RE: [midcom] Re: draft-ietf-midcom-requirements-01.txt

From midcom-admin@ietf.org Mon Jul 2 08:13:17 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA06814 for ; Mon, 2 Jul 2001 08:13:17 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA09238; Mon, 2 Jul 2001 08:05:35 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA09211 for ; Mon, 2 Jul 2001 08:05:33 -0400 (EDT) Received: from znsgs0ja.europe.nortel.com (znsgs0ja.nortelnetworks.com [47.165.25.40]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA06712 for ; Mon, 2 Jul 2001 08:04:49 -0400 (EDT) Received: from qnsgs000.nortel.com (znsgs016 [47.255.64.31]) by znsgs0ja.europe.nortel.com (8.11.0/8.11.0) with ESMTP id f62C4sw29423 for ; Mon, 2 Jul 2001 13:04:54 +0100 (BST) Received: from nwcwi1a.europe.nortel.com by qnsgs000.nortel.com; Mon, 2 Jul 2001 13:04:20 +0100 Received: by nwcwi1a.europe.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jul 2001 13:04:10 +0100 Message-ID: <9154CB41F208D5118DD200508BE39C3044504E@zjguc006.europe.nortel.com> From: "Cedric Aoun" To: "'Bob Penfield'" Cc: "Midcom IETF (E-mail)" Subject: RE: [midcom] Re: draft-ietf-midcom-requirements-01.txt Date: Mon, 2 Jul 2001 13:04:08 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C102EF.1964CBC0" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C102EF.1964CBC0 Content-Type: text/plain; charset="iso-8859-1" Bob, I agree that setting dynamically certain flow's priorities might be required: -This could be done through the application's signaling and marked at the endpoint (IP telephony is one of these applications) -It could also be done at the Middle Box covering the endpoint, this is done through MIDCOM So we found an agreement on that. This will require that the Middle Box has the mapping of the Midcom Agent Service Class priorities to DSCP marking, this is required because there is no "uniform" PHBs between networks. Thanks Cedric -----Original Message----- From: Bob Penfield [mailto:bpenfield@acmepacket.com] Sent: Friday, June 29, 2001 4:52 PM To: Aoun, Cedric [QPD:0000:EXCH] Subject: Re: [midcom] Re: draft-ietf-midcom-requirements-01.txt ----- Original Message ----- From: "Cedric Aoun" To: "'Bob Penfield'" Sent: Friday, June 29, 2001 9:57 AM Subject: RE: [midcom] Re: draft-ietf-midcom-requirements-01.txt > > > > John, > > We all agree that the Middle Box is a policy enforcement point, but > > there is no need to define a PHB on per call, the main purpose of Diffserv > > is to do traffic prioritization and assign a behavior for certain type of > > traffic classified > > by the flow priority (the DSCP in our case). > > These PHBs are on the MB either by manual config or > > by propping down policies from a Policy Decision Point. > > I don't see the need to discuss that in the context of MIDCOM. > > I disagree. The idea is that a midcom agent be able to "assign" one of these > established PHBs to a flow it is enabling thru the middlebox. I don't think > anybody wants to use MIDCOM to define PHBs. We just need to be able set the > priority for a flow that would otherwise get ordinary best-efforts > treatment. > > The application server can also request the application end point > to put the appropriate DSCP setting for the packet. This is already done in > most > IP telephony products. > But the point is valid for applications that have not developed this > capability, > this is required to ensure that the flows are assigned proper > classification. > ...Cedric > In a multi-domain scenario, QOS treatment needs to be applied within each domain. An application endpoint in a different network cannot do MPLS insertion or DSCP setting for PHBs defined in my network. These need to be applied as the packets enter my network. (-:bob ------_=_NextPart_001_01C102EF.1964CBC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [midcom] Re: draft-ietf-midcom-requirements-01.txt

Bob,
I agree that setting dynamically certain flow's = priorities might be required:
-This could be done through the application's = signaling and marked at the endpoint (IP telephony is one of these = applications)

