[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-shim6-reach-detect-00.txt

Jari Arkko wrote:

This makes sense, but I worry that the argument
"one ULP works => others should work too" may not
hold in all cases. What if one ULP is TCP:xxxx->80, which
happens to work over this crappy firewalled network that
you are using, but it doesn't let through, say, TCP:xxxx->23?
The shim could be making the wrong decision here.

And this supposedly works today without a shim?
If the routing system has two routes to a given IP address, and there are firewalls on those paths that let some port/protocols through but not others, then things will not work today.

If you believe some firewalls today are causing non-transparency problems, the workaround seems to be to encapsulate in some general connectivity protocol (http, ipsec/esp, ssh, ...) end to end.

   Erik