140 likes | 237 Views
Analysis of Solution Candidates to Reveal a Host Identifier ( HOST_ID ) in Shared Address Deployments draft- ietf - intarea - nat -reveal-analysis-02. Authors: Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno Presenter: Dan Wing. IETF84 – August 2012.
E N D
Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deploymentsdraft-ietf-intarea-nat-reveal-analysis-02 Authors: Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno Presenter: • Dan Wing IETF84 – August 2012
Steps to Success • There is a engineering problem • Discuss solutions • Engineer the best solution
Steps to Success • There is a engineering problem • Discuss solutions • Engineer the best solution
1. There Is an Engineering Problem • RFC6269, “Issues with IP Address Sharing” • draft-ietf-intarea-shared-addressing-issues • Section 13.1, Abuse Logging and Penalty Boxes
RFC6269, Section 13.1 ... one user who fails a number of login attempts may block out other users who have not made any previous attempts but who will now fail on their first attempt. ...
IP Reputation Image source: Jason Fesler, Yahoo!
Steps to Success • There is a engineering problem • Problem documented in RFC6269, Section 13.1 • Discuss solutions • Engineer the best solution
2. Discuss Solutions (1/2) • Collect proposed solutions • Analyze differences • Recommend best solution • Previous examples of solution discussions • “Recommendation for a Routing Architecture”, RFC6115, recommendation: ILNP • “Requirements and Analysis of Media Security Management Protocols”, RFC5479, recommendation: DTLS-SRTP
2. Discuss Solutions (2/2) • draft-ietf-intarea-nat-reveal-analysis • 8 solutions analyzed: • IPID field • IP option • Port sets • ICMP • TCP option • PROXY protocol • Host Identity Protocol (HIP) • Inject Application Headers (e.g., X-Forwarded-For)
Steps to Success • There is a engineering problem • Problem documented in RFC6269, Section 13.1 • Discuss solutions • draft-ietf-intarea-nat-reveal-analysis • Engineer the best solution
3. Engineer the best solution • First need consensus on the best solution • We aren’t yet ready
Some Questions for the WG • Consensus on problem in RFC6269 §13.1? • “Just Deploy IPv6” • Does this avoid problem in RFC6269 §13.1? • Current trajectory is 50% IPv6 in 6 years • Are there more than 8 solutions? • Disagreement that ietf-intarea-nat-reveal-analysis should recommend a best solution
Thank you draft-ietf-intarea-nat-reveal-analysis