IETF Logo Mail Archive

Re: [v6ops] [Fwd: I-D Action: draft-carpenter-v6ops-icp-guidance-03.txt]

Hui Deng <denghui02@gmail.com> Mon, 12 March 2012 04:02 UTC

Return-Path: <denghui02@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0169F21F859A for <v6ops@ietfa.amsl.com>; Sun, 11 Mar 2012 21:02:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.303
X-Spam-Level:
X-Spam-Status: No, score=-103.303 tagged_above=-999 required=5 tests=[AWL=0.295, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yK04fLe+dM+6 for <v6ops@ietfa.amsl.com>; Sun, 11 Mar 2012 21:02:52 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4DEC921F852B for <v6ops@ietf.org>; Sun, 11 Mar 2012 21:02:52 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so2418403ghb.31 for <v6ops@ietf.org>; Sun, 11 Mar 2012 21:02:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=l1xeITD3wBY0/Bbqhi8881ACs91FheKQ6Z29tAF/nGY=; b=zedmn24C/RTQku1TjV7VgjuPuIm1eV5zP18bxHe+4xchcTpxl1i6a94iU608kRloN/ tNl5D2V0c4+5R3kkxZKD6ZM1kKcbxm+xdOQGleKnbbloITr10ArDQaJd1jmvVQTT6iv9 TkS/t5Exp6fEviuWtl7bnhc7ZtTsZCFWBOHRma6wC9WhyisxRt5X4H5IAssfo+par1zT U0yESoA2szXL82r23hB29+KUc+jopHWCYtV7g+WfXJ09+uAo/3P7kgsH20fRkzF6fqP6 8I3mbeLXQEuD08VwQT1HuEvczvtns+t2iumw2HRaLo1GNsAs1JQz8yE8UKGKU1iJwtam D8uQ==
MIME-Version: 1.0
Received: by 10.236.197.74 with SMTP id s50mr11423850yhn.127.1331524971942; Sun, 11 Mar 2012 21:02:51 -0700 (PDT)
Received: by 10.147.123.12 with HTTP; Sun, 11 Mar 2012 21:02:51 -0700 (PDT)
In-Reply-To: <4F5CFBB8.9050502@bogus.com>
References: <4F45B554.2060103@gmail.com> <CANF0JMBbQsApjcDeiFK0pi-Qz=jOGFQVvCrPCPW+aVzCwTJx4g@mail.gmail.com> <4F5CFBB8.9050502@bogus.com>
Date: Mon, 12 Mar 2012 12:02:51 +0800
Message-ID: <CANF0JMB94rkykqmQCB+4oOQmE=sbJjxUu1H1m-OOx=LUNV7vCA@mail.gmail.com>
From: Hui Deng <denghui02@gmail.com>
To: Joel jaeggli <joelja@bogus.com>
Content-Type: multipart/alternative; boundary="20cf3040e37af6544704bb03d01f"
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] [Fwd: I-D Action: draft-carpenter-v6ops-icp-guidance-03.txt]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2012 04:02:53 -0000

2012/3/12 Joel jaeggli <joelja@bogus.com>

> On 3/11/12 08:35 , Hui Deng wrote:
> > 4) ICP need to fully understand how to avoid DDOS when they launch the
> > IPv6, otherwise they will always need NAT solution
>
> I'm mystified by this statement... network address translators that
> aren't stateless  (much like firewalls) are a huge DOS bottleneck in a
> service that accepts unsolicited incoming connections. As far as I'm
> concerned they shouldn't be employeed unless they can be load-balanced.
>
> If they cause the loss of the original v6 source address along the way
> that's no good since I need that.
>
you are right, NAT is stateful as well, but by configuring some policy on
the NAT, then
such kind of DOS could be avoided, which save those servers sitting behind.

-Hui

v2.23.0 | Report a Bug | By Email