[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

From: fred@cisco.com
Date: 28 Apr 2007 23:10:31 -0700
Bcc:
In-reply-to: <CF278F61-4C88-4C01-A8AC-0B2E77D8FD7C@apple.com>

References: <E1H56s6-0007us-HB@stiedprstage1.ietf.org> <200704111052.05934@auguste.remlab.net> <F26D69F6-8BEE-4D3D-A5B4-C730E9975DA1@apple.com> <200704112214.30985@auguste.remlab.net> <F65A3EA3-3E07-4C63-A4FF-C94832D556FC@apple.com> <70C6EFCDFC8AAD418EF7063CD132D06404352E36@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> <200704130208.l3D28UWs017668@cichlid.raleigh.ibm.com> <F7359BE1-601E-4047-AC44-8653872303E2@apple.com> <20070415095925.28786098.ipng@69706e6720323030352d30312d31340a.nosense.org> <406C954E-B2D4-4EE0-904F-12C65902EA13@apple.com> <20070417061641.6df36300.ipng@69706e6720323030352d30312d31340a.nosense.org> <D9E32C70-B89D-4417-8340-38C79657F6A9@apple.com> <46248630.8020804@zurich.ibm.com> <courier.46248EB6.00006E0C@softhome.net> <1F310BCB-2EE0-441B-BB2F-67DF3EA6ABF4@apple.com> <AC0FBA28-A14B-466E-B1D6-16E4F4EB2036@muada.com> <1139442A-99C2-458D-A7ED-0833D3CFE358@apple.com> <0829DAE3-60A9-4918-8834-715B93665D39@muada.com> <02bd01c783b9$959b7490$c0d25db0$@net> <" C 118670B-0796-41EE-8D7F -5BA88D885255"@apple.com> <013201c7884a$ddd093e0$9971bba0$@net> <CF278F61-4C88-4C01-A8AC-0B2E77D8FD7C@apple.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <96847E97-3DED-45A6-A9D2-805C4C9BF6EE@cisco.com>
Cc: IETF V6OPS WG <v6ops@ops.ietf.org>
Content-Transfer-Encoding: 7bit
From: Fred Baker <fred@cisco.com>
Subject: Re: application listener discovery in the presence of stateful firewalls
Date: Sat, 28 Apr 2007 23:10:31 -0700
To: james woodyatt <jhw@apple.com>

On Apr 26, 2007, at 6:34 PM, james woodyatt wrote:

> My biggest worry about IPv6 is that transition may be slowed or  
> even halted because of the basic problem that applications which  
> work over IPv4/NAT today can't be made to work over IPv6 too,  
> without still deploying ALG's everywhere and/or developing the  
> moral equivalent of UPnP IGD and NAT-PMP (minus the UNSAF aspect).

I find that a surprising statement. Maybe you can fill me in?

if an application resides in two systems on the same LAN, or in two  
systems behind the same ALG, they demonstrably don't need the ALG to  
operate. So what the ALG does is enable them to transit a firewall or  
other barrier that the protocol will not.

What would those be?

I can think of some that are erected for administrative reasons.  
Examples include SIP Proxies, which in a NAT world provide a NAT  
traversal strategy and in a stateful firewall world provide the  
transit of the stateful firewall. Since a stateful firewall generally  
allows an interior system to send a datagram out and get a datagram  
in response, these would be about letting a datagram *in* under the  
right circumstances. I'll conjecture that in many cases it might be  
accomplished by triggering the interior device to send a datagram out.

What *other* ALGs do you see?

References:
- application listener discovery in the presence of stateful firewalls
  - From: james woodyatt <jhw@apple.com>

Prev by Date: RE: OK, we need a draft...
Next by Date: draft-ietf-v6ops-rfc3330-for-ipv6 WGLC
Previous by thread: Re: application listener discovery in the presence of stateful firewalls
Next by thread: Re: The argument for writing a general purpose NAT for IPv6
Index(es):
- Date
- Thread