IETF Logo Mail Archive

Re: How to include APBP scenarios in the Coexistence RequirementI-D

Alain Durand <alain_durand@cable.comcast.com> Thu, 17 July 2008 15:05 UTC

Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B1E853A686B for <ietfarch-v6ops-archive@core3.amsl.com>; Thu, 17 Jul 2008 08:05:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.338
X-Spam-Level: **
X-Spam-Status: No, score=2.338 tagged_above=-999 required=5 tests=[AWL=-1.698, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_MODEMCABLE=0.768, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, MIME_QP_LONG_LINE=1.396, RCVD_NUMERIC_HELO=2.067, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jweGZvXa1n1 for <ietfarch-v6ops-archive@core3.amsl.com>; Thu, 17 Jul 2008 08:05:10 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 60CC23A6781 for <v6ops-archive@lists.ietf.org>; Thu, 17 Jul 2008 08:05:10 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1KJV19-000MGP-Qm for v6ops-data@psg.com; Thu, 17 Jul 2008 15:03:39 +0000
Received: from [208.17.35.58] (helo=paoakoavas09.cable.comcast.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <alain_durand@cable.comcast.com>) id 1KJV10-000MFJ-QJ for v6ops@ops.ietf.org; Thu, 17 Jul 2008 15:03:36 +0000
Received: from ([10.195.246.152]) by paoakoavas09.cable.comcast.com with ESMTP id KP-NTF18.57855991; Thu, 17 Jul 2008 11:03:09 -0400
Received: from PACDCEXCMB06.cable.comcast.com ([24.40.15.22]) by NJMDCEXCRLY01.cable.comcast.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 17 Jul 2008 11:03:10 -0400
Received: from 71.192.55.85 ([71.192.55.85]) by PACDCEXCMB06.cable.comcast.com ([24.40.15.22]) via Exchange Front-End Server webmail.comcast.com ([24.40.8.152]) with Microsoft Exchange Server HTTP-DAV ; Thu, 17 Jul 2008 15:02:21 +0000
User-Agent: Microsoft-Entourage/12.11.0.080522
Date: Thu, 17 Jul 2008 11:02:19 -0400
Subject: Re: How to include APBP scenarios in the Coexistence RequirementI-D
From: Alain Durand <alain_durand@cable.comcast.com>
To: Rémi Després <remi.despres@free.fr>, Dan Wing <dwing@cisco.com>
CC: marcelo bagnulo braun <marcelo@it.uc3m.es>, v6ops <v6ops@ops.ietf.org>
Message-ID: <C4A4D73B.143DB%alain_durand@cable.comcast.com>
Thread-Topic: How to include APBP scenarios in the Coexistence RequirementI-D
Thread-Index: Acjn9cfsLUOyuoRHTambGl3DA2Gv4AAKFOwx
In-Reply-To: <487F1483.5030403@free.fr>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
X-OriginalArrivalTime: 17 Jul 2008 15:03:10.0269 (UTC) FILETIME=[3A2C16D0:01C8E81E]
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>

Rémi,

I have some fundamental objections to the APBP proposal.

What is does is replace the carrier grade nat (CGN) by a distributed system
of home gateways that are allocated chunks of port numbers.
The service provider still has to run the port mapping part of the CGN, the
only advantage I see is to avoid back-hauling the data traffic to the CGN.

You still have most if the issue with CGN, which are mainly customer apps
cannot expect to run on their own, well know, port number.

More importantly, you introduce a whole bunch of new issues. In random
order:
- You need to put filtering in place on the ISP access router to make sure
the customer is only using the allocated port numbers. This list needs to be
in sync with the port number allocation system.
- The same access router now need to do port base routing to return the
packets to the customer. This is not without cost.
- Allocating chunks of port number is not the most efficient allocation
algorithm. If a customers does nothing or just use one port number, you are
wasting a lot of resources.
- Timing out those port number is a bit of a mess, both the apps, the home
gateway, the access router and the port allocation system need to be synced
up.
- All kind of security measure need to be put in place to prevent customers
to hoard the port number space.

In other words, the complexity you create by distributing the mapping
mechanism seems high. It seem to me a better trade-off to centralize this in
a CGN. Please note that an ISP does not need to run only one CGN and can
distribute those as well close to its network edge, but no closer.

Note: the route you are on seems to lead to IPv7 (ask ekr about it), where
you augment the IPv4 addressing space with the port number space for
routing. You might have seen the T-shirt 32+16 > 128.

   - Alain.


On 7/17/08 5:44 AM, "Rémi Després" <remi.despres@free.fr> wrote:

> Dan Wing  - Le 7/16/08 8:03 PM :
> 
>> I noticed all of the current proposals (SNAT, NAT64, NAT6, IVI,
>> dual-stack-lite, etc.) are quiet on a significant aspect of a requirement
>> that
>> is important:  keeping existing games and existing applications working.  I
>> am
>> thinking of game boxes like Microsoft's Xbox that need UPnP IGD in order to
>> function properly over the Internet, and applications such as Microsoft
>> Netmeeting (needs an H.323 ALG in the NAT), Quicktime and RealAudio streaming
>> (RTSP), and so on.  http://tools.ietf.org/html/rfc3027 does a good job of
>> explaining the specifics.
> 
> Thanks, a very useful RFC.
> 
> 
> 
>> Here is some beautiful ASCII art diagrams of the difference between today's
>> UPnP IGD (and NAT-PMP) and what I am suggesting is useful (and necessary) for
>> tomorrow's APBP in conjunction with UPnP IGD and NAT-PMP:
> 
> In the new APBP draft
> (http://tools.ietf.org/html/draft-despres-v6ops-apbp-01), an APBP client
> obtains in one request a public IPv4 address and a range of ports to go
> with it.
> An APBP message to the APBP server is then not necessary for each
> UPnP... packet, and independent outgoing connections will have the same
> public IPv4 source adress, IMO an important progress.
> 
> Here is a proposed revision of your ASCII art:
> 
> +-----------------+
> |incoming UPnP IGD|
> |or NAT-PMP packet|
> +----+------------+
>       |
>       V
> +-------------+          +===============================+
> |  need new   |-----YES->|If needed, Send an APBP Request|
> |NAT binding? |          |   Then create NAT binding     |
> +----+--------+          |using the obtained IPv4 address|
>       |                   | and a free port in its range  |
>       NO                  +===============================+
>       |                             |
>       V                             |
> +----+---------------+             |
> |respond to UPnP IGD |<------------+
> |or NAT-PMP request  |
> +----+---------------+
> 
> 
> 
> 
> Once an APBP client has obtained a range of ports with an address, it
> can operate as though it would have an exclusive v4 address, except that
> it has less than 64K ports to go with it, and no port in the < 1024 range.
> - Of course, this is still a significant restriction but, IMU, CGNs
> won't do better.
> - To be reachable on a well-known port, in a site that has an IPv6
> prefix and no public IPv4 address, applications should better be
> reachable in IPv6.
> 
> 
> Regards.
> 
> RD
>

v2.23.0 | Report a Bug | By Email