[pcp] comments about draft-wing-pcp-design-considerations-00.txt
Francis Dupont <Francis.Dupont@fdupont.fr> Tue, 21 September 2010 23:00 UTC
Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: pcp@core3.amsl.com
Delivered-To: pcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9F183A69DB for <pcp@core3.amsl.com>; Tue, 21 Sep 2010 16:00:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.023
X-Spam-Level:
X-Spam-Status: No, score=-3.023 tagged_above=-999 required=5 tests=[AWL=0.226, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O2rbSft+xV1t for <pcp@core3.amsl.com>; Tue, 21 Sep 2010 16:00:23 -0700 (PDT)
Received: from givry.fdupont.fr (givry.fdupont.fr [91.121.26.85]) by core3.amsl.com (Postfix) with ESMTP id E9AAE3A69B1 for <pcp@ietf.org>; Tue, 21 Sep 2010 16:00:22 -0700 (PDT)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id o8LN0lhk092070 for <pcp@ietf.org>; Tue, 21 Sep 2010 23:00:47 GMT (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201009212300.o8LN0lhk092070@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: pcp@ietf.org
Date: Wed, 22 Sep 2010 01:00:47 +0200
Sender: Francis.Dupont@fdupont.fr
Subject: [pcp] comments about draft-wing-pcp-design-considerations-00.txt
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Sep 2010 23:00:24 -0000
(note: I already sent privately this to authors) => I have a concern about terminology: we have many involved entities, terminals, servers, agents, etc. For instance the term client where it is not defined can be very ambiguous. BTW relay/proxy/IWF is an integral part of the protocol as for instance B4s are required in the DS-Lite scenario. 2.1. Add IPv6 Support Needs to support NAT44, NAPT44, stateless and stateful NAT64, NAT46, and IPv6 firewall. => forgot DS-Lite 2.2. Open Pinhole for Another Host Provide ability for another device, within same home, to open ports on behalf of another. This functionality also intended to be used by the operator of the NAT itself (e.g., the ISP) which is accessed by their technical support staff or is accessed by the end user. => I agree with the first sentence but not with the second: if PCP can be used by the ISP it is fine but it must not be a goal, i.e., PCP must not be made more complex just for this. Use 0 as internal IP address to indicate 'this IP SRC address'. => I deeply disagree: this saves nothing and can introduce ambiguities. 2.3. Interworking with UPnP IGD In UPnP IGD, a 'control point' can request a specific port or can request a wildcard port, and there is no concept of a mapping lifetime. This model does not work well with NATs, especially large scale NATs. => it is in the charter so a minimal effort should be done (even IMHO it won't work in the real world, i.e., UPnP IGD 1.0 is essentially broken for this use...). 2.3.1. Creating a mapping The Madatory bit, from draft-wing-softwire-port-control-protocol is ^ n not necessary, and will not be used in PCP. => no, please put again the mandatory bit. (update: what I want is the function, not the bit itself, i.e., I am fine with the idea to make not-zero requested values (external port and address) 'mandatory') The primary benefit of this bit is to ease interworking between UPnP IGD and PCP. => this is not true, the mandatory bit is very useful for the renew operation too. (update: for renew the requested external address is critical too) Thus, to interwork from UPnP IGD to PCP, our recommendation is that every UPnP request be forwarded to the PCP server. This works if the UPnP control point is incrementing the source port number, and also works if the UPnP control point is randomly choosing the source port number, and also works if it chooses 'any'. The UPnP IGD/PCP interworking function would request very short leases (e.g., 5 seconds) in order to avoid the chatter of a DELETE message (lifetime=0). Once a port can be allocated, its lifetime is extended. When interworking with UPnP IGD, the in-home CPE limits itself to sending one PCP message a second, which ensures there are only 5 outstanding PCP reserverations at a time; this avoids consuming all of that subscriber's NAT mappings while trying to find an available port via the UPnP IGD->PCP interworking function). => simply ridiculous... Note: for this to work successfully, the PCP server (large NAT) make an attempt to honor the requested-external-port field in the ^ missing word here PCP request. => it is the purpose of this field, isn't it? Message flow would be similar to this: => what is the internal port? 80, 81, ...? 