[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC

To: teemu.savolainen@nokia.com
Subject: Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC
From: Joel Jaeggli <joelja@bogus.com>
Date: Tue, 28 Apr 2009 07:52:28 -0700
Cc: dwing@cisco.com, fred@cisco.com, v6ops@ops.ietf.org, kurtis@kurtis.pp.se, rbonica@juniper.net, Basavaraj.Patil@nokia.com, jouni.korhonen@nsn.com
In-reply-to: <18034D4D7FE9AE48BF19AB1B0EF2729F27F2C964DF@NOK-EUMSG-01.mgdnok.nokia.com>
References: <32129337-7BED-4D7A-AF06-BC5ABB37D994@cisco.com> <18034D4D7FE9AE48BF19AB1B0EF2729F27F2C05DC3@NOK-EUMSG-01.mgdnok.nokia.com> <016701c9c506$97ff5ae0$c5f0200a@cisco.com> <18034D4D7FE9AE48BF19AB1B0EF2729F27F2C964DF@NOK-EUMSG-01.mgdnok.nokia.com>
User-agent: Thunderbird 2.0.0.21 (X11/20090409)


teemu.savolainen@nokia.com wrote:
>> -----Original Message-----
>> From: ext Dan Wing [mailto:dwing@cisco.com] 
>> Sent: 24 April, 2009 21:01
>>
>>> I wonder why the minimum time
>>> could not be longer for IPv6? The longer the time the less need to 
>>> activate radio for keep-alive sending (on either side of the 
>> firewall 
>>> btw - consider a case where CPE has wireless WAN). In CGN case short 
>>> timeout is understandable due need to save public ports,

Having multiple assumed possibilities for timeouts means as an
application developer you can only use the lowest one, at least if you
want your stuff to work.

> but that 
>>> probably is not an issue in simple IPv6 firewall. So why 
>> e.g. not two 
>>> hours as for TCP?
>> Two hours seems a long time to leave your door open.  
> 
> True, but my main intent was to ask why the 2 minutes time period was chosen, and not e.g. 100% longer of four minutes. 
> 
>> A longer timeout could be negotiated between the the host and 
>> its CPE router using whatever protocol exists and becomes a 
>> defacto standard on IPv6 networks (e.g., draft-woodyatt-ald, 
>> UPnP IGD version 2).
> 
> Good point - not only create pinholes for listen sessions, but also for outgoing connections.
> 
> Best regards,
> 
> 	Teemu

Follow-Ups:
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC
  - From: james woodyatt <jhw@apple.com>

References:
- draft-ietf-v6ops-cpe-simple-security-04 WGLC
  - From: Fred Baker <fred@cisco.com>
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC
  - From: <teemu.savolainen@nokia.com>
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC
  - From: "Dan Wing" <dwing@cisco.com>
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC
  - From: <teemu.savolainen@nokia.com>

Prev by Date: RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC
Next by Date: Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC
Previous by thread: RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC
Next by thread: Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC
Index(es):
- Date
- Thread