[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt

To: Christian Huitema <huitema@windows.microsoft.com>
Subject: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
From: Pekka Savola <pekkas@netcore.fi>
Date: Mon, 1 Mar 2004 17:19:50 +0200 (EET)
Cc: Marc Blanchet <Marc.Blanchet@viagenie.qc.ca>, <v6ops@ops.ietf.org>
In-reply-to: <DAC3FCB50E31C54987CD10797DA511BA07B33AAB@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>

On Sun, 29 Feb 2004, Christian Huitema wrote:
> > >    a direct path between the endpoints, using the IPv4 services to
> > >    which the endpoints already subscribe. By contrast, the
> configured
> > >    tunnel servers carry all the traffic exchanged by the tunnel
> client.
> > >
> > > <MB> Is "direct path always possible in all cases between Teredo
> nodes?
> > > </MB>
> > 
> > It isn't and this should be reflected here.
> 
> Actually, in the current design either all traffic will go on the direct
> path, or no traffic will be exchanged at all.

It is true that this is an all-traffic/no-traffic issue (the latter 
caused by a flavor of NATs).  But aren't the latter ones, still, by 
definition Teredo nodes?

> > > ...
> > >    by many applications, e.g., networked games or voice over IP. The
> > >    experience shows that most recent "home routers" are designed to
> > >    support these applications. In some edge cases, the automatic
> > >    solutions will require explicit configuration of a port in the
> home
> > >    router, using the so-called "DMZ" functions.
> > >
> > > <MB>only works for one single node. Moreover, it should be noted
> that
> > this
> > > explicit configuration is completly out of the _unmanaged_ goal.
> > >
> > > Suggesting text:
> > > using the so-called "DMZ" functions". These cases are obviously out
> of
> > > scope of the unmanaged network scenario and only work for a single
> node
> > > behind the NAT.
> > > </MB>
> > 
> > Good point.
> 
> I agree that in the absence of automatic support through UPNP, DMZ
> functions are indeed not your typical unmanaged service. But the point
> is at least partially incorrect. First, it is possible in some cases to
> use automatic procedures to "DMZ" a port (e.g., using the UPNP "internet
> gateway device" service). Second, the procedure that absolutely work for
> more than one node -- just pick a different port for each node. 

I'm not sure that UPNP is a solution we can be referring to.
 
> In any case, the work done in the MIDCOM working group shows that the
> number of symmetric NAT in the market is rapidly decreasing. See
> draft-jennings-midcom-stun-results-00.txt

Sigh -- replacing "secure" NAT boxes with "insecure" ones.
Now I'm done -- I said "secure NAT"! :-)

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
  - From: Marc Blanchet <Marc.Blanchet@hexago.com>

References:
- RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
  - From: "Christian Huitema" <huitema@windows.microsoft.com>

Prev by Date: Re: I-D ACTION:draft-ietf-v6ops-6to4-security-01.txt
Next by Date: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Previous by thread: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Next by thread: RE: WG Last Call: draft-ietf-v6ops-unmaneval-01.txt
Index(es):
- Date
- Thread