2.3.2. Lifetime Maintenance UPnP IGD does not provide a lifetime, so the UPnP IGD/PCP interworking function is responsible for extending the lifetime of mappings that are still interesting to the UPnP IGD device. We recommend the UPnP IGD/PCP function request a port mapping lifetime equal to the client's remaining DHCP lifetime. => I agree with the principle (the IWF hides the finite lifetime by renews) but not with the introduction of DHCP here. And BTW on home networks DHCP is not used to manage a sparse resource, it is used only for address management so a client should always get the same address (some kind of implicit infinite renew), so this doesn't make sense too. 2.4. Protocol support Only TCP and UDP will be supported. Additional protocols can be defined later, using the protocol field. => please note an 'all protocols' is needed for delete. 2.5. Delete all mappings for a host PCP will allow deleting all mappings for a host. (This is already present in NAT-PMP.) => I agree but it is not in NAT-PMP which requires two requests. 2.6. Delete all mappings for all hosts in a home PCP will allow deleting all mappings for all hosts behind an in-home CPE, such as DS-Lite's "B4" element. This is to allow flushing PCP mappings when a subscriber is assigned an IP address belonging to a previous subscriber. => fine (so we have three levels of 'all': protocol, client, B4). 2.7. No Reservation of Ports in other protocol When a port reservation is made, NAT-PMP currently reserves the same port in the other transport protocol for the same host. That is, if a mapping is made for TCP/12345, the port UDP/12345 will be reserved for a future mapping. This functionality will be removed from PCP. => I strongly agree! If a protocol requires the same mapping for UDP and TCP, it will need to issue separate requests (with short lifetimes) until it is assigned the same ports. => this doesn't work, just stay with the first paragraph only. (update: it seems there is a consensus for the second part, i.e., keep only the first paragraph which stays the functionality should be removed). 2.8. Consolidate IP request and port request messages NAT-PMP currently uses a separate message to obtain the public IP address and to obtain the port. In PCP, this will be consolidated into one message so that every port response includes the external address and lifetime. Once a host has an active PCP-created mapping on one port, it will get the same external address for all subsequent port requests. => fine (this with the common request/response layout are real progresses in the design). 2.9. NAT Changing Public Mapping Currently, NAT-PMP has a feature where the NAT can alert hosts on the local LAN if the NAT's public address changed or the NAT rebooted. This functionality will not be available in the initial functionality of PCP, but can be provided in a future document. => fine (I agree there is no realistic/scalable way to do this). 2.10. Epoch As in NAT-PMP, all NATs will implement epoch. NATs which retain their state will simply increase the epoch. This reduces implementation burden to deal with NATs-that-retain-state and NATs- which-lose-state, and also allows ISPs to renumber the public side of the NAT (and force epoch back to zero). => I'd *really* like to get a SHOULD for 'retain state'. 2.12. Port number Re-use the same port as NAT-PMP (5351). => fine (I've found the way to chain a PCP dissector to the NAT-PMP one in wireshark). 3. Security Considerations TBD. => you mean MBD (Must Be Done). Some ideas: there are two cases: the easy one (DS-Lite for instance) where the topology control makes external attacks impossible (in DS-Lite this means ingress filtering to prove the request/response flow can only be between B4 and AFTR). And the hard one where any messages can be injected/replayed/etc, for this I think something like DTLS could be a good solution (BTW don't invent a new way to provide security inside the protocol). (update: the DTLS idea is not intended for real world production, the goal is only to cut the way to silly 'security improvements' to PCP :-) 5.1. Normative References [I-D.cheshire-nat-pmp] Cheshire, S., "NAT Port Mapping Protocol (NAT-PMP)", draft-cheshire-nat-pmp-03 (work in progress), April 2008. => note this is more than expired so a pointer to one of the many places where it can be found should help. Thanks Francis Dupont <fdupont@isc.org>
- [pcp] comments about draft-wing-pcp-design-consid… Francis Dupont