Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host...
-
Upload
alaina-ball -
Category
Documents
-
view
213 -
download
1
Transcript of Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host...
![Page 1: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/1.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 1
Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in
Shared Address Deployments
draft-ietf-intarea-nat-reveal-analysis-02
IETF84 – August 2012
Authors:Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno
Presenter:Dan Wing
![Page 2: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/2.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 2
Steps to Success
1. There is a engineering problem
2. Discuss solutions
3. Engineer the best solution
![Page 3: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/3.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 3
Steps to Success
1. There is a engineering problem
2. Discuss solutions
3. Engineer the best solution
![Page 4: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/4.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 4
1. There Is an Engineering Problem
• RFC6269, “Issues with IP Address Sharing”– draft-ietf-intarea-shared-addressing-issues– Section 13.1, Abuse Logging and Penalty Boxes
![Page 5: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/5.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 5
RFC6269, Section 13.1
... one user who fails a number of login attempts may block out other users who have not made any previous attempts but who will now fail on their first attempt. ...
![Page 6: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/6.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 6
IP Reputation
Image source: Jason Fesler, Yahoo!
![Page 7: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/7.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 7
Captcha challenge
![Page 8: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/8.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 8
Steps to Success
1. There is a engineering problem– Problem documented in RFC6269, Section 13.1
2. Discuss solutions
3. Engineer the best solution
![Page 9: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/9.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 9
2. Discuss Solutions (1/2)
• Collect proposed solutions• Analyze differences• Recommend best solution
• Previous examples of solution discussions– “Recommendation for a Routing Architecture”,
RFC6115, recommendation: ILNP– “Requirements and Analysis of Media Security
Management Protocols”, RFC5479, recommendation: DTLS-SRTP
![Page 10: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/10.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 10
2. Discuss Solutions (2/2)
• draft-ietf-intarea-nat-reveal-analysis• 8 solutions analyzed:
1. IPID field2. IP option3. Port sets4. ICMP5. TCP option6. PROXY protocol7. Host Identity Protocol (HIP)8. Inject Application Headers (e.g., X-Forwarded-For)
![Page 11: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/11.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 11
Steps to Success
1. There is a engineering problem– Problem documented in RFC6269, Section 13.1
2. Discuss solutions– draft-ietf-intarea-nat-reveal-analysis
3. Engineer the best solution
![Page 12: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/12.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 12
3. Engineer the best solution
• First need consensus on the best solution
• We aren’t yet ready
![Page 13: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/13.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 13
Some Questions for the WG
1. Consensus on problem in RFC6269 §13.1?2. “Just Deploy IPv6”– Does this avoid problem in RFC6269 §13.1?– Current trajectory is 50% IPv6 in 6 years
3. Are there more than 8 solutions? 4. Disagreement that ietf-intarea-nat-reveal-
analysis should recommend a best solution
![Page 14: Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.](https://reader035.fdocuments.us/reader035/viewer/2022072014/56649e945503460f94b98fed/html5/thumbnails/14.jpg)
draft-ietf-intarea-nat-reveal-analysis – IETF84 14
Thank you
draft-ietf-intarea-nat-reveal-analysis