Re: [BEHAVE] [v6ops] protocols without need for ALG ?
Mark Smith <markzzzsmith@gmail.com> Fri, 31 July 2015 23:45 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B1571ACCFB; Fri, 31 Jul 2015 16:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5TXbt0vgwu4N; Fri, 31 Jul 2015 16:45:43 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7FE81ACCF4; Fri, 31 Jul 2015 16:45:43 -0700 (PDT)
Received: by iodd187 with SMTP id d187so99855310iod.2; Fri, 31 Jul 2015 16:45:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=WZATmvRdK9x4BzUljz3+Y/cS+x5yAutmbSzMqTIHHew=; b=RUCcxQ/mKN824quzhEAB1rfldNBEf/UmowzQ8mx+R72qFYr88I9WLqxgHsYbm0cdbM BNbus8ibUr+XBwb9ZtBD6QRTFvOx6/nDx4mgmPseIAeOHmwuwQdIJ/AqYE+MWOvLqbTF EgetUNtB1+B/8VDfSCptbnVhXUW61glus+MMzOJeBo1j6AQkQhHr6A4CAePxwLjZcQKy 4Oc6d+VBWJ6Lon+NREkyw2f/EMCkOME1JZqZKQFmEQX3a6PMJmhHNzmmIxSOnFCEp5ms WJP79SYw/H5t4xhWOk4s5kLvG+WfE6hz0VWhU0aooWYGyb796crqXBg4DaW9R5RSFpvC a9bg==
X-Received: by 10.107.134.83 with SMTP id i80mr9209178iod.123.1438386343083; Fri, 31 Jul 2015 16:45:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.169.143 with HTTP; Fri, 31 Jul 2015 16:45:13 -0700 (PDT)
In-Reply-To: <D99CCE3A-B396-4ED3-96BD-E9A9E92B2EDE@isi.edu>
References: <20150730205806.GI1667@cisco.com> <33A0B18B-5C9D-4DC3-9E0B-736D7ECA404F@delong.com> <alpine.DEB.2.02.1507310706240.11810@uplift.swm.pp.se> <CAO42Z2zH4A71B82TL3=tbagqXU1mbnt4eMDFGmuVa94gAj2-vA@mail.gmail.com> <6536E263028723489CCD5B6821D4B21303EEFB81@UK30S005EXS06.EEAD.EEINT.CO.UK> <D99CCE3A-B396-4ED3-96BD-E9A9E92B2EDE@isi.edu>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sat, 01 Aug 2015 09:45:13 +1000
Message-ID: <CAO42Z2zy4MjGyHYAoRnV3-G_Y3qELHtEpL+c+eOH3h05w3rXmQ@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/behave/KYvj6XTw4nEZfxl6-rHl1VONGbQ>
Cc: "behave@ietf.org" <behave@ietf.org>, v6ops list <v6ops@ietf.org>, "Heatley, Nick" <nick.heatley@ee.co.uk>, Mikael Abrahamsson <swmike@swm.pp.se>
Subject: Re: [BEHAVE] [v6ops] protocols without need for ALG ?
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/behave/>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2015 23:45:45 -0000
On 31 July 2015 at 23:21, Joe Touch <touch@isi.edu> wrote: > TFTP servers are typically reached at UDP port 69. > > It does not use ports or addresses in-band and thus should not need an ALG. Hmm, to my mind, an "ALG" is necessary if something about the protocol needs to be understood e.g., look for/change in-band ports or addresses, and possibly set up corresponding state or temporary access list/firewall permissions for related traffic. In the case of TFTP, it is the "TID"s: "The transfer identifiers (TID's) used by TFTP are passed to the Datagram layer to be used as ports; therefore they must be between 0 and 65,535. The initialization of TID's is discussed in the section on initial connection protocol." " A requesting host chooses its source TID as described above, and sends its initial request to the known TID 69 decimal (105 octal) on the serving host. The response to the request, under normal operation, uses a TID chosen by the server as its source TID and the TID chosen for the previous message by the requestor as its destination TID. The two chosen TID's are then used for the remainder of the transfer." I think a server could choose to continue to use 69 as its TID for the full transfer, however in my case it didn't. I still remember it today because I was only able to get around the unpredictable TID selection on both ends by using just host IP addresses, which had some risks because it was a very coarse way of selecting "interesting" dial-on-demand traffic to hold the link up. So if in Toerless's scenario it is stateless 1:1 translation between IPv4 and IPv6, then I don't think an ALG would be necessary for TFTP. However, if the translation is stateful because translation between IPv4 and IPv6 isn't 1:1, then I think an ALG is necessary to set up a mapping of some