[shara] shared-addressing-issues-00 questions

[Gregory Lebovitz <gregory.ietf@gmail.com>]

Hey Mat.
Just read this doc. Thanks for writing it. One question and a few comments
are below.

- I fancy myself a decent english speaker, but I couldn't quite make out
this criteria:

 1) The proximity of the end user to control over the impact
           of the solution on the end-to-end communication,
Would you mind filling that out a bit?


- In 3.1 you say
   "But for incoming connections, the specific port numbers
   allocated to customers matter because they are part of external
   referrals (used by third parties to contact services run by the
   customers)."

  then you state:
    "the distribution is
   heavy-tailed, so there are typically a small number of subscribers
   who use a very high number of ports
[CGN_Viability<http://tools.ietf.org/html/draft-ford-shared-addressing-issues-00#ref-CGN_Viability>
]."

  and you also state:
    "Early measurements also seem to indicate that, on average, only very
   few ports are used by customers for incoming connections.  However, a
   majority of subscribers accept at least one inbound connection."

  I would agree that there are very few subscribers who actually need
inbound connections. More might "accept" inbound connections, but it's not
clear that these were actually needed/desired. I.e. most of the services
that 99% of the Internet users/subscribers use are "brokered" through some
meet-in-the-middle server/service to which they initiate an outgoing
connection first. If another outside user needs to "contact" the subscriber,
that contact is most often performed in a transaction through an already
established 3rd party server/service connection.
   My point is that perhaps the need for incoming connections is similarly
heavy-tailed, such that there will typically be a very very small number of
subscribers running services needing/desiring un-brokered incoming
connections. And perhaps this number is so few that we could distill the
problem space into two:  one for 99% of the users, and a separate for the
1% desiring un-brokered inbound connections.
   Thoughts?

- After:
   "Such an infection
   could rapidly exhaust the shared resource of the single IPv4 address
   for all connected subscribers."
 ADD:
   "However, the simple inclusion of per-subscriber connection limiting
would go a long way to mitigate this risk."

 WHY:  Every customer ISP discussion we've seen on these topics comes with
"per-user connection limit setting" in the "MUST HAVE" category of
requirements. I doubt any products proposing to meet these requirements will
ship without it.


3.2
  Again, I think this is a tiny subset of the actual use cases, maybe 1%,
maybe. ISPs could simply reserve these for users who had purchased the MONDO
pack, which included service hosting. The rest of our grandmas, kids,
uncles, and brothers would simply purchase the BASIC pack, with no service
hosting, and would never get assigned well known ports, because they didn't
need them.


3.4
  perhaps change this:
    "widespread adoption of port-shared addresses
   by service providers will make these complications considerably more
   widespread and severe."
 to this new:
   "widespread adoption of port-shared addresses
   by service providers will require a modified operational model in order
to better record network activity. Such a modified operational modify may
require networking product modifications to provide operators with IP + Port
for various logging and monitoring events."

  WHY: "complications widespread and severe" seems perhaps a bit overstated
for what is actually needed. I.e. if consensus leads us all to an address
sharing model, we'll need to make some ops changes in the products to go
with it. Not the end of the world.

Hope it helps,
Gregory.

-- 
----
IETF related email from
Gregory M. Lebovitz
Juniper Networks