IETF Logo Mail Archive

Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-profile

"Reinaldo Penno (repenno)" <repenno@cisco.com> Thu, 12 September 2013 16:46 UTC

Return-Path: <repenno@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2260A11E823E for <v6ops@ietfa.amsl.com>; Thu, 12 Sep 2013 09:46:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UrfYJKCXI68s for <v6ops@ietfa.amsl.com>; Thu, 12 Sep 2013 09:45:56 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 1121E11E81D4 for <v6ops@ietf.org>; Thu, 12 Sep 2013 09:45:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25693; q=dns/txt; s=iport; t=1379004349; x=1380213949; h=from:to:subject:date:message-id:in-reply-to:mime-version; bh=slsG07yy3pcFJaQMVny4tLQVjm9Vc2wvr3n+8uyS2iw=; b=DasiiNflUwnUzaaCTwqyXjPif9dpML+w6dnGTH9OGceBzoWqFdijDvXz gBdK0kN5mrXRDU3hO8tbV1eZcrLPhmYaO9dOaYnFJHURAL8bBdAzvcG9y xtfItHr2+VIXjahGa4OPEFbHISvKmGFS8lRI+dCqES7OYEr2PWUdZU+F6 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiQFAGLvMVKtJXHB/2dsb2JhbABbgkNEOFK4GohHgRwWdIIlAQEBBC1eAQgRAQIBAgsWBzkUAwYIAQEEARIIh3oMu2qOHBYBgQcgFwGDHYEAA5kokESDIoFoBQQXIg
X-IronPort-AV: E=Sophos; i="4.90,891,1371081600"; d="scan'208,217"; a="258937307"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by rcdn-iport-5.cisco.com with ESMTP; 12 Sep 2013 16:45:25 +0000
Received: from xhc-rcd-x03.cisco.com (xhc-rcd-x03.cisco.com [173.37.183.77]) by rcdn-core2-6.cisco.com (8.14.5/8.14.5) with ESMTP id r8CGjPhV002322 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 12 Sep 2013 16:45:25 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.21]) by xhc-rcd-x03.cisco.com ([173.37.183.77]) with mapi id 14.02.0318.004; Thu, 12 Sep 2013 11:45:25 -0500
From: "Reinaldo Penno (repenno)" <repenno@cisco.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, james woodyatt <jhw@apple.com>, "v6ops@ietf.org WG" <v6ops@ietf.org>
Thread-Topic: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-profile
Thread-Index: Ac6td/8+oqaMCKkqR5qrc6AszGJyfQAeAPbAAHWssoA=
Date: Thu, 12 Sep 2013 16:45:24 +0000
Message-ID: <45A697A8FFD7CF48BCF2BE7E106F06040B6D29BD@xmb-rcd-x04.cisco.com>
In-Reply-To: <94C682931C08B048B7A8645303FDC9F36EF0EE7DFA@PUEXCB1B.nanterre.francetelecom.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.3.120616
x-originating-ip: [10.21.151.149]
Content-Type: multipart/alternative; boundary="_000_45A697A8FFD7CF48BCF2BE7E106F06040B6D29BDxmbrcdx04ciscoc_"
MIME-Version: 1.0
Subject: Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-profile
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2013 16:46:34 -0000

Hi,

Inline with [RP]

From: "mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>" <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>>
Date: Tuesday, September 10, 2013 1:27 AM
To: james woodyatt <jhw@apple.com<mailto:jhw@apple.com>>, "v6ops@ietf.org<mailto:v6ops@ietf.org> WG" <v6ops@ietf.org<mailto:v6ops@ietf.org>>
Cc: Cisco Employee <repenno@cisco.com<mailto:repenno@cisco.com>>
Subject: RE: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-profile

Hi James,

I appreciate your effort for reading and raising a technical point. I really don’t care if you shared this comment during the WGLC or now once the IETF LC is over.

Some general answers:

* This document does not aim to provide a static picture of what current implementations are doing but we are listing also features to ease adoption of the IPv6-only model. For this reason, there is a list of feature that are needed for that model: these recommendations are all SHOULD ones and not MUST. FWIW, the document included some details on broken implementations and tests but that text was removed as suggested by some reviewers. The document is not intended to ACK the current broken implementations but to list of features to have more and more implementations that can be connected in IPv6-only and DS modes without service degradation.

