IETF Logo Mail Archive

Re: [Tsvwg] Fwd: WGLC for Port Randomization starts now (April 1st)

"Anantha Ramaiah (ananth)" <ananth@cisco.com> Mon, 11 May 2009 16:04 UTC

Return-Path: <ananth@cisco.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E6613A6F55 for <tsvwg@core3.amsl.com>; Mon, 11 May 2009 09:04:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLoBKA7hAfLw for <tsvwg@core3.amsl.com>; Mon, 11 May 2009 09:04:29 -0700 (PDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id 6790B3A6F8A for <tsvwg@ietf.org>; Mon, 11 May 2009 09:04:29 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.40,328,1238976000"; d="scan'208";a="35272376"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-4.cisco.com with ESMTP; 11 May 2009 16:05:46 +0000
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n4BG5kZk005973; Mon, 11 May 2009 09:05:46 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id n4BG5kV3025802; Mon, 11 May 2009 16:05:46 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 11 May 2009 09:05:46 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 11 May 2009 09:03:55 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC580735B8F9@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <4C1E0637-7800-4FF0-A827-EDE705E8607D@nokia.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Tsvwg] Fwd: WGLC for Port Randomization starts now (April 1st)
Thread-Index: AcnST0dlxVFaFmduTeyZtP1xzo8cogAAcPrQ
References: <20090509155040.0156354b@nehalam> <4C1E0637-7800-4FF0-A827-EDE705E8607D@nokia.com>
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: Lars Eggert <lars.eggert@nokia.com>, tsvwg <tsvwg@ietf.org>
X-OriginalArrivalTime: 11 May 2009 16:05:46.0428 (UTC) FILETIME=[581DF7C0:01C9D252]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1931; t=1242057946; x=1242921946; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth@cisco .com> |Subject:=20RE=3A=20[Tsvwg]=20Fwd=3A=20WGLC=20for=20Port=20 Randomization=20starts=20now=20(April=201st) |Sender:=20; bh=jOHYffFFfxzuk16XR0QjqxZgfgvFRcx67Pw96LvvNQw=; b=ghZjjyl4r0yAnrMQDiJJEyThDKvnJeF1YLfLKR9a4QnF/dFmnCCA7xzRbr Vlnwtt+aA0nxGQUDZd2HYNvFYhop01seXs0piGVhwHBzEnzAV9CDqd6thaxt bbKLQhZ7b727qGn54UmNe9tdu1ry0EHW/4wlTDAUoXDYWPnYEidiU=;
Authentication-Results: sj-dkim-1; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: Stephen Hemminger <shemminger@linux-foundation.org>
Subject: Re: [Tsvwg] Fwd: WGLC for Port Randomization starts now (April 1st)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2009 16:04:30 -0000

FWIW, the expired draft ( we were supposed re-submit it after collecting
data, but we haven't done that yet) 

http://ietfreport.isoc.org/all-ids/draft-ananth-tsvwg-timewait-00.txt

does talk about this "birthday paradox" issue. In particular it talks
about the issue which we observed on field after changing the port
allocation to random from sequential. (when the peer TCB was in the
TIMEWAIT state). The non-confirming middle boxes is another thing which
could cause side-effects, we had observed some cases in the past, but
can't re-collect the exact nature and symptoms.

-Anantha
 

> -----Original Message-----
> From: tsvwg-bounces@ietf.org [mailto:tsvwg-bounces@ietf.org] 
> On Behalf Of Lars Eggert
> Sent: Monday, May 11, 2009 8:43 AM
> To: tsvwg
> Cc: Stephen Hemminger
> Subject: [Tsvwg] Fwd: WGLC for Port Randomization starts now 
> (April 1st)
> 
> Forwarded with permission. Discussion is at 
> http://thread.gmane.org/gmane.linux.network/127652/focus=127679
> 
> Begin forwarded message:
> 
> > From: Stephen Hemminger <shemminger@linux-foundation.org>
> > Date: May 10, 2009 1:50:40 GMT+03:00
> > To: "James M. Polk" <jmpolk@cisco.com>,         "Eggert 
> Lars (Nokia- 
> > NRC/Espoo)" 	<lars.eggert@nokia.com>
> > Subject: Re: WGLC for Port Randomization starts now (April 1st)
> >
> > One issue with port randomization which is not covered in 
> the draft, 
> > but just showed up as a surprise to a Linux user is that port 
> > randomization increases the frequency of port reuse (see Birthday 
> > Paradox).  For correctly behaving endpoints, this no 
> problem. But in 
> > this user's case there was some old firewall (non-conforming 
> > middlebox), that rejected the new connections.
> > It is another case of a new protocol change breaks 
> assumptions made by 
> > intermediate devices.
> >
> > --
> 
>

v2.23.0 | Report a Bug | By Email