Re: [shara] port randomization (draft-ymbk-aplusp-03)

Rémi Després <remi.despres@free.fr> Sat, 14 March 2009 11:04 UTC

Message-ID: <49BB8EC1.5030207@free.fr>
Date: Sat, 14 Mar 2009 12:02:25 +0100
From: Rémi Després <remi.despres@free.fr>
User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209)
MIME-Version: 1.0
To: Gabor.Bajko@nokia.com
References: <022a01c9a2ab$fd5abf60$fd736b80@cisco.com> <A99B171D26E1564B92D36826128CD66127EE038A28@NOK-EUMSG-01.mgdnok.nokia.com>
In-Reply-To: <A99B171D26E1564B92D36826128CD66127EE038A28@NOK-EUMSG-01.mgdnok.nokia.com>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: shara@ietf.org
Subject: Re: [shara] port randomization (draft-ymbk-aplusp-03)
Precedence: list

Gabor.Bajko@nokia.com  -  le (m/j/a) 3/12/09 6:51 AM:
>   >-----Original Message-----
>   >From: shara-bounces@ietf.org [mailto:shara-bounces@ietf.org] On Behalf Of
>   >ext Dan Wing
>   
>   >Has consideration been given to having the PRR return only *one* port
>   >for each request, or to returning a list of port numbers which are
>   >not consecutive and are not a bit-pattern of ports?  These techniques
>   >would allow the PRR to distribute the requests randomly across the
>   >entire port range instead of within a block of ~100 (or whatever).
>
> This is exactly the intention of section 4 and 5 in http://www.ietf.org/internet-drafts/draft-bajko-pripaddrassign-01.txt
>
> What section 5 describes is a way to communicate a list of preallocated random ports to the client, in an indirect way.
>
>   
draft-bajko-pripaddrassign seems to me an excellent document to start with.

In www.nabble.com/FYI:-draft-despres-sam-02--enclosed-td22493319.html, I 
propose another method to avoid using consecutive port numbers on the 
global Internet.

If agreeable, I could propose a new section to deal with it in 
draft-bajko-pripaddrassign.

Parameters to be advertised in what could be sub-option 3, would be:
- the IPv4 address
- the dynamic port prefix
- the scrambling multiplier (e.g. 32 bits)
- the number of high order bits of the IPv4 address that must not be 
scrambled
 
This new sub-option is expected to be simpler than sub-options 1 and 2, 
and good enough.

In some respect it is also more powerful because it can  randomize not 
only port bits but also some lower bits of the IPv4 address: those that 
are after the IPv4 prefix of the multiplexing gateway (aka the PRR).

I look forward to discussing all this in SF.

Regards,

RD

[shara] port randomization (draft-ymbk-aplusp-03) Dan Wing
Re: [shara] port randomization (draft-ymbk-aplusp… Gabor.Bajko
Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
Re: [shara] port randomization (draft-ymbk-aplusp… Randy Bush
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… teemu.savolainen
Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… pierre.levis
Re: [shara] port randomization (draft-ymbk-aplusp… Lars Eggert
Re: [shara] port randomization (draft-ymbk-aplusp… Rémi Denis-Courmont
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… Rémi Després
Re: [shara] port randomization (draft-ymbk-aplusp… Rémi Després
Re: [shara] port randomization (draft-ymbk-aplusp… teemu.savolainen
Re: [shara] port randomization (draft-ymbk-aplusp… MILES DAVID
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
Re: [shara] port randomization (draft-ymbk-aplusp… Gabor.Bajko
Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
Re: [shara] port randomization (draft-ymbk-aplusp… pierre.levis
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… mohamed.boucadair
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… mohamed.boucadair
Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
Re: [shara] port randomization (draft-ymbk-aplusp… mohamed.boucadair