[v6ops] PCP and I-D.ietf-v6ops-mobile-device-profile
james woodyatt <jhw@apple.com> Mon, 09 September 2013 16:15 UTC
Return-Path: <jhw@apple.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D61B21F9FAE for <v6ops@ietfa.amsl.com>; Mon, 9 Sep 2013 09:15:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P2k4sYlb7M+N for <v6ops@ietfa.amsl.com>; Mon, 9 Sep 2013 09:15:39 -0700 (PDT)
Received: from mail-out.apple.com (mail-out.apple.com [17.151.62.49]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF8E11E80F9 for <v6ops@ietf.org>; Mon, 9 Sep 2013 08:59:09 -0700 (PDT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_3516dw2+mKxo/q1wlRAYmQ)"
Received: from relay8.apple.com ([17.128.113.102]) by mail-out.apple.com (Oracle Communications Messaging Server 7u4-23.01 (7.0.4.23.0) 64bit (built Aug 10 2011)) with ESMTP id <0MSV00CM28DSMDH1@mail-out.apple.com> for v6ops@ietf.org; Mon, 09 Sep 2013 08:59:04 -0700 (PDT)
X-AuditID: 11807166-b7fd66d000006a64-cd-522df0481dbb
Received: from aniseed.apple.com (aniseed.apple.com [17.128.115.23]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by relay8.apple.com (Apple SCV relay) with SMTP id 66.82.27236.840FD225; Mon, 09 Sep 2013 08:59:04 -0700 (PDT)
Received: from [17.113.34.106] (unknown [17.113.34.106]) by aniseed.apple.com (Oracle Communications Messaging Server 7u4-24.01 (7.0.4.24.0) 64bit (built Nov 17 2011)) with ESMTPSA id <0MSV002278EF7N50@aniseed.apple.com> for v6ops@ietf.org; Mon, 09 Sep 2013 08:59:04 -0700 (PDT)
From: james woodyatt <jhw@apple.com>
Message-id: <7A28FE9A-EBA4-4C4C-8608-04B4A7820805@apple.com>
Date: Mon, 09 Sep 2013 08:59:04 -0700
To: "v6ops@ietf.org WG" <v6ops@ietf.org>
X-Mailer: Apple Mail (2.1807)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprJLMWRmVeSWpSXmKPExsUi2FAsruvxQTfIoPuFrsXpY3uZHRg9liz5 yRTAGMVlk5Kak1mWWqRvl8CV8aP7L3vBsoCK310L2BsY/zt2MXJySAiYSOzvm8wIYYtJXLi3 nq2LkYtDSKCfSWLpo3nsEM48JokPx04yg1SxCahIfLt8lwnEZhZIkrh4uhmsW1jAVGLngidA cQ4OXgEbiffT/UHCLAKqEl/XfWMFsUUENCS6tvxhA7F5BfQkHjafYoFYLCtxvPEQ+wRGnllI ps5CUgYR15ZYtvA1M4RtIPG08xUrpri+xJt3c5gWMLKtYhQoSs1JrLTQSywoyEnVS87P3cQI DrDCtB2MTcutDjEKcDAq8fAGHNMNEmJNLCuuzD3EKMHBrCTCa/YOKMSbklhZlVqUH19UmpNa fIhRmoNFSZz3opxWkJBAemJJanZqakFqEUyWiYNTqoExsj7BlT33bZvgunWhDH1mFm1Vzud8 /fUcK/25GgTfFO5q0yuv5rjNtfX7oVNffy7Zt1xVy/bbzzURTcKNt697eNvLVvDszy1MmMd1 5evZ+1qxDdOtH7CsOJO1YGnmkxrpDNErTDOb305l23mQaW7Duu69yi3uefXmEyvX/563OvSA 8don54uUWIozEg21mIuKEwFkIMPMLAIAAA==
Subject: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-profile
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 16:15:45 -0000
everyone—
I haven’t prepared an exhaustive criticism of this draft, but I do have one concern in particular I would like to highlight. The recommendations (for they are not requirements) REQ#12 and REQ#15 discussing matters related to the Port Control Protocol (PCP) and traversal of NAT and firewalls is troubling to me.
REQ#12: The cellular host SHOULD support a method to locally
construct IPv4-embedded IPv6 addresses [RFC6052]. A method to
learn PREFIX64 SHOULD be supported by the cellular host.
This solves the issue when applications use IPv4 referrals on
IPv6-only access networks.
In PCP-based environments, cellular hosts SHOULD follow
[I-D.ietf-pcp-nat64-prefix64] to learn the IPv6 Prefix used
by an upstream PCP-controlled NAT64 device. If PCP is not
enabled, the cellular host SHOULD implement the method
specified in [I-D.ietf-behave-nat64-discovery-heuristic] to
retrieve the PREFIX64.
REQ#15: The cellular host SHOULD support PCP [RFC6887].
The support of PCP is seen as a driver to save battery
consumption exacerbated by keepalive messages. PCP also
gives the possibility of enabling incoming connections to the
cellular device. Indeed, because several stateful devices
may be deployed in wireless networks (e.g., NAT and/or
Firewalls), PCP can be used by the cellular host to control
network-based NAT and Firewall functions which will reduce
per-application signaling and save battery consumption.
It seems to me that these recommendations are only worth following if there are to be PCP servers in *all* of the network elements in the paths between cellular hosts and the default free zone that implement stateful firewall (and NAT) functions. Indeed, in at least one common cellular host architecture, there is a stateful filter in the baseband chipset firmware that blocks all inbound packets that it decides are unsolicited by applications on the main system CPU. There is no PCP service in those chipset firmware implementations, and no practical way to turn off the filtering, because it is tied up with tricky power consumption issues, and without either of those things, there is pretty much no good reason to implement a PCP client on the main system CPU. It does not matter whether there are PCP servers in the firewalls further upstream, if there is a firewall in the baseband chipset that you can’t disable or control.
I recommend dropping these recommendations and replacing them with text that recognizes the present reality that cellular hosts are simply not expected ever to receive unsolicited inbound connection flows from arbitrary remote Internet addresses. It would simplify the document and it would be a more honest appraisal of the situation.
--
james woodyatt <jhw@apple.com>
core os networking
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Lorenzo Colitti
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Mikael Abrahamsson
- [v6ops] PCP and I-D.ietf-v6ops-mobile-device-prof… james woodyatt
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Mikael Abrahamsson
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Lorenzo Colitti
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Mikael Abrahamsson
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… mohamed.boucadair
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Mikael Abrahamsson
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… james woodyatt
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Owen DeLong
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… cb.list6
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… james woodyatt
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… james woodyatt
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… cb.list6
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Owen DeLong
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… mohamed.boucadair
- Re: [v6ops] PCP and I-D.ietf-v6ops-mobile-device-… Reinaldo Penno (repenno)