IETF Logo Mail Archive

Re: QUIC Address Extension for NAT detection

Patrick McManus <mcmanus@ducksong.com> Wed, 20 March 2019 14:26 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85812129AB8 for <quic@ietfa.amsl.com>; Wed, 20 Mar 2019 07:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ducksong.com header.b=lNreoGtN; dkim=pass (2048-bit key) header.d=outbound.mailhop.org header.b=hpCuPCs0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pk5nyv0KOU8i for <quic@ietfa.amsl.com>; Wed, 20 Mar 2019 07:26:51 -0700 (PDT)
Received: from outbound1b.ore.mailhop.org (outbound1b.ore.mailhop.org [54.200.247.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC5921294B6 for <quic@ietf.org>; Wed, 20 Mar 2019 07:26:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553092011; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=hsXkNqpgSVvvxksyc65i127t3J/KP3oFzwpB7zDf0GAXYbREKH08RFsDXR1W2L2qL9gZHnOT955gM eoR4nKpTaoINqPHeEX4YLLcBq3lUlMUrFfeHsM1kLcUfFzTmLMdWFj9JbFbw6013qI7CqBKeH57wY0 f/on3T6QvlWdVJEDKlZFH3lLhb7Yeu1VtWweQWsQ4GTX1dJ8OsXBXSUIR1hsaK341E3kMqHCyNlglf V14ZVlzjErD+r9EoJINKJ9v+Lqp8kCfnhIW0auKQKD57Sye7VwrwY1yoFRgaDeVbnOVKVP8iVz8Bw1 u+Aa8WD07/60tOWo6wqufQrQ/ZFu6PQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:dkim-signature:dkim-signature:from; bh=El20DVcV5xqVKgFo3JZSh7Zy7cvdmFtMhSDmqQLlQ4k=; b=vgiU2P6XrHt+j9OnwZSZrKy7vmJpaFS8zYXnnSKtsWSwtRpw9eyLWEmozbv4tPAR2qvOns7Uxp/gB sFJrztBTQGNrCr1yCka63acFNMDESJYSdWn+nfWPb5gU0Q1/R/O5HUk81f/qqHljvXwQLZkr29EEA8 DjEE7gA9YS0EhjRL8LoC807KZMNRAPCuTFVaxQ4SKyByBP/gNkNESKGDmU2DUSMCOQnJgoEzMKQLRU Emas35ZBLOFAb7sigliOcug0I6n8z4gD2gMwcgctxrrU89AkrbTAN1hEbQl3mnzYfKJZ/1cpjv2LWJ K9FrjDUy0orpE2ZVSkKOxz248wf2Oyg==
ARC-Authentication-Results: i=1; outbound3.ore.mailhop.org; spf=pass smtp.mailfrom=ducksong.com smtp.remote-ip=209.85.210.48; dmarc=none header.from=ducksong.com; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ducksong.com; s=duo-1537391512170-ea99bbb3; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=El20DVcV5xqVKgFo3JZSh7Zy7cvdmFtMhSDmqQLlQ4k=; b=lNreoGtNaAlI21eY0Dt1dCAR303z7gzvqq9nBvg3ldXr/Jgr8cRudZ8d+EbpwlqYXZz+PTkz9PG66 XfxdpHoRk74UigeJly0tojUxsUy5Z0LaGjdmSpH662Vs2ONTnq2UolMK12MLXSP64YbYUgW1fUYIHw gDPxC3zVnRQr6Ntg=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=El20DVcV5xqVKgFo3JZSh7Zy7cvdmFtMhSDmqQLlQ4k=; b=hpCuPCs0SraLVRy0cf5uF0QUK1dhE0Sv2JGgdzbx2VtEjhNcMTvJLu59jIMyMtTB1YpCmNR0MWdQ7 3HLjkwQF1JheAfdd1a5+sgA0ZfthQC8S0wBML+LJTAXrOUQahLq98BwXe4wahWFUwV6H3SgQ8UU4u/ nd5Sb1XI667Nn8pVFEhJIsYFG5/dBh5/wng7vMqmJAv7mRxJJ96Gnr0TgcO+eSHUbVinbV9EfzIdNq q96jvzv6z4PenS5BGlci/TXHYPisWYAR9pWbXFjcXEojK4YxhxcSYZw18tSTSCZ+vxKBx12jFanJBy 2Gk5fpJ0UrayppE6fc27RvB8+TSkbbA==
X-MHO-RoutePath: bWNtYW51cw==
X-MHO-User: 3263cb81-4b1c-11e9-9bb1-1f29e4676f89
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Originating-IP: 209.85.210.48
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from mail-ot1-f48.google.com (unknown [209.85.210.48]) by outbound3.ore.mailhop.org (Halon) with ESMTPSA id 3263cb81-4b1c-11e9-9bb1-1f29e4676f89; Wed, 20 Mar 2019 14:26:49 +0000 (UTC)
Received: by mail-ot1-f48.google.com with SMTP id d24so2251158otl.11 for <quic@ietf.org>; Wed, 20 Mar 2019 07:26:49 -0700 (PDT)
X-Gm-Message-State: APjAAAUvF6HJaLbgMAwZT6xFHSSZOkO+vf6nWfmhQwk3b51pqvthNhgP QNbYiWGobSsraynDzm5ycatcAh4AhfO5Drlbq8w=
X-Google-Smtp-Source: APXvYqyQ67CQ5/d3J7MzSD1+Fb6IFT9U4fgqUgpf6GCkJrqqDv/63EF8YBrl198eXiWFuBZYOk/Aak6u1Qo1mXidJtE=
X-Received: by 2002:a9d:618d:: with SMTP id g13mr5392920otk.254.1553092008648; Wed, 20 Mar 2019 07:26:48 -0700 (PDT)
MIME-Version: 1.0
References: <3E6E5A5B-C1B1-4ABF-89AB-C5FAF634F080@apple.com>
In-Reply-To: <3E6E5A5B-C1B1-4ABF-89AB-C5FAF634F080@apple.com>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Wed, 20 Mar 2019 10:25:59 -0400
X-Gmail-Original-Message-ID: <CAOdDvNqxJzv2VkgMK6ug+u8iS41aa2RmCUBN4qncUu-Q+KkwyA@mail.gmail.com>
Message-ID: <CAOdDvNqxJzv2VkgMK6ug+u8iS41aa2RmCUBN4qncUu-Q+KkwyA@mail.gmail.com>
Subject: Re: QUIC Address Extension for NAT detection
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: QUIC WG <quic@ietf.org>, Eric Kinnear <ekinnear@apple.com>, Chris Wood <cawood@apple.com>
Content-Type: multipart/alternative; boundary="0000000000007aa4940584876956"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/PbttLg9rGXse7mkiM46WoWQu_P4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2019 14:27:01 -0000

