[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Marc's objections to Teredo (was RE: POLL: Consensus for moving forward with Teredo?)

To: Christian Huitema <huitema@windows.microsoft.com>
Subject: Re: Marc's objections to Teredo (was RE: POLL: Consensus for moving forward with Teredo?)
From: Marc Blanchet <Marc.Blanchet@hexago.com>
Date: Mon, 03 May 2004 10:30:43 -0400
Cc: v6ops@ops.ietf.org
In-reply-to: <DAC3FCB50E31C54987CD10797DA511BA08CB331A@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
References: <DAC3FCB50E31C54987CD10797DA511BA08CB331A@WIN-MSG-10.wingroup.wi ndeploy.ntdev.microsoft.com>

-- Friday, April 30, 2004 14:32:31 -0700 Christian Huitema
<huitema@windows.microsoft.com> wrote/a ecrit:

> I obviously disagree with several of Marc's objections to Teredo:
> 
>> - there are other ways on the table to do nat-traversal.
> 
> Sure. If another solution has clear benefits, it should be standardized
> as well. That is not a reason for not progressing Teredo.

My comment on "other ways to do nat-traversal" was related to the text on
the initial poll:
"there appears to a need which cannot be filled by another mechanism for
Teredo at least in one major Unmanaged scenario."

Let's then rephrase my comment as: I disagree with "which cannot be filled
by another mechanism". 

> 
>> - teredo introduces many security issues, such as very open relays
> that
>> are subject to be used for large scale DDOS
> 
> Uh? Teredo does not actually introduce any "open relay". Each session
> that goes through the relay has to perform an initial 3-ways handshake,
> which makes it very hard to use in a large scale DDOS.
> 
>> - teredo is complex to implement
> 
> Complex to implement is an emotional statement.

that was not emotional at all. I was actually quoting a pretty large
customer who is looking at different transition mechanisms. 

> The assessment of
> complexity in the IETF is "running code", not emotions. There already
> are two independent and interoperable implementations. This meets the
> standard for going to DS.
> 
>> - teredo introduces states and buffering in relays when the first
> packets
>> are sent, which have important issues in implementing.
> 
> "Important issues"? There are exactly the same issues with ARP, or IPv6
> ND. 

no. Since the buffering is done while waiting for the bubble to go all over
the internet and back.

> 
>> - teredo does not work for symmetric NATs and the "fallback" for a
> user in
>> this situation is "no service".
> 
> Uh, no. There are three fallbacks. One is to simply go buy another NAT
> -- most of the modern NAT do work with Teredo, as analyzed in
> draft-jennings-midcom-stun-results-00.txt. The other is to go program
> the Teredo port number in the NAT, using the management interface --
> which is probably OK for the dedicated users. And the third is to obtain
> service by another way.

a user can't do any of these by himself. So he has no service.

Marc.

> 
> -- Christian Huitema
>

References:
- Marc's objections to Teredo (was RE: POLL: Consensus for moving forward with Teredo?)
  - From: "Christian Huitema" <huitema@windows.microsoft.com>

Prev by Date: RE: Teredo and auto-discovery [Re: POLL: Consensus for moving forward with Teredo?]
Next by Date: RE: draft-ietf-v6ops-3gpp-analysis-09.txt / IESG comments on IMS Scenario 1
Previous by thread: Marc's objections to Teredo (was RE: POLL: Consensus for moving forward with Teredo?)
Next by thread: RE: Marc's objections to Teredo (was RE: POLL: Consensus for moving forward with Teredo?)
Index(es):
- Date
- Thread