[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evolution of the IP model - ICMP and MTUs
Christian Huitema - Le 8/15/08 10:14 PM :
By 2008, the IETF might recognize that firewalls are here to stay,
that we could just as well forget about ICMP, but that we really need
another solution.
1.
- I agree with you that Firewalls are here to stay (and not only in
hosts themselves where they are more and more an absolute must).
- To avoid too much parasite traffic on radio links, there seems to be
no altarnative to FWs in ISP infrastructures.
2.
On the other hand, forgetting about ICMP altogether would be a
revolution which, IMHO and with available information, would make no
sense. (But if you have more material on the subject, it's of course
worth looking at.)
3.
- How ICMP error messages coming from external realms MUST be treated in
NATs is well proposed in section 4.2.1 of
http://www.ietf.org/internet-drafts/draft-ietf-behave-nat-icmp-08.txt.
- IMHO, firewalls have no reason to act differently.
Regards.
Rémi Després