IETF Logo Mail Archive

Re: [Spud] ??????: Numbers...

Yoav Nir <ynir.ietf@gmail.com> Tue, 16 June 2015 09:15 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A0601A890D for <spud@ietfa.amsl.com>; Tue, 16 Jun 2015 02:15:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dGeOOXto8SqH for <spud@ietfa.amsl.com>; Tue, 16 Jun 2015 02:15:55 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 720561A88D7 for <spud@ietf.org>; Tue, 16 Jun 2015 02:15:55 -0700 (PDT)
Received: by wigg3 with SMTP id g3so102485231wig.1 for <spud@ietf.org>; Tue, 16 Jun 2015 02:15:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=0zjujsmeW6yAkYWk4uIqf5svuqicipX8Np+aBl+8LJg=; b=tJKUIq1nGJx+nFyDVeJYjAqeXfhZr8Pz2Zg4fsCjBcDcnGT4f8t0j2FY5oRuVnxSdM mjE4P3lmsZRELHV1aJ1y6xU3yK43hKwR9Roz/EVVHuV1pHy+bXjZJYceyglsAXzvE6Qr fOVBOFwDXEYRSDmeufjdHzezzjZ17SxhdeiWbzpWZ3l6IXslN0g4g/LPYL3HmTf7jOcl sVhAkm01F9ZN/A9pS0iEjJY5Yw1ct7S6IASnQcyYF268J5tJnITbk79fgZKKl4u9PvQ1 gP+j8LJiY9xrCbUY/mpWs/CsfWxIVpGhVLltWGsyDvcDNl0QjwwTf00QW6MRsp3b4HyD Lpww==
X-Received: by 10.180.78.136 with SMTP id b8mr40433508wix.44.1434446153655; Tue, 16 Jun 2015 02:15:53 -0700 (PDT)
Received: from [172.24.251.11] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id ez19sm19818662wid.19.2015.06.16.02.15.51 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 16 Jun 2015 02:15:53 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <486B9F34-9E47-4B74-B9DE-56BC9A3D84FA@cisco.com>
Date: Tue, 16 Jun 2015 12:15:49 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <0D5AE723-1D37-4F21-B697-9D3A4F58CEB7@gmail.com>
References: <20150612143838.GJ27147@cisco.com> <DM2PR0301MB06555A1F115E2551C3D1BC8FA8BB0@DM2PR0301MB0655.namprd03.prod.outlook.com> <CALx6S34z-9gi7+VVnyVdFmLroR_QYeZMWPpbCeES_TJ46iSR0A@mail.gmail.com> <486B9F34-9E47-4B74-B9DE-56BC9A3D84FA@cisco.com>
To: "Pal Martinsen (palmarti)" <palmarti@cisco.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/tvup2E3iRv6Emd5b_RKhjtPLpCQ>
Cc: Tom Herbert <tom@herbertland.com>, Youjianjie <youjianjie@huawei.com>, Martin Stiemerling <mls.ietf@gmail.com>, "mirja.kuehlewind@tik.ee.ethz.ch" <mirja.kuehlewind@tik.ee.ethz.ch>, "spud@ietf.org" <spud@ietf.org>, Christian Huitema <huitema@microsoft.com>
Subject: Re: [Spud] ??????: Numbers...
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2015 09:15:57 -0000

> On Jun 16, 2015, at 11:12 AM, Pal Martinsen (palmarti) <palmarti@cisco.com> wrote:
> 
>> 
>> On 13 Jun 2015, at 01:37, Tom Herbert <tom@herbertland.com> wrote:
>> 
>> On Fri, Jun 12, 2015 at 10:22 AM, Christian Huitema
>> <huitema@microsoft.com> wrote:
>>>> I have never heard 99% of UDP is trash to be true. Security folks in Cisco told me
>>>> "a lot of unix networking apps from the 80th/90th based on UDP where
>>>> extremely insecure", and i think thats definitely true and has lead the first wave
>>>> of firewalling off UDP. The second wave was p2p sharing apps which also
>>>> caused a lot of enterprises to be weary of UDP and firewall it.
>>> 
>>> Two big applications that are running over UDP: voice and video with Skype, video-games with Xbox Live. Of course, there are places where UDP is blocked, in which case UDP applications will try tunneling over HTTPS. But in the vast majority of consumer networks, these applications use UDP just fine.
>>> 
>> Christian,
>> 
>> You present a very interesting datapoint, but I'm not sure how to
>> interpret it. Is UDP getting far reach now because most users are not
>> behind firewalls, firewalls are allowing all UDP to pass, or holes
>> have been commonly punched in firewalls for specific applications?
>> Would this imply there is less need to implement a UDP based protocol
>> to work with stateful firewalls?
>> 
> 
> 
> 
> Thanks Cristian for the datapoint. I think enterprise numbers are different (I am assuming that Skype and X-box are not typically enterprise applications).

Skype (or equivalent) does get used in enterprises. X-box? Not as much...

> But it shows that most home equipment work with this approach, and nothing in the middle on the big dark ans scary Internet breaks UDP. That is very useful information.

“Nothing" is perhaps too strong. As long as the UDP packets are small enough, the big bad Internet will let it through, but there are places where fragments are dropped. Not usually a problem for VoIP, but could be for other applications.

> So the remaining problem seems to be enterprise networks and the fears of opening up UDP. And hopefully something SPUD like can help with that.

Hopefully. But there’s also the coffee shop / hotel / public transit networks that tend to have some very badly configured firewalls with heavy-handed filtering. 

Yoav
(who works for a firewall vendor)

v2.8.7 | Report a Bug | By Email