IETF Logo Mail Archive

RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF request underconsideration: SAFE

"Dan Wing" <dwing@cisco.com> Tue, 16 October 2007 16:29 UTC

Return-path: <safe-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IhpIJ-0005Pa-FU; Tue, 16 Oct 2007 12:29:23 -0400
Received: from safe by megatron.ietf.org with local (Exim 4.43) id 1IhpIH-0005O3-4D for safe-confirm+ok@megatron.ietf.org; Tue, 16 Oct 2007 12:29:21 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IhpIG-0005Ns-7y; Tue, 16 Oct 2007 12:29:20 -0400
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IhpIE-0002P9-UY; Tue, 16 Oct 2007 12:29:20 -0400
X-IronPort-AV: E=Sophos;i="4.21,284,1188802800"; d="scan'208";a="406980393"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-2.cisco.com with ESMTP; 16 Oct 2007 09:29:18 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l9GGTI7L012289; Tue, 16 Oct 2007 09:29:18 -0700
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l9GGTCm9013041; Tue, 16 Oct 2007 16:29:17 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Pekka Savola' <pekkas@netcore.fi>
References: <470E262B.1080505@ericsson.com> <024901c80c26$16fd9ff0$c3f0200a@cisco.com> <Pine.LNX.4.64.0710150840340.17284@netcore.fi>
Subject: RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF request underconsideration: SAFE
Date: Tue, 16 Oct 2007 09:29:09 -0700
Message-ID: <1d7701c81011$b0db7540$c3f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <Pine.LNX.4.64.0710150840340.17284@netcore.fi>
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: AcgO7pXmYvK0Hpa5RFKJxJkKxn6DIgAU0r0A
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4642; t=1192552158; x=1193416158; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[SAFE]=20FW=3A=20[OPS-AREA]=20FW=3A=20[tsv-area]=20BO F=20request=20underconsideration=3A=20SAFE |Sender:=20; bh=Y86UGv40SL5Zss7gzRef8kGlx1NnkW7WwVFyU/dbGxU=; b=tSpBcxKYVTv7R9nfMcaRRdhuU9aQ/5lOfcKzNQSfcVA5zYb1zKKp5cKhZBLzyY8cqG+XBWLH 3xCtN7KweGEfSuDgVgC0ls7xQsVqwEwFxo3MPjfydoQf9Dg3tG35ZEFB;
Authentication-Results: sj-dkim-4; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 5d7a7e767f20255fce80fa0b77fb2433
Cc: safe@ietf.org, ops-area@ietf.org
X-BeenThere: safe@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Self-Address Fixing Evolution <safe.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/safe>
List-Post: <mailto:safe@ietf.org>
List-Help: <mailto:safe-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=subscribe>
Errors-To: safe-bounces@ietf.org

Pekka Savola wrote:
> Hi Dan,

Hi.

> Please forward this to the SAFE list as appropriate.

It's CC'd.

> On Thu, 11 Oct 2007, Dan Wing wrote:
> > The SAFE BoF isn't about comparing Teredo to STUN/ICE.
> >
> > Rather, it is about querying and controlling binding lifetimes of
> > NATs in order to reduce the frequency of keepalive messages across
> > those NATs.  This would benefit any UDP-based protocol that
> > traverses NATs and, today, needs to send keepalives every 20-30
> > seconds; such a protocol could reduce its keepalive traffic
> > substantially.  Teredo and IPsec-over-UDP would benefit from
> > such a reduction in keepalive traffic.
> 
> The list of drawbacks of existing solutions (that I clipped 
> off in the mail *) seemed to be written in a way that implied 
> that the BOF proposal wanted to express the superiority of 
> STUN/ICE compared to the other solutions.  I think you'll need to 
> include a complete list, reword to make the intent of the text 
> clearer or remove the drawback list completely.

I have tweaked the BoF request to clarify the intent of the
BoF.  It is now at http://www.employees.org/safe/bof-request.html

> FWIW, as it happens, Teredo already supports automatic adjustment to 
> NAT timeouts.

Yes, and this is effective to learn the NAT's default timeout and
to adjust keepalive traffic accordingly.  To be effective at reducing
keepalive traffic, the NAT's default timeout has to be increased 
for all UDP traffic (or, at a minimum, for all UDP traffic the NAT 
can identify as Teredo traffic).

However, Teredo doesn't have a way to request an _increase_ of the
NAT's timeout from the NAT's default.  That is what STUN Control can
do.  Thus, with STUN Control, the NAT could retain its default timeout 
(30, 60, 120 seconds, or whatever) for most UDP traffic, and have a 
much longer timeout (e.g., 5-10 minutes) for the UDP bindings that 
request a longer timeout.

-d


> *) 
> http://www1.ietf.org/mail-archive/web/tsv-area/current/msg00116.html
> 
> >> -----Original Message-----
> >> From: Magnus Westerlund [mailto:magnus.westerlund@ericsson.com]
> >> Sent: Thursday, October 11, 2007 6:34 AM
> >> To: safe@ietf.org
> >> Subject: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF request
> >> underconsideration: SAFE
> >>
> >> Hi,
> >>
> >> This was sent to the V6OPS list by Pekka Savola. I forward 
> it to the
> >> SAFE list with his permission for commenting.
> >>
> >> Magnus Westerlund
> >>
> >>
> >> -----Original Message-----
> >> From: Pekka Savola [mailto:pekkas@netcore.fi]
> >> Sent: Monday, October 08, 2007 7:07 PM
> >> To: Romascanu, Dan (Dan)
> >> Cc: ops-area@ietf.org
> >> Subject: Re: [OPS-AREA] FW: [tsv-area] BOF request under
> >> consideration:
> >> SAFE
> >>
> >> On Mon, 8 Oct 2007, Romascanu, Dan (Dan) wrote:
> >>> ICE and its companion protocol STUN have been successfully
> >> deployed on
> >>
> >>> the Internet for NAT traversal.  ICE and STUN have several
> >>> characteristics which contribute to their success:
> >>>
> >>>  1. incremental deployment.  ICE and STUN are functional 
> without any
> >>>     modifications to existing NATs.
> >>>  2. nested NATs.  ICE and STUN work when there are multiple NATs
> >>>     between a host and the Internet.
> >>>  3. topology unaware.  ICE and STUN are not configured with
> >>>     information about NATs, firewalls, or their locations -- only
> >>>     with the IP address of a server on the Internet.
> >>>  4. simple security model.  If a host behind a NAT is
> >> allowed to send
> >>>     a packet across the NAT, it is allowed to receive a response.
> >>>  5. works on routed networks, which allows operation in both
> >>>     enterprise networks and home networks.
> >>
> >> Teredo also fulfills these characteristics (and has none of the
> >> drawbacks listed later).
> >>
> >> I'm confident that the BOF proposers will be able to invent new
> >> drawbacks to exclude Teredo from consideration, though.
> >>
> >> --
> >> Pekka Savola                 "You each name yourselves 
> king, yet the
> >> Netcore Oy                    kingdom bleeds."
> >> Systems. Networks. Security. -- George R.R. Martin: A 
> Clash of Kings
> >>
> >>
> >> _______________________________________________
> >> SAFE mailing list
> >> SAFE@ietf.org
> >> https://www1.ietf.org/mailman/listinfo/safe
> >
> 
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings


_______________________________________________
SAFE mailing list
SAFE@ietf.org
https://www1.ietf.org/mailman/listinfo/safe

v2.23.0 | Report a Bug | By Email