IETF Logo Mail Archive

Re: [homegate] HOMENET working group proposal

Dan White <dwhite@olp.net> Thu, 30 June 2011 05:11 UTC

Return-Path: <dwhite@olp.net>
X-Original-To: homegate@ietfa.amsl.com
Delivered-To: homegate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73D9B11E80C8; Wed, 29 Jun 2011 22:11:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.265
X-Spam-Level:
X-Spam-Status: No, score=-3.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oUVqLjCz6Yxo; Wed, 29 Jun 2011 22:11:35 -0700 (PDT)
Received: from pinky.olp.net (pinky2.olp.net [67.217.151.213]) by ietfa.amsl.com (Postfix) with ESMTP id 6C6F811E8127; Wed, 29 Jun 2011 22:11:27 -0700 (PDT)
Received: from quark.olp.net (olp-67-217-144-186.olp.net [67.217.144.186]) by pinky.olp.net (Postfix) with ESMTP id 2304229301A; Thu, 30 Jun 2011 00:11:24 -0500 (CDT)
Received: by quark.olp.net (Postfix, from userid 1000) id D112C7B208F; Thu, 30 Jun 2011 00:11:23 -0500 (CDT)
Date: Thu, 30 Jun 2011 00:11:23 -0500
From: Dan White <dwhite@olp.net>
To: Fernando Gont <fernando@gont.com.ar>
Message-ID: <20110630051123.GD4013@dan.olp.net>
References: <4E0AE696.4020603@piuha.net> <4E0BDCF3.1090003@gont.com.ar>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <4E0BDCF3.1090003@gont.com.ar>
X-OS: Linux quark 2.6.39-1-amd64 x86_64
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: "homegate@ietf.org" <homegate@ietf.org>, IETF Discussion <ietf@ietf.org>
Subject: Re: [homegate] HOMENET working group proposal
X-BeenThere: homegate@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Broadband Home Gateway Discussion <homegate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homegate>, <mailto:homegate-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homegate>
List-Post: <mailto:homegate@ietf.org>
List-Help: <mailto:homegate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homegate>, <mailto:homegate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2011 05:11:35 -0000

On 29/06/11 23:18 -0300, Fernando Gont wrote:
>On 06/29/2011 05:47 AM, Jari Arkko wrote:
>[....]
>> o Service providers are deploying IPv6, and support for IPv6 is
>> increasingly available in home gateway devices. While IPv6 resembles
>> IPv4 in many ways, it changes address allocation principles and allows
>> direct IP addressability and routing to devices in the home from the
>> Internet. This is a promising area in IPv6 that has proved challenging
>> in IPv4 with the proliferation of NAT.
>
>NAT devices involve two related but different issues:
>* address translation
>* an implicit "allow only return traffic" firewall-like functionality

I'll add a 3rd component, which is application protocol mangling.

What's given NAT a particularly bad name in recent years are the
consistently poor SIP ALG implementations in many home routers, along with
IPSEC ALGs, and other ALGs that attempt to fix the problem in the wrong
way.

End-to-end communication might be better approached as the desire to
default to a configuration in which ALGs are no longer necessary, and then
address firewalling separately, which could just as well default to a no
inbound connection policy.

>> o End-to-end communication is both an opportunity and a concern as it
>> enables new applications but also exposes nodes in the internal
>> networks to receipt of unwanted traffic from the Internet. Firewalls
>> that restrict incoming connections may be used to prevent exposure,
>> however, this reduces the efficacy of end-to-end connectivity that
>> IPv6 has the potential to restore.
>
>I personally consider this property of "end-to-end connectivity" as
>"gone". -- among other reasons, because it would require a change of
>mindset. I'm more of the idea that people will replicate the
>architecture of their IPv4 networks with IPv6, in which end-systems are
>not reachable from the public Internet.

Home networks are bound to grow complex quite quickly. There's certainly
value in using a model that residential users are familiar with, but it
should be balanced by the inevitable need to address complexity that will
outgrow the ability of many users to manage.

A typically complex home network in the near future might be: alarm
systems, utility and environmental monitoring, lifeline SIP service (911),
Super Bowl broadcasts, etc., all connected via one home gateway device,
which may have several outsourced/managed devices installed behind it.

Having a simpler demarcation-like gateway device, which defers a lot of
that complexity to other components in the network (such as end-to-end
security), should go a long way in providing a sustainable model.

-- 
Dan White

v2.23.0 | Report a Bug | By Email