[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CPE equipments and stateful filters

To: Rémi Denis-Courmont <rdenis@simphalempin.com>
Subject: Re: CPE equipments and stateful filters
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 24 Jul 2007 12:52:42 -0500
Cc: Fred Baker <fred@cisco.com>, v6ops@ops.ietf.org
In-reply-to: <200707241931.19400.rdenis@simphalempin.com>
References: <20070723193610.70736233CB@coconut.itojun.org> <319C5A3B-939C-48BD-AF65-93E41F09406B@cisco.com> <200707241931.19400.rdenis@simphalempin.com>

On 24-jul-2007, at 11:31, Rémi Denis-Courmont wrote:

By the way, to amend James's slideset, only UDP really works withICE (or any
form of hole punching), while TCP works to a very-lesser extent, and
everything else does not: DCCP, SCTP, IPsec...


Why?

An important issue about the hole punching is the shape of the hole.If the hole has the shape of a particular transport session, you'renot accomplishing much because you still can't receive arbitraryincoming sessions. If the hole is for a transport session with awildcard at the remote end, you still need to understand thetransports well enough to catch them. If the hole is IP-shaped, lifeis easy but then there are only two flavors: completely closed andcompletely open. That means only hosts that can do all their ownfiltering could safely open up a hole.

Follow-Ups:
- Re: CPE equipments and stateful filters
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>

References:
- CPE equipments and stateful filters
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)
- Re: CPE equipments and stateful filters
  - From: Fred Baker <fred@cisco.com>
- Re: CPE equipments and stateful filters
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>

Prev by Date: Re: [69ATTENDEES] DHCP
Next by Date: Re: An Internet IPv6 Transition Plan
Previous by thread: Re: CPE equipments and stateful filters
Next by thread: Re: CPE equipments and stateful filters
Index(es):
- Date
- Thread