Re: [P2PSIP] BEHAVE recommends endpoint-dependent mapping, kills p2p-sip?
Cullen Jennings <fluffy@cisco.com> Mon, 23 April 2007 04:06 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hfpon-0007pc-2f; Mon, 23 Apr 2007 00:06:25 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hfpom-0007mt-Iv for p2psip@ietf.org; Mon, 23 Apr 2007 00:06:24 -0400
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hfpol-0006IN-77 for p2psip@ietf.org; Mon, 23 Apr 2007 00:06:24 -0400
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-3.cisco.com with ESMTP; 22 Apr 2007 21:06:23 -0700
X-IronPort-AV: i="4.14,439,1170662400"; d="scan'208"; a="480558720:sNHT51348300"
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l3N46MGU016551; Sun, 22 Apr 2007 21:06:22 -0700
Received: from [192.168.4.177] (sjc-fluffy-vpn1.cisco.com [10.25.236.82]) by sj-core-2.cisco.com (8.12.10/8.12.6) with SMTP id l3N46KZU000722; Mon, 23 Apr 2007 04:06:20 GMT
In-Reply-To: <9EE3D40D-B562-4A61-922D-5801ABB8E08E@magma.ca>
References: <38464B16719C77439C06051F392AB9E6062EB2EA@CAVS1.sanmateo.corp.akamai.com> <4625CFB2.4070101@telecomitalia.it> <9EE3D40D-B562-4A61-922D-5801ABB8E08E@magma.ca>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <41BCFFB7-5876-4F44-8705-DB82A4AD80AE@cisco.com>
Content-Transfer-Encoding: 7bit
From: Cullen Jennings <fluffy@cisco.com>
Subject: Re: [P2PSIP] BEHAVE recommends endpoint-dependent mapping, kills p2p-sip?
Date: Sun, 22 Apr 2007 21:05:48 -0700
To: Philip Matthews <philip_matthews@magma.ca>
X-Mailer: Apple Mail (2.752.3)
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=3210; t=1177301182; x=1178165182; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fluffy@cisco.com; z=From:=20Cullen=20Jennings=20<fluffy@cisco.com> |Subject:=20Re=3A=20[P2PSIP]=09BEHAVE=20recommends=20endpoint-dependent=2 0mapping,=20kills=20p2p-sip? |Sender:=20; bh=RELRLJIvgMPbCWNyQlkcThYkGiQT4CqLY+W2vH4eEFw=; b=V4fq0YIAi9lCBT0guwYG0jzgBdTc1JW8p8yiwI6eormzKNQYWNWX7pQni1nvT3a49mb2UYKt oJs4io6vk3SJjJ7kg7R+I2U5AJlC85DUyEmYQYdC6RGvzTFf4GSo9pmZ;
Authentication-Results: sj-dkim-4; header.From=fluffy@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f66b12316365a3fe519e75911daf28a8
Cc: P2PSIP WG <p2psip@ietf.org>, "Barrett, David" <dbarrett@akamai.com>
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
I agree with Philip. And I think we have plenty of examples that show what he is saying is true. Cullen <with my individual hat on> On Apr 18, 2007, at 5:18 AM, Philip Matthews wrote: > I just want to second what Enrico and Bruce are saying: I believe > we can live with > NATs and Firewalls that have endpoint-dependent filtering. > > The basics of the idea for how to deal with these are described in > three drafts > draft-matthews-p2psip-bootstrap-mechanisms, and > draft-matthews-p2psip-dsip-nat-traversal (which Bruce > already mentioned) > draft-matthews-p2psip-nats-and-overlays > > The first draft describes how a node that wishes to join a peer-to- > peer overlay > can establish a connection to ONE peer in the overlay. > The second draft describes how the node can then leverage this > connection > to establish a partial mesh of connections to other peers, and then > use this > partial mesh to route messages through the overlay. > The third draft attempts to explain this idea and compare it with > other approaches > to NAT Traversal for peer-to-peer networks. > > There is still more work to do flesh out all the details, but I > believe the drafts > adequately describe the core of the idea. > > There was a hot debate in the BEHAVE group on the filtering issue. > However, the key fact is that there are many, many NATs today > that already implement endpoint-dependent filtering for "security" > reasons, > and it was felt that many manufacturers would just ignore the > recommendation > if the document said "NATs MUST have endpoint-independent filtering". > > - Philip > > > > > On 18-Apr-07, at 03:58 , Enrico Marocco wrote: > >> Barrett, David wrote: >>> So I'm behind the times, but I just became aware that the BEHAVE >>> group, >>> which is the IETF group dedicated to specifying future NAT behavior, >>> decided in 8/2005 to recommend that NATs by default implement >>> "endpoint-dependent" (aka "restricted cone") filtering. >> >> Exactly, "filtering", not "mapping" as in the subject. They are very >> different things and, in fact, RFC 4787 explicitly requires >> endpoint-independent mapping". >> >>> Basically, all decentralized P2P networks would stop working as the >>> ratio of "accessible" to "inaccessible" nodes trends toward >>> zero. At >>> that point, basically no DHT can possibly function because nobody >>> can >>> accept unsolicited incoming connections. >> >> Not true. In some DHTs, e.g. CAN, nodes use just a pretty stable >> set of >> persistent connections and do not need to receive unsolicited >> messages. >> If NATs /behave/, what is needed is just a small set of >> "unrestricted" >> peers providing the rendezvous service needed to establish persistent >> connections between natted peers. >> >> -- >> Ciao, >> Enrico >> _______________________________________________ >> P2PSIP mailing list >> P2PSIP@ietf.org >> https://www1.ietf.org/mailman/listinfo/p2psip > > > _______________________________________________ > P2PSIP mailing list > P2PSIP@ietf.org > https://www1.ietf.org/mailman/listinfo/p2psip _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- Re: [P2PSIP] BEHAVE recommends endpoint-dependent… Enrico Marocco
- [P2PSIP] BEHAVE recommends endpoint-dependent map… Barrett, David
- Re: [P2PSIP] BEHAVE recommends endpoint-dependent… Bruce Lowekamp
- RE: [P2PSIP] BEHAVE recommends endpoint-dependent… Barrett, David
- Re: [P2PSIP] BEHAVE recommends endpoint-dependent… Bruce Lowekamp
- Re: [P2PSIP] BEHAVE recommends endpoint-dependent… Philip Matthews
- Re: [P2PSIP] BEHAVE recommends endpoint-dependent… Philip Matthews
- RE: [P2PSIP]BEHAVE recommends endpoint-dependent … Barrett, David
- Re: [P2PSIP]BEHAVE recommends endpoint-dependent … Enrico Marocco
- RE: [P2PSIP] BEHAVE recommends endpoint-dependent… Henry Sinnreich
- Re: [P2PSIP] BEHAVE recommends endpoint-dependent… Cullen Jennings