The pitfalls include:
- false positives (dropping unique packets) due to ID wrap before 2MSL
- false positives due to ID being deliberately repeated (e.g., from
cellphones using ID=0 all the time)
- false positives due to colliding use by different sources behind a NAT
that fails to rewrite the ID
Note that only the last example is NAT related. The others are not.
Joe
On 3/30/2011 5:21 AM, Charles E. Perkins wrote:
Hello Teco,
Is it possible that the SMF usage is not vulnerable to
the pitfalls noted in the intarea draft? Usually we
don't picture NAT boxes in the MANET routing paths...
Regards,
Charlie P.
On 3/30/2011 5:01 AM, Teco Boot wrote:
Hi Joe,
The current text in intarea-ipv4-id-update is "no current deployments
are known". I read this as a statement in general. Then, it is not
correct.
I am fine with discouragement of usage of systems that use IP_ID for DPD,
but such systems are around.
Teco
Op 30 mrt 2011, om 13:46 heeft Joe Touch het volgende geschreven:
Hi, Teco,
On 3/30/2011 4:29 AM, Teco Boot wrote:
Sorry for x-posting. But there is a conflict in:
http://tools.ietf.org/html/draft-ietf-manet-smf
http://tools.ietf.org/html/draft-ietf-intarea-ipv4-id-update
SMF has a duplicate packet detection function based on the IPv4
ID field. So text in ietf-intarea-ipv4-id-update section 4
is not correct, in that there would be no deployments for such.
SMF is experimental. When we talk about deployments of duplicate
detection, we're focused on standards-based systems.
Note that ipv4-id-update is standards-track.
That said, SMF deployment with IPv4 DPD on IP-ID would be limited.
What to do?
IMO, recommend H-DPD and change the discussion to explain why the ID
shouldn't be used for DPD (the text is basically already there - it
mentions the idea, but then explains that it's not likely to work
anyway).
Use of the IP ID for this purpose is problematic for a variety of
reasons, which is why ipv4-id-update deprecates use of that field for
that purpose.
Joe
_______________________________________________
manet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/manet
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
