ietf84 august 2012
Download
Skip this Video
Download Presentation
IETF84 – August 2012

Loading in 2 Seconds...

play fullscreen
1 / 14

IETF84 – August 2012 - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

Analysis of Solution Candidates to Reveal a Host Identifier ( HOST_ID ) in Shared Address Deployments draft- ietf - intarea - nat -reveal-analysis-02. Authors: Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno Presenter: Dan Wing. IETF84 – August 2012.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' IETF84 – August 2012' - haruko


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
ietf84 august 2012

Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deploymentsdraft-ietf-intarea-nat-reveal-analysis-02

Authors:

Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno

Presenter:

  • Dan Wing

IETF84 – August 2012

steps to success
Steps to Success
  • There is a engineering problem
  • Discuss solutions
  • Engineer the best solution
steps to success1
Steps to Success
  • There is a engineering problem
  • Discuss solutions
  • Engineer the best solution
1 there is an engineering problem
1. There Is an Engineering Problem
  • RFC6269, “Issues with IP Address Sharing”
    • draft-ietf-intarea-shared-addressing-issues
    • Section 13.1, Abuse Logging and Penalty Boxes
rfc6269 section 13 1
RFC6269, Section 13.1

... one user who fails a number of login attempts may block out other users who have not made any previous attempts but who will now fail on their first attempt. ...

ip reputation
IP Reputation

Image source: Jason Fesler, Yahoo!

steps to success2
Steps to Success
  • There is a engineering problem
    • Problem documented in RFC6269, Section 13.1
  • Discuss solutions
  • Engineer the best solution
2 discuss solutions 1 2
2. Discuss Solutions (1/2)
  • Collect proposed solutions
  • Analyze differences
  • Recommend best solution
  • Previous examples of solution discussions
    • “Recommendation for a Routing Architecture”, RFC6115, recommendation: ILNP
    • “Requirements and Analysis of Media Security Management Protocols”, RFC5479, recommendation: DTLS-SRTP
2 discuss solutions 2 2
2. Discuss Solutions (2/2)
  • draft-ietf-intarea-nat-reveal-analysis
  • 8 solutions analyzed:
    • IPID field
    • IP option
    • Port sets
    • ICMP
    • TCP option
    • PROXY protocol
    • Host Identity Protocol (HIP)
    • Inject Application Headers (e.g., X-Forwarded-For)
steps to success3
Steps to Success
  • There is a engineering problem
    • Problem documented in RFC6269, Section 13.1
  • Discuss solutions
    • draft-ietf-intarea-nat-reveal-analysis
  • Engineer the best solution
3 engineer the best solution
3. Engineer the best solution
  • First need consensus on the best solution
  • We aren’t yet ready
some questions for the wg
Some Questions for the WG
  • Consensus on problem in RFC6269 §13.1?
  • “Just Deploy IPv6”
    • Does this avoid problem in RFC6269 §13.1?
    • Current trajectory is 50% IPv6 in 6 years
  • Are there more than 8 solutions?
  • Disagreement that ietf-intarea-nat-reveal-analysis should recommend a best solution
thank you

Thank you

draft-ietf-intarea-nat-reveal-analysis

ad