Network Working Group L. Daigle
Internet-Draft Editor
Expires: July 10, 2002 Internet Architecture Board
IAB
January 9, 2002
IAB Considerations for UNilateral Self-Address Fixing (UNSAF)
draft-iab-unsaf-considerations-00.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 10, 2002.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
In order to alleviate the fundamental problem with current NA[P]T
middleboxes altering the relationship between the apparent location
and true identity of endpoints, various proposals have been made for
"UNilateral Self-Address Fixing (UNSAF)" processes. These are
processes whereby some originating process attempts to determine or
fix the address (and port) by which it is known -- e.g., to be able
to use address data in the protocol exchange, or to advertise a
public address from which it will receive connections.
This document outlines the reasons for which these proposals can be
Internet Architecture Board Expires July 10, 2002 [Page 1]
Internet-Draft draft-iab-unsaf-considerations-00 January 2002
considered at best as short term fixes to specific problems, and the
specific issues to be carefully evaluated before creating an UNSAF
proposal.
1. Introduction
As predicted some years ago, the fundamental problem with current
NA[P]T middleboxes is that they alter the relationship between the
apparent location and true identity of endpoints. For some purposes,
endpoints need to know their own apparent location, or fix a public
address from which they will receive packets. "UNilateral Self-
Address Fixing (UNSAF)" is a process whereby some originating process
attempts to determine or fix the address (and port) by which it is
known -- e.g., to be able to use address data in the protocol
exchange, or to advertise a public address from which it will receive
connections.
There are only heuristics and workarounds to attempt to achieve this
effect; there is no 100% solution. Use of these workarounds MUST be
considered transitional in IETF protocols; a better architectural
solution is being sought. The explicit intention is to deprecate any
such workarounds when sound technical approaches are available.
2. Architectural Considerations for UNSAF Systems
Any users of these workarounds should be aware that specific
technical issues that impede the creation of a general solution
include:
o there *is* no unique "outside" to a NAT -- it may be impossible to
tell where the target UNSAF partner is with respect to the source;
how does a client find an appropriate server to reflect its
address?
o specifically because it is impossible to tell where "outside" or
"public" is, an address can only be determined relative to one
specific point in the network. If the UNSAF partner that
reflected a client's address is in a different NAT-masked subnet
from some other service X that the client wishes to use, there is
_no_ guarantee that the client's "perceived" address from the
UNSAF partner would be the same as the address viewed from the
perspective of X.
o absent "middlebox communication (midcom)" there is no usable way
to let incoming communications make their way through a firewall
under proper supervision: that is, respecting the firewall
policies and as opposed to circumventing security mechanisms.
Internet Architecture Board Expires July 10, 2002 [Page 2]
Internet-Draft draft-iab-unsaf-considerations-00 January 2002
o the proposed "ping"-like services create stateful conditions;
there is no guarantee that the state will remain consistent for
the duration of the communication.
o since the reflecting service is not integrated with the middlebox,
it does not really know what the middlebox thinks it is doing and
can only guess in an attempt to use past behavior as a predictor
of future behavior.
o the communication exchange is made more "brittle" by the
introduction of other servers (UNSAF partners) that need to be
reachable in order for the communication to succeed -- more boxes
that are "fate sharing" in the communication.
Work-arounds may mitigate some of these problems through tight
scoping of applicability and specific fixes. For example,
o rather than finding the address from "the" outside of the NAT, the
applicability of the approach may be limited to finding the "self-
address" from a specific service, for use exclusively with that
service;
o limiting the scope to outbound requests for service (or service
initiation).
By distinguishing these approaches as short term fixes, the IAB
believes the following considerations must be explicitly addressed in
any proposal:
o Precise definition of a specific, limited-scope problem that is to
be solved with the UNSAF proposal. A short term fix should not
be generalized to solve other problems; this is why "short term
fixes usually aren't".
o Description of an exit strategy/transition plan. The better short
term fixes are the ones that will naturally see less and less use
as the appropriate technology is deployed.
o Discussion of specific issues that may render systems more
"brittle". For example, approaches that involve using data at
multiple network layers create more dependencies, increase
debugging challenges, and make it harder to transition.
o Identify requirements for longer term, sound technical solutions -
- contribute to the process of finding the right longer term
solution.
Internet Architecture Board Expires July 10, 2002 [Page 3]
Internet-Draft draft-iab-unsaf-considerations-00 January 2002
3. Security Considerations
As a general class of workarounds, as noted above UNSAF proposals may
introduce security holes because, absent "middlebox communication
(midcom)", there is no usable way to let incoming communications make
their way through a firewall under proper supervision: respecting
the firewall policies as opposed to circumventing security
mechanisms.
Authors' Addresses
Leslie Daigle
Editor
Internet Architecture Board
IAB
EMail: iab@iab.org
Appendix A. IAB Members at the time of this writing
Harald Alvestrand
Ran Atkinson
Rob Austein
Fred Baker
Brian Carpenter
Steve Bellovin
Jon Crowcroft
Leslie Daigle
Steve Deering
Sally Floyd
Geoff Huston
John Klensin
Henning Schulzrinne
Internet Architecture Board Expires July 10, 2002 [Page 4]
Internet-Draft draft-iab-unsaf-considerations-00 January 2002
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Internet Architecture Board Expires July 10, 2002 [Page 5]