IETF Logo Mail Archive

Re: [v6ops] new draft: draft-ietf-v6ops-6204bis

"Hemant Singh (shemant)" <shemant@cisco.com> Fri, 14 October 2011 22:05 UTC

Return-Path: <shemant@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5776321F8D17 for <v6ops@ietfa.amsl.com>; Fri, 14 Oct 2011 15:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.858
X-Spam-Level:
X-Spam-Status: No, score=-4.858 tagged_above=-999 required=5 tests=[AWL=1.740, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F5Ppm9FqktLT for <v6ops@ietfa.amsl.com>; Fri, 14 Oct 2011 15:05:13 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 61AD221F8D16 for <v6ops@ietf.org>; Fri, 14 Oct 2011 15:05:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=shemant@cisco.com; l=13774; q=dns/txt; s=iport; t=1318629913; x=1319839513; h=mime-version:subject:date:message-id:in-reply-to: references:from:to; bh=/HAXD0hyw6ZmEf5PGb+go8QrT6LTNwLxkM5f3f8Hn+Q=; b=J9kO5n7MGlD+cSyLFh4dCZLfI4+fKG7m5sm0WHQuq8RpcflPCvovm7D0 sZ6ujNDDRjDb/mLhK6ZSuqagylEsA76GoiabluZmcTHeGnbxahnVlPW41 4GRUQnK+stAnckws9zC8Y6+pYT4Pq6Vwnz7GxvuemP+ME0Uqn2SeFL2kD k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApIAAISxmE6tJV2a/2dsb2JhbABDgk2CKZRJjiiBAIEFgW4BAQEBAxIBCQcKA1kCAQgRBAEBCwYXAQICAgEBRAkIAQEEARIIGqENAYxHkXuGZTNhBIgBkSeMQg
X-IronPort-AV: E=Sophos; i="4.69,348,1315180800"; d="scan'208,217"; a="28580554"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-3.cisco.com with ESMTP; 14 Oct 2011 22:05:12 +0000
Received: from xbh-rcd-202.cisco.com (xbh-rcd-202.cisco.com [72.163.62.201]) by rcdn-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p9EM5CNa000366; Fri, 14 Oct 2011 22:05:12 GMT
Received: from xmb-rcd-109.cisco.com ([72.163.62.151]) by xbh-rcd-202.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 14 Oct 2011 17:05:12 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CC8ABD.587D051A"
Date: Fri, 14 Oct 2011 17:05:11 -0500
Message-ID: <5B6B2B64C9FE2A489045EEEADDAFF2C303130390@XMB-RCD-109.cisco.com>
In-Reply-To: <5B6B2B64C9FE2A489045EEEADDAFF2C3030A4156@XMB-RCD-109.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [v6ops] new draft: draft-ietf-v6ops-6204bis
Thread-Index: AcyJ6wLZOOPEzW52RBi8Pf7sDGTAIwAGE7CgAC423yA=
References: <4E974F1A.2030008@forthnetgroup.gr> <5B6B2B64C9FE2A489045EEEADDAFF2C3030A4156@XMB-RCD-109.cisco.com>
From: "Hemant Singh (shemant)" <shemant@cisco.com>
To: "Hemant Singh (shemant)" <shemant@cisco.com>, Tassos Chatzithomaoglou <achatz@forthnetgroup.gr>, v6ops@ietf.org, draft-ietf-v6ops-6204bis@tools.ietf.org
X-OriginalArrivalTime: 14 Oct 2011 22:05:12.0841 (UTC) FILETIME=[58B1EF90:01CC8ABD]
Subject: Re: [v6ops] new draft: draft-ietf-v6ops-6204bis
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2011 22:05:14 -0000

Tassos,

 

From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf Of Hemant Singh (shemant)
Sent: Thursday, October 13, 2011 8:18 PM
To: Tassos Chatzithomaoglou; v6ops@ietf.org; draft-ietf-v6ops-6204bis@tools.ietf.org
Subject: Re: [v6ops] new draft: draft-ietf-v6ops-6204bis

 


>>Lastly, i would also like to have the following under "4.5. Security Considerations". Unless we are leaving this functionality to the AFTR/BR >(although i couldn't find anything relevant; PCP?).

>>S-3:  The IPv6 CE router MUST support the configuration of a common filtering behavior, regardless of the >interface type that traffic is coming through >>(native or through a transition/tunneling technology).

>Will have to think about this one.  S-2 already mentions ingress filtering.  We could modify S-2 to include some text from your suggestion above.   

 

How can the  device have a common filtering behavior for tunneled traffic vs. native traffic?    The rfc6204bis document already references RFC 6092 that discusses copious security for native and tunneled transport.  One key recommendation for security related to tunnels is prescribed in RFC 6169 which is to have tunneled traffic not cross border routers.  Both 6rd and DS-Lite tunnels terminate within the boundary of the SP secured domain.   Thus I don’t see a need for adding any other text related to security in the rfc 6204bis document yet.

 

Thanks,

 

Hemant

v2.23.0 | Report a Bug | By Email