-It could also be done at the Middle Box covering the = endpoint, this is done through MIDCOM

So we found an agreement on that.
This will require that the Middle Box has the = mapping of the Midcom Agent Service Class priorities
to DSCP marking, this is required because there is = no "uniform" PHBs between networks.
Thanks

Cedric

-----Original Message-----
From: Bob Penfield [mailto:bpenfield@acmepacket.com= ]
Sent: Friday, June 29, 2001 4:52 PM
To: Aoun, Cedric [QPD:0000:EXCH]
Subject: Re: [midcom] Re: = draft-ietf-midcom-requirements-01.txt

----- Original Message -----
From: "Cedric Aoun" = <CEDRIC.AOUN@nortelnetworks.com>
To: "'Bob Penfield'" = <bpenfield@acmepacket.com>
Sent: Friday, June 29, 2001 9:57 AM
Subject: RE: [midcom] Re: = draft-ietf-midcom-requirements-01.txt

>
>
> > John,
> > We all agree that the Middle Box is a = policy enforcement point, but
> > there is no need to define a PHB on per = call, the main purpose of
Diffserv
> > is to do traffic prioritization and assign = a behavior for certain type
of
> > traffic classified
> > by the flow priority (the DSCP in our = case).
> > These PHBs are on the MB either by manual = config or
> > by propping down policies from a Policy = Decision Point.
> > I don't see the need to discuss that in = the context of MIDCOM.
>
> I disagree. The idea is that a midcom agent be = able to "assign" one of
these
> established PHBs to a flow it is enabling thru = the middlebox. I don't
think
> anybody wants to use MIDCOM to define PHBs. We = just need to be able set
the
> priority for a flow that would otherwise get = ordinary best-efforts
> treatment.
>
> <CA> The application server can also = request the application end point
> to put the appropriate DSCP setting for the = packet. This is already done
in
> most
> IP telephony products.
> But the point is valid for applications that = have not developed this
> capability,
> this is required to ensure that the flows are = assigned proper
> classification.
> ...Cedric
>
In a multi-domain scenario, QOS treatment needs to = be applied within each
domain. An application endpoint in a different = network cannot do MPLS
insertion or DSCP setting for PHBs defined in my = network. These need to be
applied as the packets enter my network.

