IETF Logo Mail Archive

RE: [Mip6] Review of draft-ietf-mip6-firewalls-00.txt (with referenceto draft-chen-mip6-gprs-02.txt)

Franck.Le@nokia.com Tue, 26 October 2004 20:04 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA09739 for <mip6-web-archive@ietf.org>; Tue, 26 Oct 2004 16:04:36 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CMXmL-0003xV-Tg for mip6-web-archive@ietf.org; Tue, 26 Oct 2004 16:18:50 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CMXN6-0002z9-PR; Tue, 26 Oct 2004 15:52:44 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CMXLF-00026o-Fr for mip6@megatron.ietf.org; Tue, 26 Oct 2004 15:50:49 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08287 for <mip6@ietf.org>; Tue, 26 Oct 2004 15:50:47 -0400 (EDT)
From: Franck.Le@nokia.com
Received: from mgw-x3.nokia.com ([131.228.20.26]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CMXYw-0003cP-MV for mip6@ietf.org; Tue, 26 Oct 2004 16:05:00 -0400
Received: from esdks002.ntc.nokia.com (esdks002.ntc.nokia.com [172.21.138.121]) by mgw-x3.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i9QJofw14646; Tue, 26 Oct 2004 22:50:45 +0300 (EET DST)
X-Scanned: Tue, 26 Oct 2004 22:48:34 +0300 Nokia Message Protector V1.3.31 2004060815 - RELEASE
Received: (from root@localhost) by esdks002.ntc.nokia.com (8.12.9/8.12.9) id i9QJmYZA021536; Tue, 26 Oct 2004 22:48:34 +0300
Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks002.ntc.nokia.com 00m5gQQK; Tue, 26 Oct 2004 22:48:33 EEST
Received: from daebh001.NOE.Nokia.com (daebh001.americas.nokia.com [10.241.35.121]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i9QJmVa20313; Tue, 26 Oct 2004 22:48:31 +0300 (EET DST)
Received: from daebe007.NOE.Nokia.com ([10.241.35.107]) by daebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Tue, 26 Oct 2004 14:48:18 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Mip6] Review of draft-ietf-mip6-firewalls-00.txt (with referenceto draft-chen-mip6-gprs-02.txt)
Date: Tue, 26 Oct 2004 14:48:18 -0500
Message-ID: <57A26D272F67A743952F6B4371B8F811017CA9C0@daebe007.americas.nokia.com>
Thread-Topic: [Mip6] Review of draft-ietf-mip6-firewalls-00.txt (with referenceto draft-chen-mip6-gprs-02.txt)
Thread-Index: AcS7fmyDJJ7eFdTSQDmVmt4jZlPL6QAFV5Tw
To: kempf@docomolabs-usa.com, mip6@ietf.org
X-OriginalArrivalTime: 26 Oct 2004 19:48:18.0873 (UTC) FILETIME=[BDE5E290:01C4BB94]
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17
Content-Transfer-Encoding: quoted-printable
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
Content-Transfer-Encoding: quoted-printable

Hello James,

Thank you for the clarifications.

> If you want to make it clearer, would you have any suggestion?
> 
> jak>> Draft-chen takes each individual case and examines it 
> in detail. For
> example, Section 4.1.1.1:
[...] 
> I think it would be more helpful for readers to understand 
> the problem if
> each case (MN inside behind firewall and HA outside, MN outside and HA
> inside, etc.) were analyzed individually to the same level of 
> detail as in
> draft-chen and Section 3.1.1.
> jak>>>(end)

Ok. In the next version of the draft, we will try to follow your suggestion to make the description of the problem clearer.

> For the other scenarios you pointed out, I agree with you. 
> They are not in
> the scope of the document. We described some of the issues, 
> and specifically
> focused on the basic ones. I will add an explicit statement 
> in the document
> to explain that the scenarios you mentioned are not included.
> 
> jak>>> I'm not clear what you mean. Is this document intended to be a
> comprehensive exploration of the problems involved in 
> firewall interaction
> with MIPv6 or not? If not, then we clearly need another document that
> explores the problems this one doesn't.

The initial intent of the document was not to list all the possible problems between the Mobile IPv6 protocol and firewalls, but to describe the main ones. However we could include the scenarios you just described in the next version of the draft.
 
> > Section 3.2.2, Paragraph 10: The discussion doesn't consider
> > the distinction
> > between a TCP and UDP session. Earlier in the text, the
> > description of the
> > state maintained in the firewall implies a distinction. But
> > if a MIPv6 host
> > is receiving TCP packets tunneled from the HA, then the
> > firewall state will
> > be for UDP (presuming it is set up at all). The firewall
> > timers for UDP may
> > interact negatively with the MN's TCP timeouts, and there 
> may be other
> > problems.
> 
> Can you please clarify what you mean?
> 
> jak>>> Sorry, I wasn't thinking clearly here. Obviously, the 
> firewall will
> step over the IP packet header and set up the proper state 
> for TCP. There's
> only an issue if a UDP tunnel is used, such as would be the 
> case for IPsec,
> and even in that case, it's not clear how serious the problem 
> would be.
> jak>>>(end)
> 
> jak>> Hope that helps.

Yes, thank you.

Franck

_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6

v2.23.0 | Report a Bug | By Email