[shara] [Fwd: Re: shared-addressing-issues-00 questions]
Matthew Ford <ford@isoc.org> Thu, 19 March 2009 00:19 UTC
Return-Path: <ford@isoc.org>
X-Original-To: shara@core3.amsl.com
Delivered-To: shara@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 2FA063A6BAD for <shara@core3.amsl.com>;
Wed, 18 Mar 2009 17:19:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6sUcJ1bgcaQ for
<shara@core3.amsl.com>; Wed, 18 Mar 2009 17:19:19 -0700 (PDT)
Received: from smtp155.sat.emailsrvr.com (smtp155.sat.emailsrvr.com
[66.216.121.155]) by core3.amsl.com (Postfix) with ESMTP id 1A2AA3A698C for
<shara@ietf.org>; Wed, 18 Mar 2009 17:19:19 -0700 (PDT)
Received: from relay5.relay.sat.mlsrvr.com (localhost [127.0.0.1]) by
relay5.relay.sat.mlsrvr.com (SMTP Server) with ESMTP id 2851DDB407;
Wed, 18 Mar 2009 20:20:03 -0400 (EDT)
Received: by relay5.relay.sat.mlsrvr.com (Authenticated sender:
ford-AT-isoc.org) with ESMTPSA id 448E8DB40B;
Wed, 18 Mar 2009 20:20:02 -0400 (EDT)
Message-ID: <49C18FB1.8090106@isoc.org>
Date: Wed, 18 Mar 2009 17:20:01 -0700
From: Matthew Ford <ford@isoc.org>
User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209)
MIME-Version: 1.0
To: shara@ietf.org, Phil Roberts <roberts@isoc.org>,
Alain Durand <alain_durand@cable.comcast.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [shara] [Fwd: Re: shared-addressing-issues-00 questions]
X-BeenThere: shara@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Sharing of an IPv4 Address discussion list <shara.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shara>,
<mailto:shara-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shara>
List-Post: <mailto:shara@ietf.org>
List-Help: <mailto:shara-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shara>,
<mailto:shara-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2009 00:19:20 -0000
Late cc -------- Original Message -------- Subject: Re: shared-addressing-issues-00 questions Date: Wed, 18 Mar 2009 17:16:24 -0700 From: Matthew Ford <ford@isoc.org> To: Gregory Lebovitz <gregory.ietf@gmail.com> References: <f1548840903171810t69d33ed7t55ea9c6da8c2ce15@mail.gmail.com> Gregory, Thanks for the review. Some responses inline: Gregory Lebovitz wrote: > Hey Mat. > Just read this doc. Thanks for writing it. One question and a few comments > are below. > > - I fancy myself a decent english speaker, but I couldn't quite make out > this criteria: > > 1) The proximity of the end user to control over the impact > of the solution on the end-to-end communication, > Would you mind filling that out a bit? It's a little opaque isn't it? Sorry about that. What I'm saying is that if there's going to be impacts of these mechanisms on end-to-end (and there is) then mechanisms that put functions that offer control over those impacts close to the end user are to be preferred over mechanisms where control functions are either absent or remote from the end user. In other words, I don't want to see end users having to make a helpdesk call to get an inbound port opened up. > - In 3.1 you say > "But for incoming connections, the specific port numbers > allocated to customers matter because they are part of external > referrals (used by third parties to contact services run by the > customers)." > > then you state: > "the distribution is > heavy-tailed, so there are typically a small number of subscribers > who use a very high number of ports > [CGN_Viability<http://tools.ietf.org/html/draft-ford-shared-addressing-issues-00#ref-CGN_Viability> > ]." Yes, and here we're talking about outgoing ports. > and you also state: > "Early measurements also seem to indicate that, on average, only very > few ports are used by customers for incoming connections. However, a > majority of subscribers accept at least one inbound connection." > > I would agree that there are very few subscribers who actually need > inbound connections. More might "accept" inbound connections, but it's not > clear that these were actually needed/desired. I.e. most of the services > that 99% of the Internet users/subscribers use are "brokered" through some > meet-in-the-middle server/service to which they initiate an outgoing > connection first. If another outside user needs to "contact" the subscriber, > that contact is most often performed in a transaction through an already > established 3rd party server/service connection. > My point is that perhaps the need for incoming connections is similarly > heavy-tailed, such that there will typically be a very very small number of > subscribers running services needing/desiring un-brokered incoming > connections. And perhaps this number is so few that we could distill the > problem space into two: one for 99% of the users, and a separate for the > 1% desiring un-brokered inbound connections. > Thoughts? I'd rather not make sweeping assumptions about what users want or need based on (necessarily subjective) observations of today's network. And I'd even less want to make engineering trade-offs based on those assumptions. > - After: > "Such an infection > could rapidly exhaust the shared resource of the single IPv4 address > for all connected subscribers." > ADD: > "However, the simple inclusion of per-subscriber connection limiting > would go a long way to mitigate this risk." > > WHY: Every customer ISP discussion we've seen on these topics comes with > "per-user connection limit setting" in the "MUST HAVE" category of > requirements. I doubt any products proposing to meet these requirements will > ship without it. Yup. > 3.2 > Again, I think this is a tiny subset of the actual use cases, maybe 1%, > maybe. ISPs could simply reserve these for users who had purchased the MONDO > pack, which included service hosting. The rest of our grandmas, kids, > uncles, and brothers would simply purchase the BASIC pack, with no service > hosting, and would never get assigned well known ports, because they didn't > need them. Again, I don't like these assumptions about what users need and want. The potential for all Internet users to be service providers is fundamental to the utility of the network. > 3.4 > perhaps change this: > "widespread adoption of port-shared addresses > by service providers will make these complications considerably more > widespread and severe." > to this new: > "widespread adoption of port-shared addresses > by service providers will require a modified operational model in order > to better record network activity. Such a modified operational modify may > require networking product modifications to provide operators with IP + Port > for various logging and monitoring events." > > WHY: "complications widespread and severe" seems perhaps a bit overstated > for what is actually needed. I.e. if consensus leads us all to an address > sharing model, we'll need to make some ops changes in the products to go > with it. Not the end of the world. Sell more product, increase opex, pass costs onto end-users. I see two losers and one winner in this equation. Mat
- [shara] shared-addressing-issues-00 questions Gregory Lebovitz
- [shara] [Fwd: Re: shared-addressing-issues-00 que… Matthew Ford
- Re: [shara] [Fwd: Re: shared-addressing-issues-00… Gregory Lebovitz