IETF Logo Mail Archive

[v6ops] Re: Traffic control protocols (PCP and UPnP IGD)

Daryll Swer <contact@daryllswer.com> Fri, 02 August 2024 01:46 UTC

Return-Path: <contact@daryllswer.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11E11C16941D for <v6ops@ietfa.amsl.com>; Thu, 1 Aug 2024 18:46:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=daryllswer.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tf7XN6OgPI03 for <v6ops@ietfa.amsl.com>; Thu, 1 Aug 2024 18:46:16 -0700 (PDT)
Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8308C14CE55 for <v6ops@ietf.org>; Thu, 1 Aug 2024 18:46:15 -0700 (PDT)
Received: by mail-pl1-x62b.google.com with SMTP id d9443c01a7336-1fd6ed7688cso63753505ad.3 for <v6ops@ietf.org>; Thu, 01 Aug 2024 18:46:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daryllswer.com; s=google; t=1722563175; x=1723167975; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=FIcr1Eva2fY2PKaiUfpO3r8Rk4/aWaZ/u2x9XnYZGlQ=; b=j/HZY9ESAXZElfjkiC2mxOR1UFEVOYB4vGso6mwTXrHASaz+5gxplOQ0EG/rM4nIIB cc4C0Qr7v6hpJx2C8T6rc4p2lnvYDyjo9oaTpJQq+PA4cW4UDgpWIIYGZuadf2WnQzC2 3ySRzTVvhS5p0HaLIZyAcE6cgei2zhKYrhGlEhx5+Pe2bPgUrRhj+qELgS+0Bf7cXx/Q mcKZJx1cK8usyPsV7PSU0UI810HIuzfpqyWzE4t5P4pKO00xYfObj3c9TGQ8U298MfGZ ZkFzDh4cwyKM6de1+vuDcfxYtRfFlQ4San3Pa2SnOHpksaHe9sH3zN34q0HgycM2IMcy eTCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722563175; x=1723167975; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FIcr1Eva2fY2PKaiUfpO3r8Rk4/aWaZ/u2x9XnYZGlQ=; b=Luy7RPWfvVMd/tXeWXh1wuv9taJ5fbv1p4pmX179AbxDibz8mp1dH7+fu3IA5SRvD4 1ARP85+6Vx+7Qd78FMdnbRdIW72QRbaQCBYFB1VkrhiwUDoxKCOnvD1Y4AM3xize5ybj AjdTBrYpWrhukuosbGvBO78/pg0aO95bqUSbxm2+p+BEyAzD3IaN/mnpfTjkB48UncZo Z+cagaI5UFTaLlcOyMs2qvGWRPp1M7Ij3X8pqDW6aQdR+rrk8GjRIoDAB5KTpKl77tJW yOgUk2v0yAgC+01PW8DwNZg0CcCgLq9Rqphz/fLpL4SSsCT39TnAFML1o7vl6W8PDaC5 uWkg==
X-Forwarded-Encrypted: i=1; AJvYcCXFPS92bI/OQOMpTAIw3+vbM+cncPQ9N0RxBwM6jJ0m8dD3LOkyoqNgJ/nSLktW2cU037Kry9YtqrdgDtlHbA==
X-Gm-Message-State: AOJu0YxDDFe4Ma7XNf9I/0mjFw4ESrGwRDmNtYZ04hl3mFrUKlI+D41H 0jtFK56dx9Lw+fP67Yj7mKYi5x/JR8pb/9hvWIw/0aU+0+7nfgx71c+uxogk0nSQrmxCr8tP87d r1LU=
X-Google-Smtp-Source: AGHT+IG4XGmHwDYTDXCF7Vz/3QOO7JNS4Xm8YUwL57mhRV+DLN0Gv+y5XX5rcXUe3auoWR9F84b9hw==
X-Received: by 2002:a17:902:d4c3:b0:1fd:9b96:32d4 with SMTP id d9443c01a7336-1ff57459864mr29092805ad.51.1722563174603; Thu, 01 Aug 2024 18:46:14 -0700 (PDT)
Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com. [209.85.215.181]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff5929839csm5474615ad.260.2024.08.01.18.46.14 for <v6ops@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Aug 2024 18:46:14 -0700 (PDT)
Received: by mail-pg1-f181.google.com with SMTP id 41be03b00d2f7-7a1d48e0a5fso4529611a12.3 for <v6ops@ietf.org>; Thu, 01 Aug 2024 18:46:14 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCVqgjTwLDK1qAEF5qef2gILJvFkQC0FOqawbozGoVVH2Z5B1KlcvO39xZBKHDES81Q40voLsv/XiEtC4liuhw==
X-Received: by 2002:a05:6a20:918c:b0:1c4:8dc0:8357 with SMTP id adf61e73a8af0-1c69958467cmr3205040637.25.1722563173695; Thu, 01 Aug 2024 18:46:13 -0700 (PDT)
MIME-Version: 1.0
References: <TYVPR01MB10750FB6A5FA4EB034F9B5B8AD2B42@TYVPR01MB10750.jpnprd01.prod.outlook.com> <CAPt1N1kA9KETiVsK744m5AaXvCnspsN8zkdqRR1OcMo-ftkNfA@mail.gmail.com> <TYVPR01MB10750B17554096318B8C49BACD2B42@TYVPR01MB10750.jpnprd01.prod.outlook.com> <BF9C2E26-E49C-4764-9CEA-8E7738801819@employees.org> <TYVPR01MB1075001C9D2EC290201284F66D2B42@TYVPR01MB10750.jpnprd01.prod.outlook.com> <CACyFTPH7XJ=fV9jW0h59UH-TDL7OGWw_ifehPvbFzzoH2Ln0Ng@mail.gmail.com> <ZqQDMjckkFr3_hsv@Space.Net> <CAPt1N1mhMYck7Y-SOgFfpA7OD6b0H8Y5gAjsYHWSZLFfzdiRzA@mail.gmail.com> <ZqVh5oFVFSjAYqcL@Space.Net> <CAPt1N1=T+YYPuCJq64mffTqY-1Kp+Kv9hqt+TJa_5iMUh3QC4g@mail.gmail.com> <ZqYXiBz0oFsafbwC@Space.Net> <CAPt1N1m4Z4yBx60x9VPjN5kmbL3-DY5kpfpTnpSNi=z3e98-qw@mail.gmail.com> <CACyFTPEOgUNXZSjFz0vtgju549VfABaZvt8dtds_ekmUzKAaLQ@mail.gmail.com> <3B7CF16F-D6B8-4813-903C-88AF513AD8AF@gmail.com>
In-Reply-To: <3B7CF16F-D6B8-4813-903C-88AF513AD8AF@gmail.com>
From: Daryll Swer <contact@daryllswer.com>
Date: Fri, 02 Aug 2024 07:15:37 +0530
X-Gmail-Original-Message-ID: <CACyFTPFhZbFmm8eGxxoEdfF_djsT0XKj86gE4nEFhB0Y=3VZVQ@mail.gmail.com>
Message-ID: <CACyFTPFhZbFmm8eGxxoEdfF_djsT0XKj86gE4nEFhB0Y=3VZVQ@mail.gmail.com>
To: Dan Wing <danwing@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000125298061ea97e18"
Message-ID-Hash: V5NSV7O3FZOBDH43U5YQAVGZ7A6GMTF4
X-Message-ID-Hash: V5NSV7O3FZOBDH43U5YQAVGZ7A6GMTF4
X-MailFrom: contact@daryllswer.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Ole Troan <otroan@employees.org>, "v6ops@ietf.org" <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: Traffic control protocols (PCP and UPnP IGD)
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/keRQeOmo2Z1Yl3iWf3vQY6nzmmU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

