IETF Logo Mail Archive

Re: [v6ops] draft-ietf-v6ops-ula-usage-recommendations - work or abandon?

Fernando Gont <fgont@si6networks.com> Fri, 13 November 2015 03:36 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4345C1B3F6F for <v6ops@ietfa.amsl.com>; Thu, 12 Nov 2015 19:36:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVzJYZO25v3C for <v6ops@ietfa.amsl.com>; Thu, 12 Nov 2015 19:36:04 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A8521B3F6D for <v6ops@ietf.org>; Thu, 12 Nov 2015 19:36:03 -0800 (PST)
Received: from p59224-ipngn200301daianjibetu.nara.ocn.ne.jp ([58.92.78.224] helo=[192.168.1.197]) by web01.jbserver.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.86) (envelope-from <fgont@si6networks.com>) id 1Zx59W-00087U-Bj; Fri, 13 Nov 2015 04:35:55 +0100
To: Lorenzo Colitti <lorenzo@google.com>
References: <D25D5920.C914E%Lee.Howard@twcable.com> <CAKD1Yr1rKjkDhhuD9L=R_MJ+ofOAZ2Nt+5mszZKQxCh-kH4vqw@mail.gmail.com> <563FA84C.7030601@si6networks.com> <CAKD1Yr0F888Aw0opSigtC8HV6esUrE1JECKQ4gT737s+43ayfw@mail.gmail.com> <CAG6TeAs8ie=c0F8RMioBpemCw949Bf9c7ZTNvqgaZP=10rmNcQ@mail.gmail.com> <CAKD1Yr1EqbiGJ8EZo8E909zujUt49skcz1SNe8stEWfHnbUsTw@mail.gmail.com> <CAG6TeAsHMTyhbRrOenb1kA9XEDdOCBBbuN3ZGF3LJ=8ToyGtiQ@mail.gmail.com> <CAKD1Yr3RUc9FEw7VyJ=ENH_sJY85m1BESo77v_maShPvCkj6rA@mail.gmail.com> <CAG6TeAv9DPYUCsNG_vHCTOpwwJ8KdhjWeGE=-s6dEuMgaVHf1g@mail.gmail.com> <CAKD1Yr2VXVFareTk-J_+pcr_UW9Do-zf_uYcyjNW-MTPts6hRQ@mail.gmail.com> <CAG6TeAt2JJJmALy=pJFaojbnZrQRE0e0i-D=XtTce=rmbf08tQ@mail.gmail.com> <CAKD1Yr1H2HgxBNOZBrx-ttoB6z6caLAck3csF=ti6CDUzW57ng@mail.gmail.com> <D267B9E3.5DB8C%evyncke@cisco.com> <CAKD1Yr2zY9qr76f-KO7DTnYXQEmMJ0O6M22nFczfjGfL5Dk=dA@mail.gmail.com> <564537A7.90102@si6networks.com> <CAKD1Yr3dUMEoG-De5YWDFyjGehhxBq-uyN-NSqbYgvinDUy8Wg@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <56455ACD.6040804@si6networks.com>
Date: Fri, 13 Nov 2015 12:36:45 +0900
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr3dUMEoG-De5YWDFyjGehhxBq-uyN-NSqbYgvinDUy8Wg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/JZ9l5Ooo-mhubqroWmu3yQ9qK1k>
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-ula-usage-recommendations - work or abandon?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2015 03:36:06 -0000

On 11/13/2015 11:59 AM, Lorenzo Colitti wrote:
> On Fri, Nov 13, 2015 at 10:06 AM, Fernando Gont <fgont@si6networks.com
> <mailto:fgont@si6networks.com>> wrote:
> 
>     > The sort of application that tries to do this doesn't typically use TCP.
> 
>     You still need to guess the port numbers. And if you're able to, that's
>     a sign there's something you still need to fix (see RFC6056).
> 
> 
> The port numbers are no more a guess than the IP addresses are. Whatever
> told you the IP addresses can also tell you the port numbers. 

So: You want to talk to me, but I don't accept incoimng connections. I
want to talk to you, but you don't accept incoming connections.

You claim that it is simpler to achieve that with NATs, than with FWs.
How would that happen without relying on a third party, and without
guessing port numbers to fake e.g. a TCP simultaneous open?


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email