IETF Logo Mail Archive

RE: v6 host load balancing

"Dave Thaler" <dthaler@windows.microsoft.com> Tue, 30 March 2004 22:41 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA18919 for <ipv6-archive@odin.ietf.org>; Tue, 30 Mar 2004 17:41:02 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8Rjk-0006YH-Hj for ipv6-archive@odin.ietf.org; Tue, 30 Mar 2004 17:29:36 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i245l17F027374 for ipv6-archive@odin.ietf.org; Thu, 4 Mar 2004 00:47:01 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AylhF-00077R-Jb for ipv6-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 00:47:01 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA01516 for <ipv6-web-archive@ietf.org>; Thu, 4 Mar 2004 00:46:58 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AylhC-0003dB-00 for ipv6-web-archive@ietf.org; Thu, 04 Mar 2004 00:46:58 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Aylfe-0003C2-00 for ipv6-web-archive@ietf.org; Thu, 04 Mar 2004 00:45:23 -0500
Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Ayle9-0002lv-00 for ipv6-web-archive@ietf.org; Thu, 04 Mar 2004 00:43:49 -0500
Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Ayle9-0006rz-Ja for ipv6-web-archive@ietf.org; Thu, 04 Mar 2004 00:43:50 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyldN-0005cJ-R6; Thu, 04 Mar 2004 00:43:01 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ayld0-0005Yb-F7 for ipv6@optimus.ietf.org; Thu, 04 Mar 2004 00:42:38 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA00932 for <ipv6@ietf.org>; Thu, 4 Mar 2004 00:42:34 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Aylcx-0002TR-00 for ipv6@ietf.org; Thu, 04 Mar 2004 00:42:35 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Aylba-0002Dg-00 for ipv6@ietf.org; Thu, 04 Mar 2004 00:41:11 -0500
Received: from mail3.microsoft.com ([131.107.3.123]) by ietf-mx with esmtp (Exim 4.12) id 1AylaZ-0001vs-00 for ipv6@ietf.org; Thu, 04 Mar 2004 00:40:07 -0500
Received: from INET-VRS-03.redmond.corp.microsoft.com ([157.54.5.27]) by mail3.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 3 Mar 2004 21:40:02 -0800
Received: from 157.54.5.25 by INET-VRS-03.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 03 Mar 2004 21:39:45 -0800
Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 3 Mar 2004 21:39:43 -0800
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 3 Mar 2004 21:40:34 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1069); Wed, 3 Mar 2004 21:39:41 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7165.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: v6 host load balancing
Date: Wed, 03 Mar 2004 21:39:29 -0800
Message-ID: <C9588551DE135A41AA2626CB6453093707BC9784@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
Thread-Topic: v6 host load balancing
thread-index: AcQBp6u9tjxkpQ1HT0+dLorR06S+1wAAmAvg
From: Dave Thaler <dthaler@windows.microsoft.com>
To: Changming Liu <cliu@netscreen.com>
Cc: ipv6@ietf.org
X-OriginalArrivalTime: 04 Mar 2004 05:39:41.0091 (UTC) FILETIME=[170BEF30:01C401AB]
Content-Transfer-Encoding: quoted-printable
Sender: ipv6-admin@ietf.org
Errors-To: ipv6-admin@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable

> -----Original Message-----
> From: Changming Liu [mailto:cliu@netscreen.com]
> Sent: Thursday, March 04, 2004 2:14 PM
> To: Dave Thaler; Changming Liu
> Cc: 'ipv6@ietf.org '
> Subject: RE: v6 host load balancing
> 
> Hi Dave,
> 
> >If the server is telling the client who to use, then the client is
> >connecting out for both the data and the control channels.  If they
> >go out different exit points on the client side, there's no problem
> >since both connections are initiated from the inside, right?
> 
> >Can you elaborate more on what the problematic scenario is?
> 
> Sure. In case of FTP data channel, the data connection was opened by
the
> server by default! This is called active FTP. To get around this
problem,
> RFC1579 Firewall-Friendly FTP, documents a passive open, in this case,
the
> client initiates a connection. For more info, please see RFC 1579.

Yes I'm aware of both modes.  Since you mentioned the server told the
client
what server to use, I assumed you were talking about passive mode, which

is what I was responding to above.

> No matter it is active or passive open, the modem stateful will need
to
> open
> the "hole" by listening to the control channel for "port" and "pasv"
> comamnd.

You lost me here.  Since the passive open has the connection initiated
by the client, there is no need for the firewall around the client to
open a port based on listening to the control channel, right?

> The hole is opened only on the firewall which is dealing the
> control channel. If the data channel goes to another file, apparently
this
> will not work.

I don't see why not.  It's just another outgoing TCP connection.

> FTP is just a classical example of this dynamic port problem that a
> firewall
> needs to deal with. For VoiP apps such H323 and SIP, similar problem
> exists
> as well and even severe. This is because the signalling channel and
media
> channel are totally different and destination are usually completely
> different.
> 
> 
> As a firewall/NAT/IDP company we've been struggling with these issues
all
> the time. It really adds lots of complexity to the system. I just
don't
> want
> to get it worse in IPv6, if not better.
> 
> Hope this makes sense to you.

Not particularly.  I'm still at the same point I was before where 
elaborating on what the exact scenario that fails is would help.

Thanks,
-Dave

> Changming

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email