IETF Logo Mail Archive

RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requestunderconsideration: SAFE

"Dan Wing" <dwing@cisco.com> Fri, 12 October 2007 17:15 UTC

Return-path: <safe-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgO77-0003At-Cj; Fri, 12 Oct 2007 13:15:53 -0400
Received: from safe by megatron.ietf.org with local (Exim 4.43) id 1IgO75-0003Aj-C4 for safe-confirm+ok@megatron.ietf.org; Fri, 12 Oct 2007 13:15:51 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgO74-0003Ab-Ln for safe@ietf.org; Fri, 12 Oct 2007 13:15:50 -0400
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IgO74-0000j1-8G for safe@ietf.org; Fri, 12 Oct 2007 13:15:50 -0400
X-IronPort-AV: E=Sophos;i="4.21,267,1188802800"; d="scan'208";a="405983285"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-2.cisco.com with ESMTP; 12 Oct 2007 10:15:50 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l9CHFnQL008941; Fri, 12 Oct 2007 10:15:49 -0700
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id l9CHFnZo010999; Fri, 12 Oct 2007 17:15:49 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Rémi Denis-Courmont' <remi.denis-courmont@nokia.com>, safe@ietf.org
References: <470E262B.1080505@ericsson.com><024901c80c26$16fd9ff0$c3f0200a@cisco.com> <200710121159.41676.remi.denis-courmont@nokia.com>
Subject: RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requestunderconsideration: SAFE
Date: Fri, 12 Oct 2007 10:15:48 -0700
Message-ID: <0dfa01c80cf3$89063210$c3f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <200710121159.41676.remi.denis-courmont@nokia.com>
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: AcgMrk1AesovFx4vQfqVYUjsXzLxnQARMnKA
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1893; t=1192209349; x=1193073349; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[SAFE]=20FW=3A=20[OPS-AREA]=20FW=3A=20[tsv-area]=20BO F=20requestunderconsideration=3A=20SAFE |Sender:=20; bh=2Sz0IQfrQyA5dpTE9tAj9pOoeb8HvlgGV55NPqqWwj8=; b=RFj3VYG8S68kWbrclbgZHX3n9GdR38YDPCBl/m5GoGwVyQjfMJzW3ARapgo0mpFgQhGM6XSL HGTFccAhrf6EEbX0LAGZ6RAs7bCqU37bHt2uy2ZLj8CFMdG2J7R03/t+;
Authentication-Results: sj-dkim-4; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Cc:
X-BeenThere: safe@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Self-Address Fixing Evolution <safe.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/safe>
List-Post: <mailto:safe@ietf.org>
List-Help: <mailto:safe-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=subscribe>
Errors-To: safe-bounces@ietf.org

Rémi Denis-Courmont wrote:
> Le Thursday 11 October 2007 19:45:10 ext Dan Wing, vous avez écrit :
> > The SAFE BoF isn't about comparing Teredo to STUN/ICE.
> >
> > Rather, it is about querying and controlling binding lifetimes of
> > NATs in order to reduce the frequency of keepalive messages across
> > those NATs.  This would benefit any UDP-based protocol that
> > traverses NATs and, today, needs to send keepalives every 20-30
> > seconds; such a protocol could reduce its keepalive traffic
> > substantially.  Teredo and IPsec-over-UDP would benefit from
> > such a reduction in keepalive traffic.
> 
> The Outside-In method would work, though the client would run 
> a Teredo qualification procedure rather than a STUN Binding 
> transaction with its server. When concluded, the the client can 
> send a STUN Binding Request to its NAT.

Agreed.  Here is what I am planning to add to -05:

   Endpoints that implement Teredo [RFC4380] learn their outer-most NATs
   address as their Teredo Mapped Address.  Once learned, the Teredo
   client can utilize STUN Control to query and control that NAT's UDP
   keepalive timeout, and thus reduce the Teredo refresh interval.
   Controlling the NAT's refresh interval explicitly is less brittle
   than Teredo's "interval determination procedure".  Nested NATs can be
   similarly discovered, queried, and controlled.

> The tagging approach fails terribly since Teredo 
> qualification packet format is incompatible with STUN.

Agreed.

But, thinking aloud:  after Teredo qualification the Teredo client 
could send a STUN packet to a STUN server (running on the same host 
it ran its Teredo qualification against), and get that STUN packet 
tagged.  So long as the UDP packets to those different UDP ports 
were routed the same, the same firewalls would be traversed.

-d


_______________________________________________
SAFE mailing list
SAFE@ietf.org
https://www1.ietf.org/mailman/listinfo/safe

v2.23.0 | Report a Bug | By Email