[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on multi6dt documents

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: Comments on multi6dt documents
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Thu, 11 Nov 2004 11:58:49 -0800
Cc: multi6@ops.ietf.org
In-reply-to: <Pine.LNX.4.61.0411111535420.19044@netcore.fi>
References: <Pine.LNX.4.61.0411090232360.29032@netcore.fi> <419112EC.3010706@sun.com> <Pine.LNX.4.61.0411100318430.1264@netcore.fi> <41923BED.9040509@sun.com> <Pine.LNX.4.61.0411111535420.19044@netcore.fi>
User-agent: Mozilla Thunderbird 0.8 (X11/20040916)

Pekka Savola wrote:

Agreed. I wasn't sure of the context, just that IP+EXT+whatever might not do it. Destination options however provide the facilities today for skipping over them without making assumptions; this might not in practice be any better though.


If a firewall is built on the philosophy to be conservative it will not
let anything new through, whether it is a new payload type, a new
option, or whatever.

So, the demux code needs to deal with ICMPv6 address translation. What about other protocols? Do we want to care for the others which might be doing similar things, or we just say 'just do the referral thing'?

What other protocols do you have in mind? We already know things that do explicit QoS setup needs to be locator aware since the routers will see packets containing locators. There might be other signaling protocols that fall in the same category, but they would all be about signaling something to routers or middleboxes.

And we have things that only operate on the locators, such as the routing protocols, hence need no change at all.

And ICMP errors (or other error or informational packets generated by routers) needs special handling.

But I don't see anything else.

Oh - for multicast applications I think the only sensible thing is to use locators. Protocols like RTP already carry an end-to-end ID so it should be fine to rewrite the source IP address field for those without the application being upset, but it is harder to know whether the receivers can undo the rewrite.

The fact this is an ALG in a sense should possibly be stated, with the caveat that we're assuming that there aren't other equally "fundamental" protocols where you shouldn't be required deal with the full referral process.

Why do you wish to confuse things by calling it an ALG? It is a local matter for the implementation how it demuxes ICMP errors. ALGs and NATs make people think of middleboxes which perform transformations which can not be reversed.

   Erik

Follow-Ups:
- Re: Comments on multi6dt documents
  - From: Pekka Savola <pekkas@netcore.fi>

References:
- Comments on multi6dt documents
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: Comments on multi6dt documents
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: Comments on multi6dt documents
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: Comments on multi6dt documents
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: Comments on multi6dt documents
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: Multi6 next steps - consensus call
Next by Date: Re: Multi6 next steps - consensus call
Previous by thread: Re: Comments on multi6dt documents
Next by thread: Re: Comments on multi6dt documents
Index(es):
- Date
- Thread