IETF Logo Mail Archive

Re: [nat66] Comments on draft-mrw-nat66-12

james woodyatt <jhw@apple.com> Wed, 16 March 2011 01:40 UTC

Return-Path: <jhw@apple.com>
X-Original-To: nat66@core3.amsl.com
Delivered-To: nat66@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CEFE3A6A7E for <nat66@core3.amsl.com>; Tue, 15 Mar 2011 18:40:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.485
X-Spam-Level:
X-Spam-Status: No, score=-104.485 tagged_above=-999 required=5 tests=[AWL=-1.886, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oQqkbNTvZBD6 for <nat66@core3.amsl.com>; Tue, 15 Mar 2011 18:40:58 -0700 (PDT)
Received: from mail-out.apple.com (crispin.apple.com [17.151.62.50]) by core3.amsl.com (Postfix) with ESMTP id 939D13A6A6F for <nat66@ietf.org>; Tue, 15 Mar 2011 18:40:58 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"
Received: from relay11.apple.com ([17.128.113.48]) by localhost.apple.com (Oracle Communications Messaging Exchange Server 7u4-20.01 64bit (built Nov 21 2010)) with ESMTP id <0LI400EWXNEMWO10@localhost.apple.com> for nat66@ietf.org; Tue, 15 Mar 2011 18:42:24 -0700 (PDT)
X-AuditID: 11807130-b7b5eae000005ccb-92-4d80158069b6
Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay11.apple.com (Apple SCV relay) with SMTP id C7.18.23755.085108D4; Tue, 15 Mar 2011 18:42:24 -0700 (PDT)
Received: from [17.193.15.152] by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0LI40015SNEOAX20@et.apple.com> for nat66@ietf.org; Tue, 15 Mar 2011 18:42:24 -0700 (PDT)
From: james woodyatt <jhw@apple.com>
In-reply-to: <4C14147C-03C5-48BC-A182-55DB298F2113@cisco.com>
Date: Tue, 15 Mar 2011 18:42:23 -0700
Message-id: <B647DC46-D255-407E-B67B-A3C630E8B0BA@apple.com>
References: <20110314063002.28048.29694.idtracker@localhost> <19F3A4CD-F39C-4F17-A6E9-7AA8AFBC6B3B@cisco.com> <CF8367A6-F303-43D7-99C6-D40D1DD5D5D9@free.fr> <125BC580-ED43-40EE-B6B9-FD88557C35B9@apple.com> <758DD037-9DC2-4A1E-BEAE-7E99CBED6D3A@cisco.com> <5E3E1015-9750-4ADA-91D9-F10FFFDB2BD0@apple.com> <B4FD874E-1AC2-49DF-A7C0-D1D48B940292@cisco.com> <3B1E3A80-B4A8-4DF0-B345-168BAD532C6E@apple.com> <4C14147C-03C5-48BC-A182-55DB298F2113@cisco.com>
To: Fred Baker <fred@cisco.com>
X-Mailer: Apple Mail (2.1082)
X-Brightmail-Tracker: AAAAAA==
Cc: NAT66 HappyFunBall <nat66@ietf.org>
Subject: Re: [nat66] Comments on draft-mrw-nat66-12
X-BeenThere: nat66@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "List for discussion of IPv6-to-IPv6 NAT." <nat66.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nat66>, <mailto:nat66-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nat66>
List-Post: <mailto:nat66@ietf.org>
List-Help: <mailto:nat66-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nat66>, <mailto:nat66-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2011 01:40:59 -0000

On Mar 15, 2011, at 6:33 PM, Fred Baker wrote:
> 
>  "Since there is significant detriment caused by modifying transport
>   layer headers and very little, if any, benefit to the use of port
>   mapping in IPv6, NPTv6 Translators that comply with this
>   specification MUST NOT perform port mapping."

I think you're missing my point.  The PCP protocol is intended for controlling firewalls even in the absence of port mapping.  The issue with PCP has nothing to do with port mapping.  It has to do with pinhole control and REC-48 of RFC 6092, which PCP is intended to meet.

Once again, I am NOT talking about port mapping.
I am NOT talking about port mapping.
I am NOT talking about port mapping.
I am NOT talking about port mapping.
I am NOT talking about port mapping.
I am NOT talking about port mapping.

I am talking about the implications for firewalls and PCP-capable hosts deployed behind site multi-homing NPTv6 systems as described in section 2.4 of your draft.


--
james woodyatt <jhw@apple.com>
member of technical staff, core os networking

v2.23.0 | Report a Bug | By Email