IETF Logo Mail Archive

Re: [NSIS] NATFW NSLP; using REA mode for blocking data flows

Martin Stiemerling <stiemerling@netlab.nec.de> Mon, 22 May 2006 14:14 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FiBAm-0002JF-A4; Mon, 22 May 2006 10:14:16 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FiBAk-0002JA-Mn for nsis@ietf.org; Mon, 22 May 2006 10:14:14 -0400
Received: from kyoto.netlab.nec.de ([195.37.70.21]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FiBAj-0002PF-6a for nsis@ietf.org; Mon, 22 May 2006 10:14:14 -0400
Received: from [10.1.1.109] (mito.netlab.nec.de [195.37.70.39]) by kyoto.netlab.nec.de (Postfix) with ESMTP id AAF761BAC4D; Mon, 22 May 2006 16:05:52 +0200 (CEST)
In-Reply-To: <446AEB90.9060609@uni-tuebingen.de>
References: <4443F69F.9000708@uni-tuebingen.de> <4D167603-348A-48BA-AB2E-634153ACF4F6@netlab.nec.de> <446AEB90.9060609@uni-tuebingen.de>
Mime-Version: 1.0 (Apple Message framework v750)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <1B9952D5-3530-4954-9BDC-638B879D9824@netlab.nec.de>
Content-Transfer-Encoding: 7bit
From: Martin Stiemerling <stiemerling@netlab.nec.de>
Subject: Re: [NSIS] NATFW NSLP; using REA mode for blocking data flows
Date: Mon, 22 May 2006 16:14:11 +0200
To: Ali Fessi <ali.fessi@uni-tuebingen.de>
X-Mailer: Apple Mail (2.750)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9a2be21919e71dc6faef12b370c4ecf5
Cc: nsis <nsis@ietf.org>
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
Errors-To: nsis-bounces@ietf.org

Hi Ali,

Thanks for the suggestion. I am in dislike about UCREATE, because the  
current REA and CREATE have basically two very different semantics.  
CREATE is creating a path from the sender to the receiver, where REA  
is solely reserving the resources for a CREATE.

The "upstream" part sounds reasonable for a new name, but Robert has  
pointed out that this term might be confusing for the reader. The  
direction might not be obvious...

So we still need a new name :-) Any other suggestions?

   Martin

Am 17.05.2006 um 11:23 schrieb Ali Fessi:

> Hi Martin,
>
> just a suggestion for the name of the REA message:
>
> in some earlier versions of the draft you had a UCREATE message  
> (Upstream Create).
>
> I think UCREATE would fit better, since:
>
> - in case the data receiver (DR) is behind a firewall, UCREATE  
> creates a firewall pinhole to receive the data
>
> - in case DR is behind a NAT it creates a NAT binding with a  
> external address
>
> - in case DR want to block some unwanted traffic UCREATE creates a  
> firewall rule to block this data traffic
>
> So the naming UCREATE fits well in all cases.
>
> My concerns with REA is that in few years any historical reasons  
> for choosing this name will not be obvious and the name will be  
> rather inappropriate.
>
> Especially using REA for blocking incoming data traffic is confusing.
>
> cheers,
> ali
>
>
>
> Martin Stiemerling wrote:
>> Hi Ali,
>> I have been away on vacation and now catching up with the emails.
>> The name REA (RESERVE-EXTERNAL-ADDRESS) has its roots in the time  
>> of  reserving a public reachable IP address at a NAT. The  
>> semantics of  this REA message has changed over time and does now  
>> include firewalls  as well.
>> We have had some proposals for a new name of REA, but none of  
>> them  could ultimately convince. My current reading for REA is,  
>> that in any  case (NAT or firewall) you do reserve the external  
>> reachable IP  address. For the NAT case, this is the public  
>> reachable IP address;  for the firewall case this is the globally  
>> routable IP address of the  host (or one of these addresses). Both  
>> "types" of addresses are  external addresses.
>> However, if somebody has a good proposal for another name  
>> describing  the semantics in a better way -- send it NOW. (yet  
>> another naming  contest :-)
>>   Martin
>> Am 17.04.2006 um 22:12 schrieb Ali Fessi:
>>> Hi all,
>>>
>>> the REA mode (Reserving External Address) was originally called  
>>> REA  mode because it is used by hosts behind a NAT to reserve a  
>>> publicly  reachable IP address (and port number).
>>>
>>> Now, the REA mode is also used by hosts behind a firewall to  
>>> signal  to a firewall for blocking data traffic.
>>>
>>> Although from functionality point of view, it might be fine to  
>>> use  the same name for these two similar functionalities; but  
>>> from  terminology point of view, this is rather confusing to  
>>> signal for  blocking data traffic and call it "REA mode".
>>>
>>> So, why not use a different name that matches more the   
>>> functionality, something like "BLOCK mode" for example?! This  
>>> would  make it easier for the readers to understand.
>>>
>>> Cheers,
>>> Ali
>>> -- 
>>> Ali Fessi
>>> University of Tuebingen, Germany
>>>
>>> _______________________________________________
>>> nsis mailing list
>>> nsis@ietf.org
>>> https://www1.ietf.org/mailman/listinfo/nsis
>
>
> -- 
> Ali Fessi
> Computer Networks and Internet
> Wilhelm Schickard Institute for Computer Science
> University of Tuebingen, Germany
> Phone: +49 7071 29-70534 / Fax: +49 7071 29-5220
> EMail: ali.fessi@uni-tuebingen.de
> Web: http://net.informatik.uni-tuebingen.de/~fessi/


_______________________________________________
nsis mailing list
nsis@ietf.org
https://www1.ietf.org/mailman/listinfo/nsis

v2.23.0 | Report a Bug | By Email