[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Headers

To: multi6@ops.ietf.org
Subject: Re: Headers
From: Brian E Carpenter <brian@hursley.ibm.com>
Date: Wed, 26 Feb 2003 15:19:25 +0100
Organization: IBM
References: <4DFA4687-48F1-11D7-BF31-000393C52D28@muada.com> <1046254727.717.4.camel@presto.it.uc3m.es>

marcelo bagnulo wrote:
...
> > I would rather have the firewalls take part in the session
> > establishment procedure.
> 
> Wouldn't this preclude fault tolerance? I mean what happens if this path
> is broken and the communication is re-routed through another firewall? I
> mean this would introduce some of the issues of NAT.

Correct, or more generally the issues of any stateful middlebox.
The Internet doesn't have sessions, so middleboxes shouldn't
have session state.

However, it seems likely that any solution will involve either
a header rewrite or an encapsulation process. It is a design
requirement that any distributed state needed for this is soft
state, for the reasom Marcelo gives.

   Brian

Follow-Ups:
- Re: Headers
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Headers
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Headers
  - From: marcelo bagnulo <marcelo@it.uc3m.es>

Prev by Date: Re: Draft: PI addressing derived from AS numbers
Next by Date: Re: Draft: PI addressing derived from AS numbers
Previous by thread: Re: Headers
Next by thread: Re: Headers
Index(es):
- Date
- Thread