IETF Logo Mail Archive

Re: [shara] dynamic allocation of port ranges indraft-bajko-v6ops-port-restricted-ipaddr-assign

"Dan Wing" <dwing@cisco.com> Tue, 17 March 2009 01:15 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: shara@core3.amsl.com
Delivered-To: shara@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 395DC3A695A for <shara@core3.amsl.com>; Mon, 16 Mar 2009 18:15:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.239
X-Spam-Level:
X-Spam-Status: No, score=-6.239 tagged_above=-999 required=5 tests=[AWL=0.360, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KtuLpoKh2iD1 for <shara@core3.amsl.com>; Mon, 16 Mar 2009 18:15:39 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 399BB3A6804 for <shara@ietf.org>; Mon, 16 Mar 2009 18:15:39 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.38,375,1233532800"; d="scan'208";a="142461597"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-2.cisco.com with ESMTP; 17 Mar 2009 01:16:22 +0000
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id n2H1GMFW024888; Mon, 16 Mar 2009 18:16:22 -0700
Received: from dwingwxp01 ([10.32.240.194]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n2H1GL7u020061; Tue, 17 Mar 2009 01:16:21 GMT
From: "Dan Wing" <dwing@cisco.com>
To: <Gabor.Bajko@nokia.com>, <shara@ietf.org>
References: <022601c9a2ab$2b6f46b0$fd736b80@cisco.com> <A99B171D26E1564B92D36826128CD66127EE106A91@NOK-EUMSG-01.mgdnok.nokia.com>
Date: Mon, 16 Mar 2009 18:16:21 -0700
Message-ID: <000101c9a69d$fbb10b10$c2f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acmiqys4doeQlz8/TqSaYAuofSBJEwD8La3gAABiALA=
In-Reply-To: <A99B171D26E1564B92D36826128CD66127EE106A91@NOK-EUMSG-01.mgdnok.nokia.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2949; t=1237252582; x=1238116582; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[shara]=20dynamic=20allocation=20of=20p ort=20ranges=20indraft-bajko-v6ops-port-restricted-ipaddr-as sign |Sender:=20; bh=vLNt5ijL/rG+Yy18KkphxAxX4MwV8BGIP1mUkybu/dI=; b=GEpckDFlRHL6eSrr4fi/BuJ9DSE8Z4ZuvLmuhRH2lsylE6a29tb/PX3nGT RV9h5ZUPYwRWGJJy5Hl209AmCla9FniToNRe0lYDVnHkTeI3CVM+GH5a8xJZ KclQtXPHQE;
Authentication-Results: sj-dkim-4; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Subject: Re: [shara] dynamic allocation of port ranges indraft-bajko-v6ops-port-restricted-ipaddr-assign
X-BeenThere: shara@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Sharing of an IPv4 Address discussion list <shara.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shara>
List-Post: <mailto:shara@ietf.org>
List-Help: <mailto:shara-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2009 01:15:40 -0000

>   >I interpret the highlighted phrase to mean the PRR 
> provides a range of
>   >ports on a *different* IP address.  Is that the intent?  
> 
> The intention was to say that the server may allocate an 
> additional set of ports, which may belong to the same or 
> different IP address.
> 
>   >Is that the intent?  I had expected
>   >that sentence in the I-D to conclude with "... offer the client
>   >additional ports on the same IP address as previously allocated."
> 
> Yes, that would simplify considerably both the client and 
> server operation. I can add a clarification that the server 
> should allocate additional ports belonging to the same IP 
> address (if possible).

It has to or else some applications will fail.  Passive FTP
will break if the FTP server requires the IP connection from
the same IP address as the control channel (see 
http://cr.yp.to/ftp/security.html for a discussion).  I 
understand that some HTTP applications have a similar 
requirement.  This is all because, on today's Internet, IPv4
address = identity, and if a host's connections start appearing 
on different IPv4 addresses at the same time then some 
applications deem it is a new 'identity' (because it is a new
IPv4 address).

This is captured in REQ-1 of 
http://tools.ietf.org/html/draft-nishitani-cgn-01,

   REQ-1: A LSN MUST allocate one external IP address to each CPE.

      a) LSN external IP address of the UDP, TCP and ICMP MUST be same.

-d


> - gabor
> 
> 
>   >-----Original Message-----
>   >From: shara-bounces@ietf.org 
> [mailto:shara-bounces@ietf.org] On Behalf Of
>   >ext Dan Wing
>   >Sent: Wednesday, March 11, 2009 5:41 PM
>   >To: shara@ietf.org
>   >Subject: [shara] dynamic allocation of port ranges in 
> draft-bajko-v6ops-
>   >port-restricted-ipaddr-assign
>   >
>   >I was pleased to see the new "Dynamic allocation of port 
> ranges" section
>   >in
>   >draft-ymbk-aplusp-03.  While digging into the details a 
> bit, I saw in
>   >Section 4.2 of draft-bajko-v6ops-port-restricted-ipaddr-assign-02:
>   >
>   >   When the server detects that a client with a specific hardware
>   >   address, having already been allocated with a port restricted IP
>   >   address, sent another DHCPDISCOVER, it MAY, based on 
> local policy,
>   >   offer the client with additional port restricted IP address.
>   >                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>   >
>   >I interpret the highlighted phrase to mean the PRR 
> provides a range of
>   >ports on a *different* IP address.  Is that the intent?  I 
> had expected
>   >that sentence in the I-D to conclude with "... offer the client
>   >additional ports on the same IP address as previously allocated."
>   >
>   >-d
>   >
>   >_______________________________________________
>   >shara mailing list
>   >shara@ietf.org
>   >https://www.ietf.org/mailman/listinfo/shara

v2.8.7 | Report a Bug | By Email