCP server controls an ISP CGN (something
>   which is out of scope for UPnP IGD and NAT-PMP)

Oh!  That must be the security problem you refer us back to, but have not
re-explained to us.

So, the scenario is:

  1. PCP client does a MAP
  2. PCP server (or the CGN) crashes and loses state
  3. PCP client is, of course, unaware of that state loss until
     much later (whatever its refresh interval is)
  4. In that interval, another PCP client (or implicit dynamic
     mapping) could grab that port.

The same problem exists without PCP, of course, with an
implicit mapping (e.g., created with a TCP SYN).  And the
resolution is described in Section 6, "Cold Standby Mode" 
of draft-xu-behave-stateful-nat-standby-06:  that the 
CGN needs to use a different public IPv4 address pool 
when it crashes and loses state.   IMO, that advice 
belongs in BEHAVE's CGN Requirements document, as it 
does not solely affect PCP.  Simon Perreault, CC'd, 
is the editor of the CGN Requirements document.


In the PCP document, adding something along the lines of seems a reasonable
addition for the Epoch section:

   In the time between a PCP server loses state and the PCP client
   notices the lower-than-expected Epoch value, it is possible that the
   PCP client's mapping will be acquired by another host (via an
   explicit dynamic mapping or implicit dynamic mapping).  This means
   incoming traffic will be sent to a different host.  A mechanism to
   immediately inform the PCP client of state loss would reduce this
   interval, but would not eliminate this threat.  The PCP client can
   reduce this interval by using a relatively short lifetime; however,
   increases the amount of PCP chatter.  Connection authentication 
   (e.g., TLS) does eliminate this threat.

-d



>  - this doesn't solve the problem of 'stale' explicit dynamic
>   mappings, i.e., mappings which are installed on the PCP server but
>   the PCP client for any reason didn't delete.
> 
> 
>   That's why I don't see a use case of GET/GETNEXT for 'pure' PCP
> Clients.
> 
> => GETNEXT is the not-disruptive way to synchronize a PCP client and
> server pair (the disruptive way is to send first a 'delete all' so
> the PCP server 'starts' in a 'virgin' state).
> 
>    In case of a PCP Client, when does it want to know if the explicit
>    dynamic mapping was really installed by the server? In case of a
>    PCP proxy, it maintains a mapping table.
> 
> => as a co-author of the PCP Proxy I-D I can say it doesn't maintain
> a mapping table. It is *not* an option for a simple PCP Proxy
> and it is a by default NOT RECOMMENDED option for a smart PCP Proxy
> (of course to discuss further you need the whole text of the I-D,
> I expect it will be posted for the dead line, next Monday).
> 
> Thanks
> 
> Francis.Dupont@fdupont.fr
> 
> PS: BTW UPnP IGD has equivalents of GET/GETNEXT so the 'stale' mapping
> issue comes from a partial application of the UPnP IGD model to PCP,
> i.e., the first part of your argument is not sound.
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email