Upload
alaina-ball
View
213
Download
1
Embed Size (px)
Citation preview
draft-ietf-intarea-nat-reveal-analysis – IETF84 1
Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in
Shared Address Deployments
draft-ietf-intarea-nat-reveal-analysis-02
IETF84 – August 2012
Authors:Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno
Presenter:Dan Wing
draft-ietf-intarea-nat-reveal-analysis – IETF84 2
Steps to Success
1. There is a engineering problem
2. Discuss solutions
3. Engineer the best solution
draft-ietf-intarea-nat-reveal-analysis – IETF84 3
Steps to Success
1. There is a engineering problem
2. Discuss solutions
3. Engineer the best solution
draft-ietf-intarea-nat-reveal-analysis – IETF84 4
1. There Is an Engineering Problem
• RFC6269, “Issues with IP Address Sharing”– draft-ietf-intarea-shared-addressing-issues– Section 13.1, Abuse Logging and Penalty Boxes
draft-ietf-intarea-nat-reveal-analysis – IETF84 5
RFC6269, Section 13.1
... one user who fails a number of login attempts may block out other users who have not made any previous attempts but who will now fail on their first attempt. ...
draft-ietf-intarea-nat-reveal-analysis – IETF84 6
IP Reputation
Image source: Jason Fesler, Yahoo!
draft-ietf-intarea-nat-reveal-analysis – IETF84 7
Captcha challenge
draft-ietf-intarea-nat-reveal-analysis – IETF84 8
Steps to Success
1. There is a engineering problem– Problem documented in RFC6269, Section 13.1
2. Discuss solutions
3. Engineer the best solution
draft-ietf-intarea-nat-reveal-analysis – IETF84 9
2. Discuss Solutions (1/2)
• Collect proposed solutions• Analyze differences• Recommend best solution
• Previous examples of solution discussions– “Recommendation for a Routing Architecture”,
RFC6115, recommendation: ILNP– “Requirements and Analysis of Media Security
Management Protocols”, RFC5479, recommendation: DTLS-SRTP
draft-ietf-intarea-nat-reveal-analysis – IETF84 10
2. Discuss Solutions (2/2)
• draft-ietf-intarea-nat-reveal-analysis• 8 solutions analyzed:
1. IPID field2. IP option3. Port sets4. ICMP5. TCP option6. PROXY protocol7. Host Identity Protocol (HIP)8. Inject Application Headers (e.g., X-Forwarded-For)
draft-ietf-intarea-nat-reveal-analysis – IETF84 11
Steps to Success
1. There is a engineering problem– Problem documented in RFC6269, Section 13.1
2. Discuss solutions– draft-ietf-intarea-nat-reveal-analysis
3. Engineer the best solution
draft-ietf-intarea-nat-reveal-analysis – IETF84 12
3. Engineer the best solution
• First need consensus on the best solution
• We aren’t yet ready
draft-ietf-intarea-nat-reveal-analysis – IETF84 13
Some Questions for the WG
1. Consensus on problem in RFC6269 §13.1?2. “Just Deploy IPv6”– Does this avoid problem in RFC6269 §13.1?– Current trajectory is 50% IPv6 in 6 years
3. Are there more than 8 solutions? 4. Disagreement that ietf-intarea-nat-reveal-
analysis should recommend a best solution
draft-ietf-intarea-nat-reveal-analysis – IETF84 14
Thank you
draft-ietf-intarea-nat-reveal-analysis