[sunset4] draft-ietf-sunset4-nat64-port-allocation
Alberto Leiva <ydahhrk@gmail.com> Thu, 24 September 2015 20:16 UTC
Return-Path: <ydahhrk@gmail.com>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 980111AC44B for <sunset4@ietfa.amsl.com>; Thu, 24 Sep 2015 13:16:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2NZvyA4LDzP for <sunset4@ietfa.amsl.com>; Thu, 24 Sep 2015 13:15:59 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 859C91AC529 for <sunset4@ietf.org>; Thu, 24 Sep 2015 13:15:58 -0700 (PDT)
Received: by lahh2 with SMTP id h2so75481057lah.0 for <sunset4@ietf.org>; Thu, 24 Sep 2015 13:15:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=gdPTJkodY4UpNDe+t/ep809qzfGRHKo7uERpzaQxpnY=; b=KmPnvRApdvZ+02b6cAktnXdwN17LQt2+oC6/K1ls/SrP2i62gpyj5CGY2nw/v0qUNe tzTmgVAWSgVMOVxwMMyt1OKnyyMzZbxVW180BK4nGPu66ENYAgSrhrwUY43el0gY+++L BNGIXRvXiFs7x/BdqTrhLdnYSpEsZpYoQ34C9+ssxa+NJMfgLRfkuIS9mmukSQksUCa8 j2jPyrXc9PgrkJpyqdn8syMPWBmaqn/uDoIg8ZeX6jvmIvrLclgxqYWeO2QPjyJ0V6ei 1KAcTWEfsZPIHsMhjfR1mdpUid+LCdCpbkqnGIlQPG37I918eZ0NogzC/ANkMAfLige9 TO9Q==
MIME-Version: 1.0
X-Received: by 10.152.44.195 with SMTP id g3mr456791lam.91.1443125756599; Thu, 24 Sep 2015 13:15:56 -0700 (PDT)
Received: by 10.112.220.8 with HTTP; Thu, 24 Sep 2015 13:15:56 -0700 (PDT)
Date: Thu, 24 Sep 2015 15:15:56 -0500
Message-ID: <CAA0dE=Xz0sPKUF2t0RN5ZCC-xAq=+FyD2HNEOD4cRwvF0_VrOw@mail.gmail.com>
From: Alberto Leiva <ydahhrk@gmail.com>
To: sunset4@ietf.org, draft-ietf-sunset4-nat64-port-allocation@tools.ietf.org
Content-Type: multipart/alternative; boundary="089e0158cb2e16a731052083e6c5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sunset4/8YZW8JQA0lo8AmMP4LUwiVt27CQ>
Subject: [sunset4] draft-ietf-sunset4-nat64-port-allocation
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 20:16:00 -0000
Hi Regarding Port Randomization: Isn't hole punching worth mentioning? This being an analysis and all. Hole punching is like the "good" counterpart of TCP port-guessing attacks. It seems port randomization trumps simultaneous open of TCP connections (RFC 6146 pp. 28-30), so a random NAT64 could even forego or optional-out their implementation to avoid its complexity and performance hit (due to packet storage). See http://ietf.10.n7.nabble.com/Re-Last-Call-draft-ietf-behave-v6v4-xlate-stateful-Stateful-NAT64-Network-Address-and-Protocol and http://ietf.10.n7.nabble.com/Re-Review-of-the-NAT64-document-td214997.html ------------------------------ Also a small nitpick, feel free to ignore: Isn't the terminology a bit all over the place? In particular > Stateless NAT is performed in compliance with [RFC6145]. > (...) Thus the NAT64 can directly extract the address and has > no need to record mapping states. What do you mean? RFC 6145 is SIIT, which to my knowledge is only informally (and some might say incorrectly) known as "Stateless NAT64" (much less "Stateless NAT")... even if it's "network address translating". Through the whole document the word "NAT64" is used where "IPv4/IPv6 translation" would perhaps be more appropriate. "Stateless NAT64" doesn't exist. Or, at the very least, it isn't defined in any standards that I have seen. Alberto
- [sunset4] draft-ietf-sunset4-nat64-port-allocation Alberto Leiva
- Re: [sunset4] draft-ietf-sunset4-nat64-port-alloc… GangChen
- Re: [sunset4] draft-ietf-sunset4-nat64-port-alloc… Tore Anderson
- Re: [sunset4] draft-ietf-sunset4-nat64-port-alloc… GangChen
- Re: [sunset4] draft-ietf-sunset4-nat64-port-alloc… Alberto Leiva
- Re: [sunset4] draft-ietf-sunset4-nat64-port-alloc… GangChen
- Re: [sunset4] draft-ietf-sunset4-nat64-port-alloc… Alberto Leiva