IETF Logo Mail Archive

Re: [sunset4] draft-ietf-sunset4-nat64-port-allocation

GangChen <phdgang@gmail.com> Tue, 06 October 2015 22:10 UTC

Return-Path: <phdgang@gmail.com>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B62E71B382E for <sunset4@ietfa.amsl.com>; Tue, 6 Oct 2015 15:10:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cvUYiU5p0aLx for <sunset4@ietfa.amsl.com>; Tue, 6 Oct 2015 15:10:00 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 939701B4113 for <sunset4@ietf.org>; Tue, 6 Oct 2015 15:10:00 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so186739419wic.1 for <sunset4@ietf.org>; Tue, 06 Oct 2015 15:09:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xXtkjbGE4XbLg6eBcPtvJU0XIcsuhzP0xhoqCw6AtJU=; b=eFIfh1t6zq1Q/kdc0/hQUaB3iPG7HKcF82ulug0KVzS32VP1oujpaPabtHHyQQJkdF pg9WgZbPKZZcmTboUFPSd9IJF82TfIdXB1wtBvDXgBhzIHgc3i9Ud9AU119QjKYEHvrH 2d+kgYVsoRJZ0Af5sSVWbe6KJJCI1om6DR0HpTETafBXBf/yt7ubVQbNOTeM7N3WibY/ B8TYVMhItSpgjtNYtDscR2Y911nGptLDYLBb/Yi1WEsfVpq8E9sGqhVQVrqXpHoLKOCn B1ajnt6atsxPl4h4ykLqRE4AdfemO/YIK32tS/GtmKQCUhbBk9dk/DgnhpRpwIuDKkGg O9hw==
MIME-Version: 1.0
X-Received: by 10.194.80.71 with SMTP id p7mr36963363wjx.83.1444169399236; Tue, 06 Oct 2015 15:09:59 -0700 (PDT)
Received: by 10.28.130.194 with HTTP; Tue, 6 Oct 2015 15:09:59 -0700 (PDT)
In-Reply-To: <CAA0dE=Xz0sPKUF2t0RN5ZCC-xAq=+FyD2HNEOD4cRwvF0_VrOw@mail.gmail.com>
References: <CAA0dE=Xz0sPKUF2t0RN5ZCC-xAq=+FyD2HNEOD4cRwvF0_VrOw@mail.gmail.com>
Date: Wed, 07 Oct 2015 06:09:59 +0800
Message-ID: <CAM+vMERrXKGf539W-FsWQLVfuYZJY_ayBxopicmkjX_2cHin5Q@mail.gmail.com>
From: GangChen <phdgang@gmail.com>
To: Alberto Leiva <ydahhrk@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sunset4/CbMCzyhbZNG8teUUUbE6khVHZuw>
Cc: draft-ietf-sunset4-nat64-port-allocation@tools.ietf.org, sunset4@ietf.org
Subject: Re: [sunset4] draft-ietf-sunset4-nat64-port-allocation
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 22:10:02 -0000

Hello Alberto,

Thank you for reading the draft.

2015-09-25 4:15 GMT+08:00, Alberto Leiva <ydahhrk@gmail.com>:
> Hi
>
> Regarding Port Randomization:
>
> Isn't hole punching worth mentioning? This being an analysis and all. Hole
> punching is like the "good" counterpart of TCP port-guessing attacks.
>
> It seems port randomization trumps simultaneous open of TCP connections
> (RFC 6146 pp. 28-30), so a random NAT64 could even forego or optional-out
> their implementation to avoid its complexity and performance hit (due to
> packet storage).
>
> See
> http://ietf.10.n7.nabble.com/Re-Last-Call-draft-ietf-behave-v6v4-xlate-stateful-Stateful-NAT64-Network-Address-and-Protocol
> and
> http://ietf.10.n7.nabble.com/Re-Review-of-the-NAT64-document-td214997.html

I read the discussion you pointed. It seems talking about the impacts
of TCP state change on NAT64 to the hole punching (I miss the first
link, it's invalid any more).
It would be helpful if you could elaborate more on the relation of
port randomization and hole punching. Not sure I understand correctly,
it seems you prefer using port randomization to facilitate the hole
punching process, in which simultaneous open of TCP connections are
involved. I may not able to figure out the hole punching process based
on port randomization, since port randomization may not can help users
to discover their exact NAT mapping, also it can't replace outbound
signalling, e.g., SIP.

Would be good to hear you more;)

> ------------------------------
>
> Also a small nitpick, feel free to ignore:
>
> Isn't the terminology a bit all over the place?
>
> In particular
>
>> Stateless NAT is performed in compliance with [RFC6145].
>> (...) Thus the NAT64 can directly extract the address and has
>> no need to record mapping states.
>
> What do you mean? RFC 6145 is SIIT, which to my knowledge is only
> informally (and some might say incorrectly) known as "Stateless NAT64"
> (much less "Stateless NAT")... even if it's "network address translating".
>
> Through the whole document the word "NAT64" is used where "IPv4/IPv6
> translation" would perhaps be more appropriate.
>
> "Stateless NAT64" doesn't exist. Or, at the very least, it isn't defined in
> any standards that I have seen.

RFC7599 may help.
There are several statements, like "It builds on existing stateless
NAT64 techniques specified in [RFC6145],...", "A stateless NAT64
function [RFC6145] is extended to allow stateless mapping of IPv4 ..."

BRs

Gang

> Alberto
>

v2.23.0 | Report a Bug | By Email