[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-shim6-reach-detect-00.txt

To: "<john.loughney@nokia.com>" <john.loughney@nokia.com>
Subject: Re: I-D ACTION:draft-ietf-shim6-reach-detect-00.txt
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Mon, 25 Jul 2005 11:52:47 +0200
Cc: shim6 <shim6@psg.com>
In-reply-to: <1AA39B75171A7144A73216AED1D7478D6CE9D7@esebe100.NOE.Nokia.com>
References: <1AA39B75171A7144A73216AED1D7478D6CE9D7@esebe100.NOE.Nokia.com>

On 25-jul-2005, at 10:06, <john.loughney@nokia.com> <john.loughney@nokia.com> wrote:

I disagree. If a firewall gets in the way, this can either be because
there is a valid reason, and then sneaking by is bad, or there is no
valid reason, so the firewall should be fixed. Adding additional
complexity and overhead to award people for laziness is very bad.

Detecting that there was a 'failure' due to a firewall is also quite difficult to determine anyhow. The only way would be to compare multiple address pairs and determine in one case it works but in another it doesn't work; and be sure that it wasn't just a transiant failure.

I'm not sure what your point is. Either a firewall lets the shim packets through and then we consider the link working (well, if it does indeed work of course), or it doesn't, and we consider the link not working.

In a pathalogical case it would be possible for an upper layer to fail consistently so it doesn't provide positive advice / provides negative advice all the time so we need to probe reachability more or less continously, but our probes would still make it.

References:
- RE: I-D ACTION:draft-ietf-shim6-reach-detect-00.txt
  - From: <john.loughney@nokia.com>

Prev by Date: RE: I-D ACTION:draft-ietf-shim6-reach-detect-00.txt
Next by Date: RE: I-D ACTION:draft-ietf-shim6-reach-detect-00.txt
Previous by thread: RE: I-D ACTION:draft-ietf-shim6-reach-detect-00.txt
Next by thread: RE: I-D ACTION:draft-ietf-shim6-reach-detect-00.txt
Index(es):
- Date
- Thread