[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: How to include APBP scenarios in the Coexistence RequirementI-D

To: "'Alain Durand'" <alain_durand@cable.comcast.com>, "'Rémi Després'" <remi.despres@free.fr>, "'marcelo bagnulo braun'" <marcelo@it.uc3m.es>
Subject: RE: How to include APBP scenarios in the Coexistence RequirementI-D
From: "Dan Wing" <dwing@cisco.com>
Date: Wed, 16 Jul 2008 14:45:38 -0700
Cc: "'v6ops'" <v6ops@ops.ietf.org>
In-reply-to: <C4A3DE1D.1438E%alain_durand@cable.comcast.com>
References: <C4A3D73C.14388%alain_durand@cable.comcast.com> <C4A3DE1D.1438E%alain_durand@cable.comcast.com>

 

> -----Original Message-----
> From: Alain Durand [mailto:alain_durand@cable.comcast.com] 
> Sent: Wednesday, July 16, 2008 2:19 PM
> To: Alain Durand; Dan Wing; Rémi Després; marcelo bagnulo braun
> Cc: v6ops
> Subject: Re: How to include APBP scenarios in the Coexistence 
> RequirementI-D
> 
> But, of course, all this has to be balanced with the security (or lack
> thereof) of UPnP...

A requirement of any APBP is that a subscriber could only open ports
for their own IP address -- not their neighbor's IP address.

-d


>   - Alain.
> 
> 
> On 7/16/08 4:50 PM, "Alain Durand" 
> <alain_durand@cable.comcast.com> wrote:
> 
> > Dan,
> > 
> > Because there is only one level of NAT in dual-stack lite, 
> couldn't this be
> > simplified by asking the dual-stack lite home gateway to 
> forward the UPnP
> > message to the dual-stack lite carrier-grade NAT?
> > 
> >   - Alain.
> > 
> > 
> > On 7/16/08 2:03 PM, "Dan Wing" <dwing@cisco.com> wrote:
> > 
> >>> Following some privatly received comments of Dan Wing, the
> >>> standby phase hasn't be long, and the idea to possibly give up
> >>> APBP stands no longer !
> >>> 
> >>> I just posted draft-01,  with  I believe  substantial 
> simplifications
> >>> and improved applicability.
> >>> 
> >>> Sorry for the one more change.
> >> 
> >> Allow me to elaborate a bit on our offline discussion over 
> the weekend.
> >> 
> >> I noticed all of the current proposals (SNAT, NAT64, NAT6, IVI,
> >> dual-stack-lite, etc.) are quiet on a significant aspect 
> of a requirement
> >> that
> >> is important:  keeping existing games and existing 
> applications working.  I
> >> am
> >> thinking of game boxes like Microsoft's Xbox that need 
> UPnP IGD in order to
> >> function properly over the Internet, and applications such 
> as Microsoft
> >> Netmeeting (needs an H.323 ALG in the NAT), Quicktime and 
> RealAudio streaming
> >> (RTSP), and so on.  http://tools.ietf.org/html/rfc3027 
> does a good job of
> >> explaining the specifics.
> >> 
> >> A protocol which meets the requirements of APBP would 
> allow UPnP IGD,
> >> NAT-PMP,
> >> and appropriate ALGs to be in the subscriber-side CPE box, 
> and allow using
> >> APBP to the carrier-owned NAT64/NAT44 box to obtain a 
> real, publicly-routable
> >> v4 transport address.  That publicly-routable v45 
> transport address would
> >> then
> >> be used by the subscriber-side CPE in exactly the same way 
> that today's
> >> subscriber-side CPE uses its own WAN transport address for the same
> >> functions.
> >> For UPnP IGD, the availability of APBP means a host that 
> performs the UPnP
> >> getPublicIPAddress() API call would get a 
> publicly-routable v4 transport
> >> address.  Without APBP, a host performing that same 
> function call would not
> >> get a v4 address at all.
> >> 
> >> 
> >> Here is some beautiful ASCII art diagrams of the 
> difference between today's
> >> UPnP IGD (and NAT-PMP) and what I am suggesting is useful 
> (and necessary) for
> >> tomorrow's APBP in conjunction with UPnP IGD and NAT-PMP:
> >> 
> >> 
> >> Today's UPnP IGD and NAT-PMP function at a high level:
> >> 
> >> +-----------------+
> >> |incoming UPnP IGD|
> >> |or NAT-PMP packet|
> >> +----+------------+
> >>      |
> >>      V
> >> +-------------+          +-----------------------+
> >> |  need new   |-----YES->| create NAT binding    |
> >> |NAT binding? |          |using NAT's WAN address|
> >> +----+--------+          +---------+-------------+
> >>      |                             |
> >>      NO                            |
> >>      |                             |
> >>      V                             |
> >> +----+---------------+             |
> >> |respond to UPnP IGD |<------------+
> >> |or NAT-PMP request  |
> >> +----+---------------+
> >> 
> >> 
> >> Change to UPnP IGD or NAT-PMP function inside of the subscriber NAT
> >> (difference highlighted with "=" and capital letters):
> >> 
> >> 
> >> +-----------------+
> >> |incoming UPnP IGD|
> >> |or NAT-PMP packet|
> >> +----+------------+
> >>      |
> >>      V
> >> +-------------+          +=========================+
> >> |  need new   |-----YES->| SEND "APBP" MESSAGE     |
> >> |NAT binding? |          | TOWARDS SP'S CARRIER NAT|
> >> +----+--------+          +=========+===============+
> >>      |                             |
> >>      NO                            |
> >>      |                             |
> >>      V                             |
> >> +----+---------------+             |
> >> |respond to UPnP IGD |<------------+
> >> |or NAT-PMP request  |
> >> +----+---------------+
> >> 
> >> -d
> >> 
> >> 
> > 
> > 
> > 
> 
>

References:
- Re: How to include APBP scenarios in the Coexistence RequirementI-D
  - From: "Durand, Alain" <Alain_Durand@cable.comcast.com>
- Re: How to include APBP scenarios in the Coexistence RequirementI-D
  - From: Alain Durand <alain_durand@cable.comcast.com>

Prev by Date: RE: How to include APBP scenarios in the Coexistence RequirementI-D
Next by Date: Re: How to include APBP scenarios in the Coexistence RequirementI-D
Previous by thread: Re: How to include APBP scenarios in the Coexistence RequirementI-D
Next by thread: Re: How to include APBP scenarios in the Coexistence RequirementI-D
Index(es):
- Date
- Thread