[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]

To: Jari Arkko <jari.arkko@piuha.net>
Subject: Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
From: Pekka Savola <pekkas@netcore.fi>
Date: Fri, 28 Oct 2005 15:24:07 +0300 (EEST)
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, shim6 <shim6@psg.com>
In-reply-to: <43621798.5020707@piuha.net>
References: <6.2.0.14.2.20051019141040.02a44d08@kahuna.telstra.net> <41F269FF-548A-482D-93A9-A958D337EEA9@muada.com> <Pine.LNX.4.64.0510281245280.21479@netcore.fi> <ba2c17041e110720a9b4bd52389c807e@it.uc3m.es> <Pine.LNX.4.64.0510281333530.22300@netcore.fi> <1976F495-AE26-4D7A-A858-B179B58E8EF8@muada.com> <Pine.LNX.4.64.0510281457080.24084@netcore.fi> <591261D4-8BDF-4DC4-9119-AE5E3048EB8B@muada.com> <43621798.5020707@piuha.net>

On Fri, 28 Oct 2005, Jari Arkko wrote:

But if that's true: all the more reason to support suppressing the shimheader for rewritten packets. :-)
The same said firewalls could be dropping packets that are part
of a TCP stream that was not initiated through this firewall...

1) tcp stream could have been initiated through the firewall -- alldepends on the firewalls placement

2) if there are multiple, they often have methods to sync their rulesand state.

3) the fw could have policies which are lax enough "allow tcpestablished" which is often the case if 2) cannot apply.


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Design decisions made at the interim SHIM6 WG meeting
  - From: Geoff Huston <gih@apnic.net>
- Re: Design decisions made at the interim SHIM6 WG meeting
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Design decisions made at the interim SHIM6 WG meeting
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: Design decisions made at the interim SHIM6 WG meeting
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
  - From: Jari Arkko <jari.arkko@piuha.net>

Prev by Date: Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
Next by Date: Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
Previous by thread: Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
Next by thread: Re: Shim-header in every re-located packet [Re: Design decisions made at the interim SHIM6 WG meeting]
Index(es):
- Date
- Thread