IETF Logo Mail Archive

Re: [v6ops] draft-ietf-v6ops-ula-usage-recommendations - work or abandon?

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Fri, 13 November 2015 07:59 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5574A1A00D4 for <v6ops@ietfa.amsl.com>; Thu, 12 Nov 2015 23:59:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9vGZ0QnedjI6 for <v6ops@ietfa.amsl.com>; Thu, 12 Nov 2015 23:59:51 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A62B61A00C8 for <v6ops@ietf.org>; Thu, 12 Nov 2015 23:59:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6342; q=dns/txt; s=iport; t=1447401591; x=1448611191; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Vlcr4IxOlIplg52tPiYc2LGT8EQMhQO71865+uYvODk=; b=Q169Bei+HE0i/ZKuJiv6d4fUGC2dLItGC0OPoxY4pSNSxfxupu6e86WQ qNFG+BBGZ5L50F4qYEb0iMC588nV1GAyhL/MIISlA+GOXpI25vSDe7Llz Aczq9NJNm1NMauq5X0goAZuMNAC/YpiFda82QwFwoS9mesOaXEUeUkOxS 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AzAgCnl0VW/5NdJa1egm5NgUIGvjsBDYEIBFmGEAIcgSE4FAEBAQEBAQGBCoQ0AQEBAwEjVgULAgEIBA0DAQIBJwMCAgIwFAkIAgQBDQWIJgiyG5BUAQEBAQEBAQEBAQEBAQEBAQEBAQEBGIZUAYR9hHuCeoFEBZZIAY0mgVuWeINxAR8BAUKEBHKENoEHAQEB
X-IronPort-AV: E=Sophos; i="5.20,286,1444694400"; d="scan'208,217"; a="44563909"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-8.cisco.com with ESMTP; 13 Nov 2015 07:59:50 +0000
Received: from XCH-RTP-014.cisco.com (xch-rtp-014.cisco.com [64.101.220.154]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id tAD7xoRJ026497 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 13 Nov 2015 07:59:50 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-014.cisco.com (64.101.220.154) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Fri, 13 Nov 2015 02:59:49 -0500
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1104.000; Fri, 13 Nov 2015 02:59:49 -0500
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Lorenzo Colitti <lorenzo@google.com>, Fernando Gont <fgont@si6networks.com>
Thread-Topic: [v6ops] draft-ietf-v6ops-ula-usage-recommendations - work or abandon?
Thread-Index: AQHRHae1VO7a+hOYbUqLqGWwMabUxZ6Zd6WAgAAfhoCAAGSigA==
Date: Fri, 13 Nov 2015 07:59:49 +0000
Message-ID: <D26B5654.5DE76%evyncke@cisco.com>
References: <D25D5920.C914E%Lee.Howard@twcable.com> <CAKD1Yr3jip0NBkDxg=MvgZXg0LMS+PtREDw2jSRx0xJLqHwhGQ@mail.gmail.com> <563C7C01.6010703@foobar.org> <CAKD1Yr1rKjkDhhuD9L=R_MJ+ofOAZ2Nt+5mszZKQxCh-kH4vqw@mail.gmail.com> <563FA84C.7030601@si6networks.com> <CAKD1Yr0F888Aw0opSigtC8HV6esUrE1JECKQ4gT737s+43ayfw@mail.gmail.com> <CAG6TeAs8ie=c0F8RMioBpemCw949Bf9c7ZTNvqgaZP=10rmNcQ@mail.gmail.com> <CAKD1Yr1EqbiGJ8EZo8E909zujUt49skcz1SNe8stEWfHnbUsTw@mail.gmail.com> <CAG6TeAsHMTyhbRrOenb1kA9XEDdOCBBbuN3ZGF3LJ=8ToyGtiQ@mail.gmail.com> <CAKD1Yr3RUc9FEw7VyJ=ENH_sJY85m1BESo77v_maShPvCkj6rA@mail.gmail.com> <CAG6TeAv9DPYUCsNG_vHCTOpwwJ8KdhjWeGE=-s6dEuMgaVHf1g@mail.gmail.com> <CAKD1Yr2VXVFareTk-J_+pcr_UW9Do-zf_uYcyjNW-MTPts6hRQ@mail.gmail.com> <CAG6TeAt2JJJmALy=pJFaojbnZrQRE0e0i-D=XtTce=rmbf08tQ@mail.gmail.com> <CAKD1Yr1H2HgxBNOZBrx-ttoB6z6caLAck3csF=ti6CDUzW57ng@mail.gmail.com> <D267B9E3.5DB8C%evyncke@cisco.com> <CAKD1Yr2zY9qr76f-KO7DTnYXQEmMJ0O6M22nFczfjGfL5Dk=dA@mail.gmail.com> <564537A7.90102@si6networks.com> <CAKD1Yr3dUMEoG-De5YWDFyjGehhxBq-uyN-NSqbYgvinDUy8Wg@mail.gmail.com>
In-Reply-To: <CAKD1Yr3dUMEoG-De5YWDFyjGehhxBq-uyN-NSqbYgvinDUy8Wg@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.7.151005
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.60.138.46]
Content-Type: multipart/alternative; boundary="_000_D26B56545DE76evynckeciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/-FIbEKrBawytrVsaq9WObbgCYL4>
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-ula-usage-recommendations - work or abandon?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2015 07:59:53 -0000

A those lively NAT discussions...

I agree with Lorenzo: ports are 'just' an extension of the IP address and can be negotiated (SDP for example). Also agree with Fernando: add a 3rd party (or a 4th one -- double NAT) and your problems come.

And there are at least one firewall which checks the TCP sequence numbers, so, any attempt to 'bypass' the diode-like function by sending SYN on one side and SYN+ACK on the other side will also require to negotiate the TCP sequence numbers... And those are outside the realm of the user space application

-éric

From: Lorenzo Colitti <lorenzo@google.com<mailto:lorenzo@google.com>>
Date: vendredi 13 novembre 2015 03:59
To: Fernando Gont <fgont@si6networks.com<mailto:fgont@si6networks.com>>
Cc: Eric Vyncke <evyncke@cisco.com<mailto:evyncke@cisco.com>>, IPv6 Operations <v6ops@ietf.org<mailto:v6ops@ietf.org>>
Subject: Re: [v6ops] draft-ietf-v6ops-ula-usage-recommendations - work or abandon?

On Fri, Nov 13, 2015 at 10:06 AM, Fernando Gont <fgont@si6networks.com<mailto:fgont@si6networks.com>> wrote:
> The sort of application that tries to do this doesn't typically use TCP.

You still need to guess the port numbers. And if you're able to, that's
a sign there's something you still need to fix (see RFC6056).

The port numbers are no more a guess than the IP addresses are. Whatever told you the IP addresses can also tell you the port numbers.

v2.23.0 | Report a Bug | By Email