form. Regards, Mark. > > Joe > > On Jul 31, 2015, at 12:23 AM, Heatley, Nick <nick.heatley@ee.co.uk> wrote: > > Same for me. > > > > From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Mark Smith > Sent: 31 July 2015 06:40 > To: Mikael Abrahamsson > Cc: v6ops list; behave@ietf.org > Subject: Re: [v6ops] protocols without need for ALG ? > > > > > On 31 Jul 2015 3:11 pm, "Mikael Abrahamsson" <swmike@swm.pp.se> wrote: >> >> On Thu, 30 Jul 2015, Owen DeLong wrote: >> >>>> SSH/SCP - OK >>>> syslog - OK >>>> TFTP - OK ? >>> >>> >>> Should be OK, depending on which side is client. (client has to be the >>> private address/translated side of the connection). >> >> >> There are ALGs for TFTP from multiple vendors, and I seem to remember I >> had problem performing TFTP download from behind a NAT, but I could be >> mistaken. This should be investigated further. >> > > I'm pretty sure you'd need an ALG for TFTP over NAT, as the file transfer > itself takes place over unspecified and unpredictable ports. This caused me > some grief in the past when trying to have a TFTP file transfer hold up a > dial on demand link. > > Regards, > Mark. > >> -- >> Mikael Abrahamsson email: swmike@swm.pp.se >> >> >> _______________________________________________ >> v6ops mailing list >> v6ops@ietf.org >> https://www.ietf.org/mailman/listinfo/v6ops > > NOTICE AND DISCLAIMER > This e-mail (including any attachments) is intended for the above-named > person(s). If you are not the intended recipient, notify the sender > immediately, delete this email from your system and do not disclose or use > for any purpose. > > We may monitor all incoming and outgoing emails in line with current > legislation. We have taken steps to ensure that this email and attachments > are free from any virus, but it remains your responsibility to ensure that > viruses do not adversely affect you. > > EE Limited > Registered in England and Wales > Company Registered Number: 02382161 > Registered Office Address: Trident Place, Mosquito Way, Hatfield, > Hertfordshire, AL10 9BW > > > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- Re: [BEHAVE] [v6ops] protocols without need for A… Owen DeLong
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch
- Re: [BEHAVE] [v6ops] protocols without need for A… Owen DeLong
- Re: [BEHAVE] [v6ops] protocols without need for A… Mikael Abrahamsson
- Re: [BEHAVE] [v6ops] protocols without need for A… Mikael Abrahamsson
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch
- Re: [BEHAVE] [v6ops] protocols without need for A… Ca By
- Re: [BEHAVE] [v6ops] protocols without need for A… Brian E Carpenter
- Re: [BEHAVE] [v6ops] protocols without need for A… STARK, BARBARA H
- [BEHAVE] protocols without need for ALG ? Toerless Eckert
- Re: [BEHAVE] [v6ops] protocols without need for A… Toerless Eckert
- Re: [BEHAVE] [v6ops] protocols without need for A… Mark Smith
- Re: [BEHAVE] [v6ops] protocols without need for A… Toerless Eckert
- Re: [BEHAVE] [v6ops] protocols without need for A… Heatley, Nick
- Re: [BEHAVE] [v6ops] protocols without need for A… Heatley, Nick
- Re: [BEHAVE] [v6ops] protocols without need for A… 🔓Dan Wing
- Re: [BEHAVE] [v6ops] protocols without need for A… Senthil Sivakumar (ssenthil)
- Re: [BEHAVE] [v6ops] protocols without need for A… Tore Anderson
- Re: [BEHAVE] protocols without need for ALG ? Michael Richardson
- Re: [BEHAVE] [v6ops] protocols without need for A… Mark Smith
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch
- Re: [BEHAVE] [v6ops] protocols without need for A… Mark Smith
- Re: [BEHAVE] [v6ops] protocols without need for A… Toerless Eckert
- Re: [BEHAVE] [v6ops] protocols without need for A… Tore Anderson
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch
- Re: [BEHAVE] protocols without need for ALG ? ietfdbh
- Re: [BEHAVE] [v6ops] protocols without need for A… Mark Andrews
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch