Re: [tsvwg] Port randomization RFC
"Eggert, Lars" <lars@netapp.com> Thu, 05 November 2015 04:44 UTC
Return-Path: <lars@netapp.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 720DF1A90DC for <tsvwg@ietfa.amsl.com>; Wed, 4 Nov 2015 20:44:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gNBavqPKVP6F for <tsvwg@ietfa.amsl.com>; Wed, 4 Nov 2015 20:44:14 -0800 (PST)
Received: from mx142.netapp.com (mx142.netapp.com [216.240.21.19]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C84901A90DA for <tsvwg@ietf.org>; Wed, 4 Nov 2015 20:44:14 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.20,246,1444719600"; d="asc'?scan'208";a="75125705"
Received: from hioexcmbx06-prd.hq.netapp.com ([10.122.105.39]) by mx142-out.netapp.com with ESMTP; 04 Nov 2015 20:43:06 -0800
Received: from HIOEXCMBX07-PRD.hq.netapp.com (10.122.105.40) by hioexcmbx06-prd.hq.netapp.com (10.122.105.39) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 4 Nov 2015 20:43:05 -0800
Received: from HIOEXCMBX07-PRD.hq.netapp.com ([::1]) by hioexcmbx07-prd.hq.netapp.com ([fe80::e1d9:911e:3048:d510%21]) with mapi id 15.00.1104.000; Wed, 4 Nov 2015 20:43:05 -0800
From: "Eggert, Lars" <lars@netapp.com>
To: Tom Herbert <tom@herbertland.com>
Thread-Topic: [tsvwg] Port randomization RFC
Thread-Index: AQHRF4CtOZiHJKsDgE2nAtUq0hl3sJ6NXd4AgAACI4A=
Date: Thu, 05 Nov 2015 04:43:05 +0000
Message-ID: <042FA59D-8728-4C52-A03F-7994AFCE852C@netapp.com>
References: <59ACCA94-8DD6-44EA-84B4-0B0D807A0CE3@netapp.com> <CALx6S35PTGZG7HV8RpwYjKnsMC2L0t0rL6iXCowhjQxNOd-CmQ@mail.gmail.com>
In-Reply-To: <CALx6S35PTGZG7HV8RpwYjKnsMC2L0t0rL6iXCowhjQxNOd-CmQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3096.5)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.120.60.34]
Content-Type: multipart/signed; boundary="Apple-Mail=_8A9DE978-7242-404B-8B6C-4FC1833B29AB"; protocol="application/pgp-signature"; micalg="pgp-sha256"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tsvwg/6J12VkffzDEjqUWAX3tZgRRAIv8>
Cc: "tsvwg@ietf.org" <tsvwg@ietf.org>
Subject: Re: [tsvwg] Port randomization RFC
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2015 04:44:17 -0000
On 2015-11-05, at 13:35, Tom Herbert <tom@herbertland.com> wrote: > GRE/UDP (and all the other UDP encapsulations) are not selecting > source port numbers in the usual sense. The source port is chosen to > reflect the flow based of the packet being encapsulated, e.g. by a > hash over 4-tuple. This is needed to support ECMP mechanisms that work > by hashing over the 4-tuple.The salient properties are that this is a > stateless selection algorithm and always gives the same answer for a > flow going through a device. (also have a uniform distribution, > initialized with random hash key, etc.). There is no requirement that > two encapsulated flows map to different 4-tuples in the outer > encapsulation. It's late in the week so I am getting stupider. Are you saying doing things according to RFC6056 won't work here, or are you saying it's overkill? Thanks, Lars
- [tsvwg] Port randomization RFC Eggert, Lars
- Re: [tsvwg] Port randomization RFC Tom Herbert
- Re: [tsvwg] Port randomization RFC Eggert, Lars
- Re: [tsvwg] Port randomization RFC Tom Herbert
- Re: [tsvwg] Port randomization RFC Lucy yong