Re: [shara] draft-thaler-port-restricted-ip-issues: Host ImplementationIssues
<mohamed.boucadair@orange-ftgroup.com> Thu, 04 March 2010 07:14 UTC
Return-Path: <mohamed.boucadair@orange-ftgroup.com>
X-Original-To: shara@core3.amsl.com
Delivered-To: shara@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1426928C0E0 for <shara@core3.amsl.com>; Wed, 3 Mar 2010 23:14:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.101
X-Spam-Level:
X-Spam-Status: No, score=-3.101 tagged_above=-999 required=5 tests=[AWL=0.148, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_LOW=-1, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UffYqR4-K8Br for <shara@core3.amsl.com>; Wed, 3 Mar 2010 23:14:30 -0800 (PST)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) by core3.amsl.com (Postfix) with ESMTP id CAF3F28C231 for <shara@ietf.org>; Wed, 3 Mar 2010 23:14:22 -0800 (PST)
Received: from omfedm07.si.francetelecom.fr (unknown [xx.xx.xx.3]) by omfedm10.si.francetelecom.fr (ESMTP service) with ESMTP id E90F29C5DB; Thu, 4 Mar 2010 08:14:22 +0100 (CET)
Received: from PUEXCH41.nanterre.francetelecom.fr (unknown [10.101.44.30]) by omfedm07.si.francetelecom.fr (ESMTP service) with ESMTP id C271F4C021; Thu, 4 Mar 2010 08:14:22 +0100 (CET)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.10]) by PUEXCH41.nanterre.francetelecom.fr ([10.101.44.30]) with mapi; Thu, 4 Mar 2010 08:14:22 +0100
From: mohamed.boucadair@orange-ftgroup.com
To: Dave Thaler <dthaler@microsoft.com>, LEVIS Pierre RD-BIZZ <IMCEAEX-_O=FT_OU=AG-E2K_cn=Recipients_cn=LEVIS+20Pierre+20FTRD_DMI@exchange2000.francetelecom.fr>, "shara@ietf.org" <shara@ietf.org>
Date: Thu, 04 Mar 2010 08:14:20 +0100
Thread-Topic: [shara] draft-thaler-port-restricted-ip-issues: Host ImplementationIssues
Thread-Index: AQHKudOGQaBzfwjk8kKwlj3f0NnQNZHe4SZAgAEVKSCAAJBl4IAA19uw
Message-ID: <5175_1267686862_4B8F5DCE_5175_1755_1_94C682931C08B048B7A8645303FDC9F30EFBC79A29@PUEXCB1B.nanterre.francetelecom.fr>
References: <4233_1267439756_4B8B988C_4233_6698_1_94C682931C08B048B7A8645303FDC9F30EFAFF530F@PUEXCB1B.nanterre.francetelecom.fr> <22201_1267512105_4B8CB329_22201_305989_1_F1A741D65FFEF6489D607B26ABA0ED5701A5DA81@ftrdmel0.rd.francetelecom.fr> <9B57C850BB53634CACEC56EF4853FF65138ECE7C@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <23707_1267609759_4B8E309F_23707_33624_1_94C682931C08B048B7A8645303FDC9F30EFBC79759@PUEXCB1B.nanterre.francetelecom.fr> <9B57C850BB53634CACEC56EF4853FF65138EFD00@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
In-Reply-To: <9B57C850BB53634CACEC56EF4853FF65138EFD00@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.5.7.378829, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2010.1.18.71820
Subject: Re: [shara] draft-thaler-port-restricted-ip-issues: Host ImplementationIssues
X-BeenThere: shara@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Sharing of an IPv4 Address discussion list <shara.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shara>
List-Post: <mailto:shara@ietf.org>
List-Help: <mailto:shara-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 07:14:45 -0000
Dear Dave, Please see inline. Cheers, Med -----Message d'origine----- De : Dave Thaler [mailto:dthaler@microsoft.com] Envoyé : mercredi 3 mars 2010 19:15 À : BOUCADAIR Mohamed NCPI/NAD/TIP; LEVIS Pierre RD-BIZZ; shara@ietf.org Objet : RE: [shara] draft-thaler-port-restricted-ip-issues: Host ImplementationIssues The term A+P does not appear in the document. The issues are with any proposal that uses port-restricted IP addresses, even ones that claim to only apply to NATs. On IPv6, the draft already states reachability over IPv6 may be present but cannot be used to determine liveness of the IPv4 stack. Med: This issue in the specific to port-restricted IP, we have the same issue for DS-Lite (The SP does not assign IPv4 address to the CPE, only an IPv6 prefix is assigned. Nevertheless, IPv4 services are delivered over IPv6) Device management can be implemented over IPv6 or rely on