IETF Logo Mail Archive

[v6ops] Re: Traffic control protocols (PCP and UPnP IGD)

Dan Wing <danwing@gmail.com> Fri, 02 August 2024 22:59 UTC

Return-Path: <danwing@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB7D3C1519AA for <v6ops@ietfa.amsl.com>; Fri, 2 Aug 2024 15:59:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ENE2ubOqBPEc for <v6ops@ietfa.amsl.com>; Fri, 2 Aug 2024 15:59:49 -0700 (PDT)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 002FFC1E0D8D for <v6ops@ietf.org>; Fri, 2 Aug 2024 15:59:48 -0700 (PDT)
Received: by mail-pf1-x429.google.com with SMTP id d2e1a72fcca58-70eaf5874ddso6792397b3a.3 for <v6ops@ietf.org>; Fri, 02 Aug 2024 15:59:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722639588; x=1723244388; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=10C8kbY/jRuEpWMnN1yWCSp46uR4wa072vXN4PBZGlg=; b=ZozNDvPBnV1TF4+f8pzrIFFGfd1f1ioTa7LsTt+sF27sabgzKdcs2SJXYPJwxjU1/6 y7peKQ/FdMa/4InL4pOYrMqtJ/YWlwHBM6T1Wyazpp2UVj//hYIgPgX81xPyvRsFk/JS SUdMOsJF2QlcZCq46+s0JS57LfqyiYdQvCMHxsL2owi5mAGDkzfQ11Otjrwr1CHd6/D3 cbPntaklAc9l/kxejTuCRfTC8ZHkdFiuLFyBCkAncd843KnWEN3k8SCrd065aqMBgqWl s8dYQU/O9MEk8vuV6l9Po3WTZnqU1BfvvqE5DpqaZc2e+UGPXDZQNQmD17CJsoFTklHV Mk2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722639588; x=1723244388; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=10C8kbY/jRuEpWMnN1yWCSp46uR4wa072vXN4PBZGlg=; b=SJowZCWjYcpSKzhG+oTNEwU8odYHsXFfrTeHSlAJbhaKzB/RXlm7NOEokZP+ZXYhxP Ew2gG0LQ+NERsq6fyjwgGf5qUCjN5b0CTGb4fUKP1/jE7tJIR8MbVzA7biNhjCl7sgwd bFBc38RMRCljyrc3V5qI4qkw6v/RzfT4zLmmhYhMXRfQNz0GNYBWPZmeK6ut3ytE/9+y /GtrH+UzgOVDKKR3Klt/6vxYe94PKJhEuh30d2eASDkv4P7vjVTTi+HjBy/x6V8exi1M n2D6Qfy8LmpzcWRnypKuzVNlxiU6Wwtg5v5SMJ/x7HATYdgvh0L1amMQ/YTM36elnv4p DnRA==
X-Forwarded-Encrypted: i=1; AJvYcCVa4IrPNIAeD3uZ2ZW9gdCXQ1oRK49KAWpXdZs7NTrU3lzz3ac63zfcKiGkseb5dB5mrB+eZD6taI1YOkyfRA==
X-Gm-Message-State: AOJu0YyDj/sPb/xg+xQ+TrZmx49b/zTMO04qgJIcqB2/Bgp9YN0tyMaS PQ+FbAJXjjIQct1IlMozGdLLgq5G0Q2Xe/hlHuth5fm3uPv+VSgqpbrgeaj2
X-Google-Smtp-Source: AGHT+IErwNQ8NMbi4Wd7EVecbS6snBh9SvTZv7rn4AeHGqJ+mjO6jI4zwxPjmr8qwVgNlvjx8HH2NQ==
X-Received: by 2002:a05:6a00:1989:b0:70e:98e3:1ae1 with SMTP id d2e1a72fcca58-7106cfa2dc7mr6058312b3a.9.1722639587946; Fri, 02 Aug 2024 15:59:47 -0700 (PDT)
Received: from smtpclient.apple ([47.208.219.53]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7106ed2ac2dsm1801501b3a.194.2024.08.02.15.59.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Aug 2024 15:59:47 -0700 (PDT)
From: Dan Wing <danwing@gmail.com>
Message-Id: <643C7572-055C-45B2-9830-42F7C615E7AD@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_11340A86-F045-4A35-9345-B4F61BD3D526"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\))
Date: Fri, 02 Aug 2024 15:59:46 -0700
In-Reply-To: <CACyFTPFhZbFmm8eGxxoEdfF_djsT0XKj86gE4nEFhB0Y=3VZVQ@mail.gmail.com>
To: Daryll Swer <contact@daryllswer.com>
References: <TYVPR01MB10750FB6A5FA4EB034F9B5B8AD2B42@TYVPR01MB10750.jpnprd01.prod.outlook.com> <CAPt1N1kA9KETiVsK744m5AaXvCnspsN8zkdqRR1OcMo-ftkNfA@mail.gmail.com> <TYVPR01MB10750B17554096318B8C49BACD2B42@TYVPR01MB10750.jpnprd01.prod.outlook.com> <BF9C2E26-E49C-4764-9CEA-8E7738801819@employees.org> <TYVPR01MB1075001C9D2EC290201284F66D2B42@TYVPR01MB10750.jpnprd01.prod.outlook.com> <CACyFTPH7XJ=fV9jW0h59UH-TDL7OGWw_ifehPvbFzzoH2Ln0Ng@mail.gmail.com> <ZqQDMjckkFr3_hsv@Space.Net> <CAPt1N1mhMYck7Y-SOgFfpA7OD6b0H8Y5gAjsYHWSZLFfzdiRzA@mail.gmail.com> <ZqVh5oFVFSjAYqcL@Space.Net> <CAPt1N1=T+YYPuCJq64mffTqY-1Kp+Kv9hqt+TJa_5iMUh3QC4g@mail.gmail.com> <ZqYXiBz0oFsafbwC@Space.Net> <CAPt1N1m4Z4yBx60x9VPjN5kmbL3-DY5kpfpTnpSNi=z3e98-qw@mail.gmail.com> <CACyFTPEOgUNXZSjFz0vtgju549VfABaZvt8dtds_ekmUzKAaLQ@mail.gmail.com> <3B7CF16F-D6B8-4813-903C-88AF513AD8AF@gmail.com> <CACyFTPFhZbFmm8eGxxoEdfF_djsT0XKj86gE4nEFhB0Y=3VZVQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3776.700.51)
Message-ID-Hash: FBV4ZXNLGFBQAHKSMKE47JE2CLZVMOLG
X-Message-ID-Hash: FBV4ZXNLGFBQAHKSMKE47JE2CLZVMOLG
X-MailFrom: danwing@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Ole Troan <otroan@employees.org>, "v6ops@ietf.org" <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: Traffic control protocols (PCP and UPnP IGD)
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/AwialSHLaiZFh6Tr_k3CulpAGJA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