>
> The protocol supports other protocols, but I bet most/all implementations
> do not bother handling anything beyond TCP and UDP.  That's pretty typical
> for lots of network gear (router ACLs, firewalls, and of course NAT/NAPT).
> Running over UDP is a long-standing workaround ("solution") for various
> protocols like IPsec (RFC3948), SCTP (RFC6951), and DCCP (RFC6773).  The
> overhead of the UDP header is not ideal, but UDP is deployable on the
> Internet.
>

Unfortunately, yes. But we are talking about native IPv6, so NAT-related
hacks and so-called “solutions” (polite word for plaster-fixes) should be
discouraged. I.e. PCP implementations MUST support, at the very least,
what's written in RFC 6887, section-2.2.

Interestingly, UDP-Lite (RFC3828) isn't mentioned there, but probably not
too difficult for an implementation to support both. More ports for
UDP+UDP-Lite - Not that it matters for native IPv6, though.

*--*
Best Regards
Daryll Swer
Website: daryllswer.com
<https://mailtrack.io/l/420efa8784d17f20a16b269cb48675ffd728cc77?url=https%3A%2F%2Fwww.daryllswer.com&u=2153471&signature=775f237a6c01c29b>


On Fri, 2 Aug 2024 at 00:37, Dan Wing <danwing@gmail.com> wrote:

> On Jul 28, 2024, at 7:01 AM, Daryll Swer <contact=
> 40daryllswer.com@dmarc.ietf.org> wrote:
>
> I'm all in for PCP signalling to open a port in the stateful firewall as I
> originally described, and PCP shouldn't encourage locking of the ecosystem
> to just TCP/UDP, it should support all standardised layer 4 protocols
> (DCCP, UDP-Lite, SCTP, maybe more).
>
>
> https://datatracker.ietf.org/doc/html/rfc6887#section-2.2,
>    The PCP Opcodes defined in this document are designed to support
>    transport-layer protocols that use a 16-bit port number (e.g., TCP,
>    UDP, Stream Control Transmission Protocol (SCTP) [RFC4960], and
>    Datagram Congestion Control Protocol (DCCP) [RFC4340]).  Protocols
>    that do not use a port number (e.g., Resource Reservation Protocol
>    (RSVP), IP Encapsulating Security Payload (ESP) [RFC4303], ICMP, and
>    ICMPv6) are supported for IPv4 firewall, IPv6 firewall, and NPTv6
>    functions, but are out of scope for any NAT functions.
>
> The protocol supports other protocols, but I bet most/all implementations
> do not bother handling anything beyond TCP and UDP.  That's pretty typical
> for lots of network gear (router ACLs, firewalls, and of course NAT/NAPT).
> Running over UDP is a long-standing workaround ("solution") for various
> protocols like IPsec (RFC3948), SCTP (RFC6951), and DCCP (RFC6773).  The
> overhead of the UDP header is not ideal, but UDP is deployable on the
> Internet.
>
> -d
>
>

v2.39.1 | Report a Bug | By Email | System Status