a "Pull" model. IMHI, these are not ** blocking ** issues, but should be taken into account when building an architecture which relies on port-restricted @es. BTW, this issue is documented in http://tools.ietf.org/html/draft-ford-shared-addressing-issues-01#section-6 where we proposed the use of UDP Ping for instance. > -----Original Message----- > From: mohamed.boucadair@orange-ftgroup.com > [mailto:mohamed.boucadair@orange-ftgroup.com] > Sent: Wednesday, March 03, 2010 1:49 AM > To: Dave Thaler; LEVIS Pierre RD-BIZZ; shara@ietf.org > Subject: RE: [shara] draft-thaler-port-restricted-ip-issues: Host > ImplementationIssues > > Dear Dave, all, > > The text you are referring to is: > > - In some part no specific to A+P (e.g., Personnel issues) > - Speculating on issues: eg.; you mentioned "significant complexity" > and "unknown > (to existing personnel) failure modes". The text does not identify > the "significant complexity" and speculates on potential failure modes. > - For receiving ICMP and like/device management issues: my answer is to > encourage the use IPv6 for implementing those features. > > Cheers, > Med > > > -----Message d'origine----- > De : Dave Thaler [mailto:dthaler@microsoft.com] > Envoyé : mardi 2 mars 2010 18:09 > À : pierre.levis@orange-ftgroup.com; shara@ietf.org > Cc : BOUCADAIR Mohamed NCPI/NAD/TIP > Objet : RE: [shara] draft-thaler-port-restricted-ip-issues: Host > ImplementationIssues > > See also the second paragraph of section 4. > Other sections (5, 6) also apply to a CPE-only model. > So it is incorrect to say that this draft raises no issues > with such a model. > > Classic NAT != the CPE model here. > > -Dave > > > -----Original Message----- > > From: pierre.levis@orange-ftgroup.com [mailto:pierre.levis@orange- > > ftgroup.com] > > Sent: Monday, March 01, 2010 10:42 PM > > To: Dave Thaler; shara@ietf.org > > Cc: mohamed.boucadair@orange-ftgroup.com > > Subject: RE: [shara] draft-thaler-port-restricted-ip-issues: Host > > ImplementationIssues > > > > Hi all, > > > > I'd like to refocus I-D.thaler-port-restricted-ip-issues on the > subject > > that was discussed in Hiroshima during the aplusp BoF. > > > > Dave's draft is exclusively focussed on A+P directly applied to > hosts, > > as clearly stated in the abstract: > > "This document discusses issues with assigning an IP address to a > host > > interface such that the IP address may only be used with a restricted > > set of ports." > > > > Dave explicitly concludes that other A+P approaches (A+P in CPEs is > the > > dominant one), are not covered by these issues: > > "The primary cause of the issues unique to port-restricted IP > addresses > > comes from assigning such an address to > > a device's interface. This concept does not occur in classic NAT. > > ... > > It is possible that the same state benefits motivating the concept of > > port- > > restricted IP addresses may be possible in other approaches that do > > not involve assigning a port-restricted IP address to an interface, > > but this investigation is left to other documents" > > > > If you go back to the introductory slides of the aplusp BoF, it is > also > > clear that A+P directly in hosts was out of the scope: > > "Host-based A+P brings additional complexity" in slide 5 of 01- > > agenda.ppt > > > > > > So, from the strict aplusp BoF point of view, this draft brings no > > objection on continuing the A+P work at the IETF. > > > > > > > > Regards, > > > > Pierre > > > > > > > > -----Message d'origine----- > > De : shara-bounces@ietf.org [mailto:shara-bounces@ietf.org] De la > part > > de mohamed.boucadair@orange-ftgroup.com > > Envoyé : lundi 1 mars 2010 11:36 > > À : dthaler@microsoft.com > > Cc : shara@ietf.org > > Objet : [shara] draft-thaler-port-restricted-ip-issues: Host > > ImplementationIssues > > > > > > Dear Dave, > > > > In your draft, you wrote: "To actually apply a port restriction, host > > stack implementations > > would need to change. Without such a change, a