Ietf84 august 2012
Download
1 / 14

IETF84 – August 2012 - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

Analysis of Solution Candidates to Reveal a Host Identifier ( HOST_ID ) in Shared Address Deployments draft- ietf - intarea - nat -reveal-analysis-02. Authors: Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno Presenter: Dan Wing. IETF84 – August 2012.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' IETF84 – August 2012' - haruko


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ietf84 august 2012

Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deploymentsdraft-ietf-intarea-nat-reveal-analysis-02

Authors:

Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno

Presenter:

  • Dan Wing

IETF84 – August 2012


Steps to success
Steps to Success (

  • There is a engineering problem

  • Discuss solutions

  • Engineer the best solution


Steps to success1
Steps to Success (

  • There is a engineering problem

  • Discuss solutions

  • Engineer the best solution


1 there is an engineering problem
1. There Is an Engineering Problem (

  • RFC6269, “Issues with IP Address Sharing”

    • draft-ietf-intarea-shared-addressing-issues

    • Section 13.1, Abuse Logging and Penalty Boxes


Rfc6269 section 13 1
RFC6269 (, Section 13.1

... one user who fails a number of login attempts may block out other users who have not made any previous attempts but who will now fail on their first attempt. ...


Ip reputation
IP Reputation (

Image source: Jason Fesler, Yahoo!


Captcha challenge
Captcha ( challenge


Steps to success2
Steps to Success (

  • There is a engineering problem

    • Problem documented in RFC6269, Section 13.1

  • Discuss solutions

  • Engineer the best solution


2 discuss solutions 1 2
2. Discuss (Solutions (1/2)

  • Collect proposed solutions

  • Analyze differences

  • Recommend best solution

  • Previous examples of solution discussions

    • “Recommendation for a Routing Architecture”, RFC6115, recommendation: ILNP

    • “Requirements and Analysis of Media Security Management Protocols”, RFC5479, recommendation: DTLS-SRTP


2 discuss solutions 2 2
2. Discuss (Solutions (2/2)

  • draft-ietf-intarea-nat-reveal-analysis

  • 8 solutions analyzed:

    • IPID field

    • IP option

    • Port sets

    • ICMP

    • TCP option

    • PROXY protocol

    • Host Identity Protocol (HIP)

    • Inject Application Headers (e.g., X-Forwarded-For)


Steps to success3
Steps to Success (

  • There is a engineering problem

    • Problem documented in RFC6269, Section 13.1

  • Discuss solutions

    • draft-ietf-intarea-nat-reveal-analysis

  • Engineer the best solution


3 engineer the best solution
3. Engineer the best solution (

  • First need consensus on the best solution

  • We aren’t yet ready


Some questions for the wg
Some Questions for the WG (

  • Consensus on problem in RFC6269 §13.1?

  • “Just Deploy IPv6”

    • Does this avoid problem in RFC6269 §13.1?

    • Current trajectory is 50% IPv6 in 6 years

  • Are there more than 8 solutions?

  • Disagreement that ietf-intarea-nat-reveal-analysis should recommend a best solution


Thank you

Thank you (

draft-ietf-intarea-nat-reveal-analysis


ad