Coincidentally I have been noodling with an almost identical idea (though I
was only going to allow the client side to request its own IP as seen by
the peer) for prototyping in h2 with an eye towards quic if it proved
useful.

Would it be easiest to start it there (and would you be interested in
implementing it there?) as that framework already has wide deployment and a
sorta-exercised extension mechanism that seems like it should work with
minimal disruption to test out if the information is indeed useful.

I agree that ideally this is a transport function but I wouldn't let that
stand in the way of getting some experience.



On Wed, Mar 13, 2019 at 12:19 PM Tommy Pauly <tpauly=
40apple.com@dmarc.ietf.org> wrote:

> We recently posted a draft that defines a proposed extension to QUIC that
> allows peers to request their perceived IP address and port from their
> peer, effectively allowing NAT detection along a path:
>
> QUIC Address Extension
> https://datatracker.ietf.org/doc/draft-pauly-quic-address-extension/
>
> We have posted a corresponding document in TLS that provides the same
> mechanism for TLS/TCP connections:
>
> TLS Client Network Address Extension
> https://datatracker.ietf.org/doc/draft-kinnear-tls-client-net-address/
>
> One of the benefits specific to QUIC from detecting a NAT is that it helps
> determine whether or not NAT rebindings are expected to create “fake”
> migration events. It also helps a client know whether or not rotating CIDs
> and local ports will be of use to obfuscate a client’s connections.
>
> If you have any thoughts on use cases for this information, or the
> mechanism, we’d love to hear them!
>
> Best,
> Tommy
>

v2.23.0 | Report a Bug | By Email