Re: [OFF-PATH-BOF] How does an endpoint discover a local policy by DHCP?
Saikat Guha <saikat@cs.cornell.edu> Tue, 19 September 2006 06:08 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPYmY-0005wU-OY; Tue, 19 Sep 2006 02:08:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPYmW-0005ud-LK for off-path-bof@ietf.org; Tue, 19 Sep 2006 02:08:32 -0400
Received: from exchfenlb-2.cs.cornell.edu ([128.84.97.34] helo=exchfe2.cs.cornell.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GPYmV-0002xl-D9 for off-path-bof@ietf.org; Tue, 19 Sep 2006 02:08:32 -0400
Received: from exchfe1.cs.cornell.edu ([128.84.97.27]) by exchfe2.cs.cornell.edu with Microsoft SMTPSVC(6.0.3790.1830); Tue, 19 Sep 2006 02:08:29 -0400
Received: from pit002.cs.cornell.edu ([128.84.223.102]) by exchfe1.cs.cornell.edu over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 19 Sep 2006 02:08:28 -0400
Subject: Re: [OFF-PATH-BOF] How does an endpoint discover a local policy by DHCP?
From: Saikat Guha <saikat@cs.cornell.edu>
To: Scott W Brim <swb@employees.org>
In-Reply-To: <450E90C7.5030701@employees.org>
References: <E6F7A586E0A3F94D921755964F6BE0063FDDBD@EXCHANGE2.cs.cornell.edu> <450E90C7.5030701@employees.org>
Organization: Cornell University
Date: Tue, 19 Sep 2006 02:08:48 -0400
Message-Id: <1158646129.2966.32.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.3 (2.6.3-1.fc5.5)
X-OriginalArrivalTime: 19 Sep 2006 06:08:28.0035 (UTC) FILETIME=[06246D30:01C6DBB2]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca
Cc: off-path-bof@ietf.org
X-BeenThere: off-path-bof@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "BOF: Path-decoupled Signaling for Data" <off-path-bof.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/off-path-bof>, <mailto:off-path-bof-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/off-path-bof>
List-Post: <mailto:off-path-bof@ietf.org>
List-Help: <mailto:off-path-bof-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/off-path-bof>, <mailto:off-path-bof-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0079520154=="
Errors-To: off-path-bof-bounces@ietf.org
On Mon, 2006-09-18 at 08:27 -0400, Scott W Brim wrote: > On 09/18/2006 07:18 AM, Paul Francis allegedly wrote: > > I don't think any of us envisioned that an endpoint would learn policy via > > DHCP. > > Rather, a policy server? If the question is how someone learns of which policy server to use ... Signaling packets go 1) up, 2) across, and 3) down; and the next-hop policy server on each segment is determined differently. 1) UP: Drilling out towards the Internet through multiple layers of firewalls ... a packet (any packet) is sent outwards, a firewall/M-Box intercepts it and responds with an ICMP-like error message that informs the source what policy server to contact for auth. 2) ACROSS: Packet goes from internet-facing firewall of the stack of firewalls for the source to the internet-facing firewall of the recipient. The signaling server for the recipient's domain is resolved over DNS through SRV-type records. 3) DOWN: Drilling down to the destination through multiple firewalls. When the destination registers its presence it creates a chain of registrations to the internet-facing signaling proxy for his domain (chain discovered through the drill-out in #1 above). The signaling packets bound for the destination follow the reverse route of the registration-chain. -- Saikat
_______________________________________________ OFF-PATH-BOF mailing list OFF-PATH-BOF@ietf.org https://www1.ietf.org/mailman/listinfo/off-path-bof
- [OFF-PATH-BOF] How does an endpoint discover a lo… Kylin Wei
- RE: [OFF-PATH-BOF] How does an endpoint discover … Paul Francis
- Re: [OFF-PATH-BOF] How does an endpoint discover … Scott W Brim
- Re: [OFF-PATH-BOF] How does an endpoint discover … Hannes Tschofenig
- RE: [OFF-PATH-BOF] How does an endpoint discover … Paul Francis
- Re: [OFF-PATH-BOF] How does an endpoint discover … Saikat Guha
- RE: [OFF-PATH-BOF] How does an endpoint discover … Kylin Wei
- [OFF-PATH-BOF] Sorry about the spam... Paul Francis