* The feature of retrieving the PREFIX64 using PCP has been implemented and tested (see for example http://tools.ietf.org/html/draft-boucadair-pcp-nat64-experiments-00)

* Motivations for PCP from a provider perspective are mentioned in the document. No need to re-iterate that. From a customer standpoint, some users are using their mobile connection as their main line. As such, they have the same requirements as for fixed services. I have been told that there are customers running game consoles using their mobile connection (If I’m not mistaken, Reinaldo has mentioned this case in an e-mail. I will let him confirm/infirm).

[RP] Right, FWIW in US there are wireless subscriber (LTE/4G) that do not have wireline internet. They use (and expect) this high speed wireless to carry traffic usually associated with wireline deployments. The case through a Wireless provider was related to subscribers that want to use XBOX through 4G/LTE.


* The document includes the following:

   Some of the features listed in this profile document require to
   activate dedicated functions at the network side.  It is out of scope
   of this document to list these network-side functions.

* Some operators have included PCP as a requirement for their NAT64 in the context of ongoing RFPs. For those  operators, the client-side functionality is needed.

Cheers,
Med


De : v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org> [mailto:v6ops-bounces@ietf.org] De la part de james woodyatt
Envoyé : lundi 9 septembre 2013 17:59
À : v6ops@ietf.org<mailto:v6ops@ietf.org> WG
Objet : [v6ops] PCP and I-D.ietf-v6ops-mobile-device-profile

everyone—

I haven’t prepared an exhaustive criticism of this draft, but I do have one concern in particular I would like to highlight. The recommendations (for they are not requirements) REQ#12 and REQ#15 discussing matters related to the Port Control Protocol (PCP) and traversal of NAT and firewalls is troubling to me.


REQ#12:  The cellular host SHOULD support a method to locally

        construct IPv4-embedded IPv6 addresses [RFC6052<http://tools.ietf.org/html/rfc6052>].  A method to

        learn PREFIX64 SHOULD be supported by the cellular host.



           This solves the issue when applications use IPv4 referrals on

           IPv6-only access networks.



           In PCP-based environments, cellular hosts SHOULD follow

           [I-D.ietf-pcp-nat64-prefix64<http://tools.ietf.org/html/draft-ietf-v6ops-mobile-device-profile-05#ref-I-D.ietf-pcp-nat64-prefix64>] to learn the IPv6 Prefix used

           by an upstream PCP-controlled NAT64 device.  If PCP is not

           enabled, the cellular host SHOULD implement the method

           specified in [I-D.ietf-behave-nat64-discovery-heuristic<http://tools.ietf.org/html/draft-ietf-v6ops-mobile-device-profile-05#ref-I-D.ietf-behave-nat64-discovery-heuristic>] to

           retrieve the PREFIX64.


REQ#15:  The cellular host SHOULD support PCP [RFC6887<http://tools.ietf.org/html/rfc6887>].



           The support of PCP is seen as a driver to save battery

           consumption exacerbated by keepalive messages.  PCP also

           gives the possibility of enabling incoming connections to the

           cellular device.  Indeed, because several stateful devices

           may be deployed in wireless networks (e.g., NAT and/or

           Firewalls), PCP can be used by the cellular host to control

           network-based NAT and Firewall functions which will reduce

           per-application signaling and save battery consumption.

It seems to me that these recommendations are only worth following if there are to be PCP servers in *all* of the network elements in the paths between cellular hosts and the default free zone that implement stateful firewall (and NAT) functions.  Indeed, in at least one common cellular host architecture, there is a stateful filter in the baseband chipset firmware that blocks all inbound packets that it decides are unsolicited by applications on the main system CPU. There is no PCP service in those chipset firmware implementations, and no practical way to turn off the filtering, because it is tied up with tricky power consumption issues, and without either of those things, there is pretty much no good reason to implement a PCP client on the main system CPU. It does not matter whether there are PCP servers in the firewalls further upstream, if there is a firewall in the baseband chipset that you can’t disable or control.

I recommend dropping these recommendations and replacing them with text that recognizes the present reality that cellular hosts are simply not expected ever to receive unsolicited inbound connection flows from arbitrary remote Internet addresses. It would simplify the document and it would be a more honest appraisal of the situation.


--
james woodyatt <jhw@apple.com<mailto:jhw@apple.com>>
core os networking

v2.23.0 | Report a Bug | By Email