Hello,
I have a few comments on draft-ietf-intarea-nat-reveal-analysis-02.
In Section 1.1:
"Examples of such issues are listed below:"
"Redirect users with infected machines to a dedicated portal"
Why is this an issue?
"The risk of not mitigating these issues are: OPEX increase for IP"
I suggest expanding "OPEX" on first use.
In Section 2:
"Tomorrow, due to the introduction of CGNs (e.g., NAT44
[RFC3022], NAT64 [RFC6146]), that address will be shared."
Isn't IPv4 shared addresses already in use in the wild?
In Section 2.1:
"A solution to reveal HOST_ID is also needed in IPv6 deployment."
I suggest soliciting feedback from V6OPS about this.
The draft already mentions that the issue is caused by IPv4 address
sharing. It then goes on to suggest that address sharing can be used
for IPv6. That is going to create the same problem there and argue
for the solution mentioned in this draft.
In Section 3.2:
"Requires the client and the server to be HIP-compliant and HIP
infrastructure to be deployed."
What's HIP?
"XFF is de facto standard deployed and supported in operational
networks"
What's XFF?
"From an application standpoint, the TCP Option is superior to XFF/
Forwarded-For since it is not restricted to HTTP."
That doesn't sound like a fair comparison.
"Nevertheless XFF/Forwarded-For is compatible with the presence of
address sharing and load-balancers in the communication path."
What is the meaning of compatible in here?
In Section 4:
"some users realize privacy benefits associated with IP address
sharing, and some may even take steps to ensure that NAT
functionality sits between them and the public Internet."
What are the privacy benefits of IP address sharing?
In skimmed over the appendix. What's "Application Headers"?
This draft would benefit from cross-area review. It needs more work
in my humble opinion.
Regards,
-sm
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area