host may naturally > > attempt to use the IP address with arbitrary protocols and ports, > > which would be akin to address spoofing in a port-restricted IP > > address model." > > > > For fixed networks, several scenarios for the deployment of port > > restriction may be considered. Host-based model is one flavour among > > others. > > > > For the CPE-based model, port-restriction features are not required > to > > be supported by the hosts behind the CPE since port-restriction are > to > > be enforced in the CPE: No changes are required for the hosts in such > > scenario. > > > > For the host-based model (e.g., mobile networks), I agree that port- > > restriction feature is required to be supported by the host. Some > > modifications are needed (FYI, port-restriction feature may be > > activated by entering two IPTABLES lines in Linux-based Oses.). These > > modifications are to be positioned against expected gains such as: > > > > - Battery consumption for mobile devices because keepalive messages > to > > maintain NAT entries are avoided (in NAT-based solutions, "Always-on" > > services would impact severely the battery consumption. Not to > mention > > several layers of keepalive messages: e.g., IPsec, SIP ) > > - No need to embed ALG in intermediary nodes. > > - No need to embed NAT traversal technique in the host > > - No latency due to retrieving the perceived IPv4 public address (to > be > > assigned by the NAT) > > - Session tracking issues: It is not required to maintain per-session > > tracking information (legal requirement) > > - Etc. > > > > Cheers, > > Med > > > > ********************************* > > This message and any attachments (the "message") are confidential and > > intended solely for the addressees. > > Any unauthorised use or dissemination is prohibited. > > Messages are susceptible to alteration. > > France Telecom Group shall not be liable for the message if altered, > > changed or falsified. > > If you are not the intended addressee of this message, please cancel > it > > immediately and inform the sender. > > ******************************** > > > > _______________________________________________ > > shara mailing list > > shara@ietf.org > > https://www.ietf.org/mailman/listinfo/shara > > > > ********************************* > > This message and any attachments (the "message") are confidential and > > intended solely for the addressees. > > Any unauthorised use or dissemination is prohibited. > > Messages are susceptible to alteration. > > France Telecom Group shall not be liable for the message if altered, > > changed or falsified. > > If you are not the intended addressee of this message, please cancel > it > > immediately and inform the sender. > > ******************************** > > > > > ********************************* > This message and any attachments (the "message") are confidential and > intended solely for the addressees. > Any unauthorised use or dissemination is prohibited. > Messages are susceptible to alteration. > France Telecom Group shall not be liable for the message if altered, > changed or falsified. > If you are not the intended addressee of this message, please cancel it > immediately and inform the sender. > ******************************** > ********************************* This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ********************************
- [shara] draft-thaler-port-restricted-ip-issues: H… mohamed.boucadair
- Re: [shara] draft-thaler-port-restricted-ip-issue… Masataka Ohta
- Re: [shara] draft-thaler-port-restricted-ip-issue… pierre.levis
- Re: [shara] draft-thaler-port-restricted-ip-issue… Dave Thaler
- Re: [shara] draft-thaler-port-restricted-ip-issue… pierre.levis
- Re: [shara] draft-thaler-port-restricted-ip-issue… Masataka Ohta
- Re: [shara] draft-thaler-port-restricted-ip-issue… mohamed.boucadair
- Re: [shara] draft-thaler-port-restricted-ip-issue… Dave Thaler
- Re: [shara] draft-thaler-port-restricted-ip-issue… mohamed.boucadair