Re: [BEHAVE] [v6ops] protocols without need for ALG ?
Joe Touch <touch@isi.edu> Thu, 30 July 2015 21:25 UTC
Return-Path: <touch@isi.edu>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B38111ACD83; Thu, 30 Jul 2015 14:25:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqoqHQeQKH3a; Thu, 30 Jul 2015 14:25:51 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97FAF1ACD36; Thu, 30 Jul 2015 14:25:51 -0700 (PDT)
Received: from [128.9.160.211] (mul.isi.edu [128.9.160.211]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id t6ULOUeR024306 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 30 Jul 2015 14:24:31 -0700 (PDT)
To: Owen DeLong <owen@delong.com>, Toerless Eckert <eckert@cisco.com>
References: <20150730205806.GI1667@cisco.com> <33A0B18B-5C9D-4DC3-9E0B-736D7ECA404F@delong.com>
From: Joe Touch <touch@isi.edu>
X-Enigmail-Draft-Status: N1110
Message-ID: <55BA960E.7010700@isi.edu>
Date: Thu, 30 Jul 2015 14:24:30 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <33A0B18B-5C9D-4DC3-9E0B-736D7ECA404F@delong.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <http://mailarchive.ietf.org/arch/msg/behave/dCLPTiRaovOrqics-n5SCde8lmY>
Cc: v6ops@ietf.org, behave@ietf.org, touch@isi.edu
Subject: Re: [BEHAVE] [v6ops] protocols without need for ALG ?
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/behave/>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2015 21:25:52 -0000
On 7/30/2015 2:07 PM, Owen DeLong wrote: > >> On Jul 30, 2015, at 13:58 , Toerless Eckert <eckert@cisco.com> wrote: >> >> For autonomic networking (ANIMA WG), we are planning to rely only on IPv6 for initial >> autonomic connectivity, and the question of connecting this (at least initially) >> to IPv4 only NOC equipment came up. Alas, IPv6 support in transport seems to be still >> weak on a range of commonly used NOC tools. >> >> If i understand the NAT RFCs and behave output correctly, we primaerily >> want ALGs to go the way of the dodo, NATs too, if we're taking requests... ... >> Wrt to what seems to be important between NOC and network devices: >> >> FTP - NOK (requires ALG) - IMHO not a problem > > FTP should be long deprecated for the most part anyway, however, PASV > mode FTP (if you must use FTP) should be OK without need of an ALG. FTP has security problems but anonymous mode access to files is still used. As noted, PASV avoids the need for ALG in-band address translation. All the listed protocols should be OK if the client is behind the NAT (as noted) *or* if the NAT is configured to forward those services to a particular private-side host. Other ALG protocols not on your list: web: HTTP (mostly to hijack initial login screens, somtimes to insert tracking or ads) teleconferencing/media: Apple iChat H.323 MGCP (media gateway) RTSP (realtime streaming) SCCP (Cisco call signalling) SIP remote functions: RPC (Sun, Microsoft) SQL tunneling: PPTP ---
- Re: [BEHAVE] [v6ops] protocols without need for A… Owen DeLong
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch
- Re: [BEHAVE] [v6ops] protocols without need for A… Owen DeLong
- Re: [BEHAVE] [v6ops] protocols without need for A… Mikael Abrahamsson
- Re: [BEHAVE] [v6ops] protocols without need for A… Mikael Abrahamsson
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch
- Re: [BEHAVE] [v6ops] protocols without need for A… Ca By
- Re: [BEHAVE] [v6ops] protocols without need for A… Brian E Carpenter
- Re: [BEHAVE] [v6ops] protocols without need for A… STARK, BARBARA H
- [BEHAVE] protocols without need for ALG ? Toerless Eckert
- Re: [BEHAVE] [v6ops] protocols without need for A… Toerless Eckert
- Re: [BEHAVE] [v6ops] protocols without need for A… Mark Smith
- Re: [BEHAVE] [v6ops] protocols without need for A… Toerless Eckert
- Re: [BEHAVE] [v6ops] protocols without need for A… Heatley, Nick
- Re: [BEHAVE] [v6ops] protocols without need for A… Heatley, Nick
- Re: [BEHAVE] [v6ops] protocols without need for A… 🔓Dan Wing
- Re: [BEHAVE] [v6ops] protocols without need for A… Senthil Sivakumar (ssenthil)
- Re: [BEHAVE] [v6ops] protocols without need for A… Tore Anderson
- Re: [BEHAVE] protocols without need for ALG ? Michael Richardson
- Re: [BEHAVE] [v6ops] protocols without need for A… Mark Smith
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch
- Re: [BEHAVE] [v6ops] protocols without need for A… Mark Smith
- Re: [BEHAVE] [v6ops] protocols without need for A… Toerless Eckert
- Re: [BEHAVE] [v6ops] protocols without need for A… Tore Anderson
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch
- Re: [BEHAVE] protocols without need for ALG ? ietfdbh
- Re: [BEHAVE] [v6ops] protocols without need for A… Mark Andrews
- Re: [BEHAVE] [v6ops] protocols without need for A… Joe Touch