Re: [tsvwg] I-D Action: draft-ietf-tsvwg-natsupp-16.txt

Michael Tuexen <Michael.Tuexen@lurchi.franken.de> Tue, 07 April 2020 12:09 UTC

Return-Path: <Michael.Tuexen@lurchi.franken.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36F373A058F for <tsvwg@ietfa.amsl.com>; Tue, 7 Apr 2020 05:09:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.49
X-Spam-Level:
X-Spam-Status: No, score=-1.49 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.398, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPiIgBCUde6N for <tsvwg@ietfa.amsl.com>; Tue, 7 Apr 2020 05:09:53 -0700 (PDT)
Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A0BC3A052C for <tsvwg@ietf.org>; Tue, 7 Apr 2020 05:09:53 -0700 (PDT)
Received: from [IPv6:2a02:8109:1140:c3d:7d82:600f:9a63:acdb] (unknown [IPv6:2a02:8109:1140:c3d:7d82:600f:9a63:acdb]) (Authenticated sender: lurchi) by mail-n.franken.de (Postfix) with ESMTPSA id 1575C725D3FAB; Tue, 7 Apr 2020 14:09:49 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93303148DE10@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Tue, 7 Apr 2020 14:09:48 +0200
Cc: "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F3B1520B-593F-426A-8AC4-9B2371A82B37@lurchi.franken.de>
References: <158377886936.5575.9623052267692928298@ietfa.amsl.com> <4C917C1B-74C0-4E5E-B26C-3CD6A0B2544C@lurchi.franken.de> <787AE7BB302AE849A7480A190F8B93303148DE10@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
To: mohamed.boucadair@orange.com
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/tGLlKgZOn6OBPeZox9eGARnrCQU>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-natsupp-16.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2020 12:09:56 -0000

> On 3. Apr 2020, at 18:42, mohamed.boucadair@orange.com wrote:
> 
> Hi Michael,
> 
> Please see inline. 
> 
> Cheers,
> Med
> 
>> -----Message d'origine-----
>> De : tsvwg [mailto:tsvwg-bounces@ietf.org] De la part de Michael
>> Tuexen
>> Envoyé : lundi 9 mars 2020 19:50
>> À : tsvwg@ietf.org
>> Objet : Re: [tsvwg] I-D Action: draft-ietf-tsvwg-natsupp-16.txt
>> 
>>> On 9. Mar 2020, at 19:34, internet-drafts@ietf.org wrote:
>>> 
>>> 
>>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>> This draft is a work item of the Transport Area Working Group WG of
>> the IETF.
>>> 
>>>       Title           : Stream Control Transmission Protocol (SCTP)
>> Network Address Translation Support
>>>       Authors         : Randall R. Stewart
>>>                         Michael Tuexen
>>>                         Irene Ruengeler
>>> 	Filename        : draft-ietf-tsvwg-natsupp-16.txt
>>> 	Pages           : 47
>>> 	Date            : 2020-03-09
>> Dear all,
>> 
>> this tries to
>> * address issues brought up by Maxim (see separate mail)
>> * add the YANG module provided by Mohamed
>> * address some of the issues reported bu Mohamed in a private mail
>> The .xml was also changed from v2 to v3.
>> 
>> The following suggestions from Mohamed were not integrated:
>> (a) replacing of NAT device to NAT function
>>    It is not clear to me what would be gained by this. Also other
>> documents
>>    (for example RFC 4787) also use NAT device.
> 
> [Med] The is basically to align with recent RFCs in this area, e.g., 
> 
> RFC6888 defines CGN as follows: 
> 
>   Carrier-Grade NAT (CGN):  A NAT-based [RFC2663] logical function used
>      to share the same IPv4 address among several subscribers.  A CGN
>      is not managed by the subscribers.
> 
> The NAT is a function that is embedded in a device :-)
I was looking at 
* https://tools.ietf.org/html/rfc2663
* https://tools.ietf.org/html/rfc4787
for example, which use NAT device.

Other documents just use NAT (in the sense of Network Address Translator). I'll bring that up at the interim.
> 
> BTW a generic comment: the NAT document should not be specific to NAT44, but should cover a variety of NAT flavors that are out there: NAT64, DS-Lite, etc. 
Concrete suggestions?
> 
> 
>> (b) replacing Private Address by Internal Address
>>    I would be fine with it (it would match Internal Port and Internal
>> VTag).
>>    But it would break some relation we use for Private Address and
>> Public
>>    Address (the non-private IP address assigned to the NAT device).
> 
> [Med] Private address has a specific a meaning. For example, the draft applies in the context of NAT64 as well, but there is no private IPv4 address in the internal side of the NAT. The terminology should be carefully chosen, IMO. 
> 
>> (c) replacing Public Address by External Address
>>    This would leave us with no name for the host on the External
>> network
> 
> [Med] The external IP address is not necessary a public address;, see for example the NAT in the CPE* .
> 
> 
>                                   :
>                                   |       Internet
>                   ............... | ...................
>                                   |       ISP network
>                   External pool:  |
>                   192.0.2.1/26    |
>                               ++------++  External realm
>                   ........... |  CGN   |...............
>                               ++------++  Internal realm
>                        10.0.0.1 |    |
>                                 |    |
>                                 |    |    ISP network
>                   ............. | .. | ................
>                                 |    |  Customer premises
>                      10.0.0.100 |    | 10.0.0.101
>                         ++------++  ++------++
>                         |  CPE1  |  |  CPE2  |  etc.
>                         ++------++  ++------++
>                              |
>                              H (192.168.0.1)
> 
>>    the host behind the NAT wants to connect to and need to fit with
>>    Ext-Port and Ext-VTag.
>> 
What about using

  Internal Network    |         External Network
                      |
           Internal   |   External             Remote
+--------+ Address    |   Address  /--\/--\    Address +--------+
|  SCTP  |         +-----+        /        \           |  SCTP  |
|endpoint|=========| NAT |=======| Internet |==========|endpoint|
|    A   |         +-----+        \        /           |    B   |
+--------+ Internal   |            \--/\--/      Remote+--------+
 Internal     Port    |                            Port    Remote
   VTag               |                                      VTag

instead of

  Internal Network    |         External Network
                      |
           Private    |   Public               External
+--------+ Address    |   Address  /--\/--\    Address +--------+
|  SCTP  |         +-----+        /        \           |  SCTP  |
|endpoint|=========| NAT |=======| Internet |==========|endpoint|
|    A   |         +-----+        \        /           |    B   |
+--------+ Internal   |            \--/\--/    External+--------+
 Internal     Port    |                            Port  External
   VTag               |                                      VTag

That should address your comment and still provides a clear naming.
> 
> [Med] The 
???

Best regards
Michael
> 
>> I'm open to (a) if someone clarifies why NAT function is better than
>> NAT device and explains why it wasn't used that way in, for example,
>> RFC 4787.
>> 
>> I'm open to (b) and (c), I actually like (b), if someone can suggest
>> than also a better name for the address/port/vtag the NATted host
>> is connecting to. We currently use Ext-Addr, Ext-Port, and Ext-VTag
>> for it.
>> 
>> However, these three issues are editorial and can be changed during
>> WGLC.
>> 
>> Best regards
>> Michael
>>> 
>