On Aug 1, 2024, at 6:45 PM, Daryll Swer <contact@daryllswer.com> wrote:
> 
> 
>> The protocol supports other protocols, but I bet most/all implementations do not bother handling anything beyond TCP and UDP.  That's pretty typical for lots of network gear (router ACLs, firewalls, and of course NAT/NAPT).  Running over UDP is a long-standing workaround ("solution") for various protocols like IPsec (RFC3948), SCTP (RFC6951), and DCCP (RFC6773).  The overhead of the UDP header is not ideal, but UDP is deployable on the Internet.
> 
> Unfortunately, yes. But we are talking about native IPv6, so NAT-related hacks and so-called “solutions” (polite word for plaster-fixes) should be discouraged.

IPv6 residential CPE are encouraged to filter incoming traffic (*) and PCP provides a way for those filters to be opened by the host for incoming traffic.  PCP is not solely useful for IPv4 NAPT/NAT.

(*) https://datatracker.ietf.org/doc/html/rfc9099#section-5
(*) https://datatracker.ietf.org/doc/html/rfc6092

> I.e. PCP implementations MUST support, at the very least, what's written in RFC 6887, section-2.2.

They don't because the underlying firewall or NAT does not support those protocols.

> Interestingly, UDP-Lite (RFC3828) isn't mentioned there, but probably not too difficult for an implementation to support both.

Sure, it's not difficult.

> More ports for UDP+UDP-Lite - Not that it matters for native IPv6, though.

-d



> 
> --
> Best Regards
> Daryll Swer
> Website: daryllswer.com <https://mailtrack.io/l/420efa8784d17f20a16b269cb48675ffd728cc77?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=775f237a6c01c29b>
> 
> On Fri, 2 Aug 2024 at 00:37, Dan Wing <danwing@gmail.com <mailto:danwing@gmail.com>> wrote:
>> On Jul 28, 2024, at 7:01 AM, Daryll Swer <contact=40daryllswer.com@dmarc.ietf.org <mailto:40daryllswer.com@dmarc.ietf.org>> wrote:
>>> I'm all in for PCP signalling to open a port in the stateful firewall as I originally described, and PCP shouldn't encourage locking of the ecosystem to just TCP/UDP, it should support all standardised layer 4 protocols (DCCP, UDP-Lite, SCTP, maybe more).
>> 
>> https://datatracker.ietf.org/doc/html/rfc6887#section-2.2,
>>    The PCP Opcodes defined in this document are designed to support
>>    transport-layer protocols that use a 16-bit port number (e.g., TCP,
>>    UDP, Stream Control Transmission Protocol (SCTP) [RFC4960], and
>>    Datagram Congestion Control Protocol (DCCP) [RFC4340]).  Protocols
>>    that do not use a port number (e.g., Resource Reservation Protocol
>>    (RSVP), IP Encapsulating Security Payload (ESP) [RFC4303], ICMP, and
>>    ICMPv6) are supported for IPv4 firewall, IPv6 firewall, and NPTv6
>>    functions, but are out of scope for any NAT functions.
>> 
>> The protocol supports other protocols, but I bet most/all implementations do not bother handling anything beyond TCP and UDP.  That's pretty typical for lots of network gear (router ACLs, firewalls, and of course NAT/NAPT).  Running over UDP is a long-standing workaround ("solution") for various protocols like IPsec (RFC3948), SCTP (RFC6951), and DCCP (RFC6773).  The overhead of the UDP header is not ideal, but UDP is deployable on the Internet.
>> 
>> -d
>>

v2.39.1 | Report a Bug | By Email | System Status