RE: [OFF-PATH-BOF] How does an endpoint discover a local policy byDHCP?
Kylin Wei <weiqikun@huawei.com> Tue, 19 September 2006 07:40 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPaDh-0005pF-Lr; Tue, 19 Sep 2006 03:40:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPaDg-0005mo-Fb for off-path-bof@ietf.org; Tue, 19 Sep 2006 03:40:40 -0400
Received: from szxga01-in.huawei.com ([61.144.161.53]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GPaDd-0001Vh-MF for off-path-bof@ietf.org; Tue, 19 Sep 2006 03:40:40 -0400
Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0J5T002RIX2Q9L@szxga01-in.huawei.com> for off-path-bof@ietf.org; Tue, 19 Sep 2006 15:35:14 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0J5T0035JX2Q3M@szxga01-in.huawei.com> for off-path-bof@ietf.org; Tue, 19 Sep 2006 15:35:14 +0800 (CST)
Received: from w52438 ([10.164.5.109]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0J5T00036XHK4H@szxml04-in.huawei.com> for off-path-bof@ietf.org; Tue, 19 Sep 2006 15:44:12 +0800 (CST)
Date: Tue, 19 Sep 2006 15:31:21 +0800
From: Kylin Wei <weiqikun@huawei.com>
Subject: RE: [OFF-PATH-BOF] How does an endpoint discover a local policy byDHCP?
In-reply-to: <1158646129.2966.32.camel@localhost.localdomain>
To: 'Saikat Guha' <saikat@cs.cornell.edu>, 'Scott W Brim' <swb@employees.org>
Message-id: <000701c6dbbd$9a7f8c70$6d05a40a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Thread-index: AcbbshgAKBxv/zaTSZmKWs5KcI0TKQAC3KGw
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc: off-path-bof@ietf.org
X-BeenThere: off-path-bof@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "BOF: Path-decoupled Signaling for Data" <off-path-bof.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/off-path-bof>, <mailto:off-path-bof-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/off-path-bof>
List-Post: <mailto:off-path-bof@ietf.org>
List-Help: <mailto:off-path-bof-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/off-path-bof>, <mailto:off-path-bof-request@ietf.org?subject=subscribe>
Errors-To: off-path-bof-bounces@ietf.org
Hi Saikat, Thank you very much for your detailed introduction. I should say sorry because I make a mistake. My original question is "How does an endpoint discover a local policy box by DHCP". Kylin Wei > -----Original Message----- > From: Saikat Guha [mailto:saikat@cs.cornell.edu] > Sent: Tuesday, September 19, 2006 2:09 PM > To: Scott W Brim > Cc: off-path-bof@ietf.org > Subject: Re: [OFF-PATH-BOF] How does an endpoint discover a local policy > byDHCP? > > On Mon, 2006-09-18 at 08:27 -0400, Scott W Brim wrote: > > On 09/18/2006 07:18 AM, Paul Francis allegedly wrote: > > > I don't think any of us envisioned that an endpoint would learn policy via > > > DHCP. > > > > Rather, a policy server? > > If the question is how someone learns of which policy server to use ... > > Signaling packets go 1) up, 2) across, and 3) down; and the next-hop > policy server on each segment is determined differently. > > 1) UP: Drilling out towards the Internet through multiple layers of > firewalls ... a packet (any packet) is sent outwards, a firewall/M-Box > intercepts it and responds with an ICMP-like error message that informs > the source what policy server to contact for auth. > > 2) ACROSS: Packet goes from internet-facing firewall of the stack of > firewalls for the source to the internet-facing firewall of the > recipient. The signaling server for the recipient's domain is resolved > over DNS through SRV-type records. > > 3) DOWN: Drilling down to the destination through multiple firewalls. > When the destination registers its presence it creates a chain of > registrations to the internet-facing signaling proxy for his domain > (chain discovered through the drill-out in #1 above). The signaling > packets bound for the destination follow the reverse route of the > registration-chain. > > -- > Saikat _______________________________________________ OFF-PATH-BOF mailing list OFF-PATH-BOF@ietf.org https://www1.ietf.org/mailman/listinfo/off-path-bof
- [OFF-PATH-BOF] How does an endpoint discover a lo… Kylin Wei
- RE: [OFF-PATH-BOF] How does an endpoint discover … Paul Francis
- Re: [OFF-PATH-BOF] How does an endpoint discover … Scott W Brim
- Re: [OFF-PATH-BOF] How does an endpoint discover … Hannes Tschofenig
- RE: [OFF-PATH-BOF] How does an endpoint discover … Paul Francis
- Re: [OFF-PATH-BOF] How does an endpoint discover … Saikat Guha
- RE: [OFF-PATH-BOF] How does an endpoint discover … Kylin Wei
- [OFF-PATH-BOF] Sorry about the spam... Paul Francis