RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC

[<teemu.savolainen@nokia.com>]

>-----Original Message-----
>From: ext Dan Wing [mailto:dwing@cisco.com] 
>Sent: 24 April, 2009 21:01
>
>> I wonder why the minimum time
>> could not be longer for IPv6? The longer the time the less need to 
>> activate radio for keep-alive sending (on either side of the 
>firewall 
>> btw - consider a case where CPE has wireless WAN). In CGN case short 
>> timeout is understandable due need to save public ports, but that 
>> probably is not an issue in simple IPv6 firewall. So why 
>e.g. not two 
>> hours as for TCP?
>
>Two hours seems a long time to leave your door open.  

True, but my main intent was to ask why the 2 minutes time period was chosen, and not e.g. 100% longer of four minutes. 

>A longer timeout could be negotiated between the the host and 
>its CPE router using whatever protocol exists and becomes a 
>defacto standard on IPv6 networks (e.g., draft-woodyatt-ald, 
>UPnP IGD version 2).

Good point - not only create pinholes for listen sessions, but also for outgoing connections.

Best regards,

	Teemu