[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Mon, 09 May 2005 10:56:40 -0700
Cc: Brian E Carpenter <brc@zurich.ibm.com>, shim6 <shim6@psg.com>
In-reply-to: <97497B61-14A3-4E1D-88B3-763E321E11EF@muada.com>
References: <DAC3FCB50E31C54987CD10797DA511BA0E91267F@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <65C9051B-4FD3-4D15-87B3-17645E4E5F08@muada.com> <427F5B18.1030701@zurich.ibm.com> <97497B61-14A3-4E1D-88B3-763E321E11EF@muada.com>
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050323)

Iljitsch van Beijnum wrote:

On 9-mei-2005, at 14:44, Brian E Carpenter wrote:
So unless having potential middlebox implementation compatibility is a great hardship we shouldn't break it.
But I think it will be a great hardship, simply because of IPSEC.
Wouldn't IPsec be just another higher layer protocol to the shim?
Since the address fields are restored to their original state, even AH should work.

Unless Marcelo's DHCP suggestion works, I don't see how a middlebox could ensure that the address fields get restored.

To restore the fields the unmodified host needs to use a ULID which is part of the HBA/CGA set that the middlebox is holding on behalf of the host.

So unless we come up with how a middlebox and DHCP can conspire to make the ULID be restored for the important cases, then the best thing a middlebox shim6 implementation can do is 1-1 IPv6 NAT. No need to touch the transport protocols/port numbers, but the IP address rewrite would mess up at least AH and ESP transport mode, and have other NAT implications.

   Erik

Follow-Ups:
- Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- RE: Middleboxes [Was: Flow label versus Extension header - protocol itself]
  - From: "Christian Huitema" <huitema@windows.microsoft.com>
- Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
Next by Date: shim and IPsec placement [Was: Middleboxes]
Previous by thread: Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
Next by thread: Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]
Index(es):
- Date
- Thread