IETF Logo Mail Archive

RE: v6 host load balancing

Changming Liu <cliu@netscreen.com> Thu, 04 March 2004 05:19 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA29001 for <ipv6-archive@odin.ietf.org>; Thu, 4 Mar 2004 00:19:53 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AylGY-0002VA-Gk for ipv6-archive@odin.ietf.org; Thu, 04 Mar 2004 00:19:26 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i245JQtn009610 for ipv6-archive@odin.ietf.org; Thu, 4 Mar 2004 00:19:26 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AylGX-0002Uv-U7 for ipv6-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 00:19:25 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA28920 for <ipv6-web-archive@ietf.org>; Thu, 4 Mar 2004 00:19:22 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AylGV-0005Kc-00 for ipv6-web-archive@ietf.org; Thu, 04 Mar 2004 00:19:23 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AylFW-00055u-00 for ipv6-web-archive@ietf.org; Thu, 04 Mar 2004 00:18:22 -0500
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AylES-0004la-00 for ipv6-web-archive@ietf.org; Thu, 04 Mar 2004 00:17:16 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AylED-0001wN-P2; Thu, 04 Mar 2004 00:17:01 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AylDP-0001vF-Fu for ipv6@optimus.ietf.org; Thu, 04 Mar 2004 00:16:11 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA28818 for <ipv6@ietf.org>; Thu, 4 Mar 2004 00:16:08 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AylDN-0004jR-00 for ipv6@ietf.org; Thu, 04 Mar 2004 00:16:09 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AylCR-0004aB-00 for ipv6@ietf.org; Thu, 04 Mar 2004 00:15:11 -0500
Received: from [63.126.135.18] (helo=mail2.netscreen.com) by ietf-mx with esmtp (Exim 4.12) id 1AylC5-0004Qq-00 for ipv6@ietf.org; Thu, 04 Mar 2004 00:14:49 -0500
Received: from ns-ca.netscreen.com (ns-ca-local [10.100.3.35]) by mail2.netscreen.com (Switch-3.1.3/Switch-3.1.0) with ESMTP id i245EJ9u006267; Wed, 3 Mar 2004 21:14:19 -0800 (PST)
Received: by NS-CA with Internet Mail Service (5.5.2653.19) id <FV1JS07F>; Wed, 3 Mar 2004 21:14:19 -0800
Message-ID: <1B6D4CAFB8CA554EB1A0925685A07DFC0342C6AE@MONTEREY.netscreen.com>
From: Changming Liu <cliu@netscreen.com>
To: 'Dave Thaler ' <dthaler@windows.microsoft.com>, Changming Liu <cliu@netscreen.com>
Cc: "'ipv6@ietf.org '" <ipv6@ietf.org>
Subject: RE: v6 host load balancing
Date: Wed, 03 Mar 2004 21:14:19 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: ipv6-admin@ietf.org
Errors-To: ipv6-admin@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60

Hi Dave,

>If the server is telling the client who to use, then the client is
>connecting out for both the data and the control channels.  If they
>go out different exit points on the client side, there's no problem
>since both connections are initiated from the inside, right?

>Can you elaborate more on what the problematic scenario is?

Sure. In case of FTP data channel, the data connection was opened by the
server by default! This is called active FTP. To get around this problem,
RFC1579 Firewall-Friendly FTP, documents a passive open, in this case, the
client initiates a connection. For more info, please see RFC 1579.

No matter it is active or passive open, the modem stateful will need to open
the "hole" by listening to the control channel for "port" and "pasv"
comamnd. The hole is opened only on the firewall which is dealing the
control channel. If the data channel goes to another file, apparently this
will not work.

FTP is just a classical example of this dynamic port problem that a firewall
needs to deal with. For VoiP apps such H323 and SIP, similar problem exists
as well and even severe. This is because the signalling channel and media
channel are totally different and destination are usually completely
different.


As a firewall/NAT/IDP company we've been struggling with these issues all
the time. It really adds lots of complexity to the system. I just don't want
to get it worse in IPv6, if not better.

Hope this makes sense to you. 

Changming

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email