Experimental Option for TCP Host Identification

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2014-02-12
Stream (None)
Intended RFC status (None)
Formats pdf htmlized (tools) htmlized bibtex
IETF conflict review conflict-review-williams-exp-tcp-host-id-opt
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                        B. Williams
Internet-Draft                                              Akamai, Inc.
Intended status: Experimental                               M. Boucadair
Expires: August 16, 2014                                  France Telecom
                                                                 D. Wing
                                                     Cisco Systems, Inc.
                                                       February 12, 2014

            Experimental Option for TCP Host Identification


   Recent IETF proposals have identified benefits to more distinctly
   identifying the hosts that are hidden behind a shared address/prefix
   sharing device or application-layer proxy.  Analysis indicates that
   the use of a TCP option for this purpose can be successfully applied
   to a broad range of use cases.  This document describes a common
   experimental TCP option format for host identification.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 16, 2014.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect

Williams, et al.         Expires August 16, 2014                [Page 1]
Internet-Draft       Experimental TCP Host ID Option       February 2014

   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

1.  Introduction

   A broad range of issues associated with address sharing have been
   well documented in [RFC6269] and
   [I-D.boucadair-intarea-host-identifier-scenarios].  In addition,
   [RFC6967] provides analysis of various solutions to the problem of
   revealing the sending hosts's identifier (HOST_ID) information to the
   receiver, which indicates that a solution using a TCP [RFC0793]
   option for this purpose can be successfully applied to a broad range
   of use cases with limited performance impact.

   Multiple recent Internet Drafts define TCP options for the purpose of
   host identification: [I-D.wing-nat-reveal-option],
   [I-D.abdo-hostid-tcpopt-implementation], and
   [I-D.williams-overlaypath-ip-tcp-rfc].  This document defines a
   common TCP option format to meet the needs of all three of the above
   proposals.  This document is self-contained; required information to
   implement the proposed TCP option is specified in this memo.

   The option defined in this document uses the TCP experimental option
   codepoint sharing mechanism defined in [RFC6994] and is intended to
   allow validation of this common option format in order to conduct
   more experimental work that will complement the experiment results
   already documented in [I-D.abdo-hostid-tcpopt-implementation].

   In addition to the extensive testing effort documented in
   [I-D.abdo-hostid-tcpopt-implementation], further experiments will be
   conducted to assess the validity of the following points:

   o  Differentiate between attack and non-attack traffic when the
      source of the attack is hidden behind a NAT (including CGN
      (Carrier Grade NAT) in the Service Provider's network or a NAT in
      a CDN overlay infrastructure).

   o  Enforce per-client policies in the presence of address sharing

   o  Help load-balancing decision-making process at the receiver side
      (e.g. to maintain session affinity in a load-balancing system).

   Section 5 of this document discusses compatibility between this new
   TCP option and existing commonly deployed TCP options.

Williams, et al.         Expires August 16, 2014                [Page 2]
Internet-Draft       Experimental TCP Host ID Option       February 2014
Show full document text