(-:bob

------_=_NextPart_001_01C102EF.1964CBC0-- _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 08:20:10 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA06876 for ; Mon, 2 Jul 2001 08:20:10 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA09558; Mon, 2 Jul 2001 08:14:36 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA09523 for ; Mon, 2 Jul 2001 08:14:34 -0400 (EDT) Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA06826 for ; Mon, 2 Jul 2001 08:13:51 -0400 (EDT) Received: from airborne.cisco.com (airborne.cisco.com [171.71.154.32]) by sj-msg-core-1.cisco.com (8.11.3/8.9.1) with ESMTP id f62CE7h00448; Mon, 2 Jul 2001 05:14:07 -0700 (PDT) Received: from SBRIM-W2K.cisco.com (sj-dial-4-84.cisco.com [171.68.181.213]) by airborne.cisco.com (Mirapoint) with ESMTP id AFC01031; Mon, 2 Jul 2001 05:13:59 -0700 (PDT) X-Mailer: emacs 20.7.1 (via feedmail 9-beta-12 Q); VM 6.92 under Emacs 20.7.1 From: "Scott Brim" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15165.55230.390000.302983@gargle.gargle.HOWL> Date: Sat, 30 Jun 2001 09:44:30 -0400 To: Pyda Srisuresh Cc: midcom@ietf.org Subject: Re: [midcom] Out-of-Path Midcom Agents in framework-02 In-Reply-To: <20010625215719.47236.qmail@web13801.mail.yahoo.com> References: <15152.49874.182000.181304@gargle.gargle.HOWL> <20010625215719.47236.qmail@web13801.mail.yahoo.com> Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit On 25 Jun 2001 at 14:57 -0700, Pyda Srisuresh apparently wrote: > --- Scott Brim wrote: > > On 19 Jun 2001 at 13:11 -0700, Pyda Srisuresh apparently wrote: > > > 1. Paragraph 1 of section 1 - Introduction > > > > > > "Application Level gateways (ALGs) are used in conjunction with NAT > > > to provide end-to-end transparency for many of the applications." > > > > > > I think, it should be OK to leave this unchanged. > > > > OK, we're talking about application-layer transparency. As long as you > > mean that the application data and the application behavior are > > unchanged, since that would fit the strict definition. I think I agree. > > > > ALG does not guarantee that application data is not changed, even though > its intention is to keep the application behaviour unchanged. > It may in fact change the data in control payloads. So, the term > "application level transparency" above doesnt meet the dictionary > definition. > > Would the following rewording work for you? > > Application Level gateways (ALGs) are used in conjunction with NAT > to examine and optionally modify application payload so the > end-to-end application behaviour remains unchanged for many > of the applications traversing NAT middleboxes. Yes, thanks. _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 08:22:29 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA06894 for ; Mon, 2 Jul 2001 08:22:25 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA09658; Mon, 2 Jul 2001 08:18:31 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA09625 for ; Mon, 2 Jul 2001 08:18:29 -0400 (EDT) Received: from znsgs0ja.europe.nortel.com (znsgs0ja.nortelnetworks.com [47.165.25.40]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA06858 for ; Mon, 2 Jul 2001 08:17:45 -0400 (EDT) Received: from qnsgs000.nortel.com (znsgs016 [47.255.64.31]) by znsgs0ja.europe.nortel.com (8.11.0/8.11.0) with ESMTP id f62CHvw02184 for ; Mon, 2 Jul 2001 13:17:57 +0100 (BST) Received: from nwcwi1a.europe.nortel.com by qnsgs000.nortel.com; Mon, 2 Jul 2001 13:17:39 +0100 Received: by nwcwi1a.europe.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jul 2001 13:17:25 +0100 Message-ID: <9154CB41F208D5118DD200508BE39C3044504F@zjguc006.europe.nortel.com> From: "Cedric Aoun" To: "'John LaCour'" , "'Christian Huitema'" , "'midcom@ietf.org'" Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Mon, 2 Jul 2001 13:17:16 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C102F0.EF00FAF0" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C102F0.EF00FAF0 Content-Type: text/plain; charset="iso-8859-1" Part of the WG effort is to ensure extensibility of the MIDCOM protocol to interact with Middle Box's functions that are not only Packet filtering and NAT. QoS gating functions will be required too, especially on access links. Therefore we should not shut the door on having a descriptor for dynamic prioritization of certain flows (especially for applications that can't do this dynamic preordination), and bandwidth reservation requests descriptors(Peak packet rate, sustained rate, ...) Cedric ---------- I agree about charter creep, but lets not paint ourselves into a corner that excludes it for future consideration. > -- Christian Huitema -John _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom ------_=_NextPart_001_01C102F0.EF00FAF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [midcom] Re: I-D = ACTION:draft-ietf-midcom-framework-02.txt

Part of the WG effort is to ensure extensibility of = the MIDCOM protocol
to interact with Middle Box's functions that are not = only Packet filtering and
NAT. QoS gating functions will be required too, = especially on access links.
Therefore we should not shut the door on having a = descriptor for dynamic prioritization
of certain flows (especially for applications that = can't do this dynamic preordination), and
bandwidth reservation requests descriptors(Peak = packet rate, sustained rate, ...)
Cedric

----------
I agree about charter creep, but lets not paint = ourselves into a
corner that excludes it for future = consideration.

> -- Christian Huitema

-John

_______________________________________________
midcom mailing list
midcom@ietf.org
http://www.ietf.org/mailman/listinfo/midcom=

------_=_NextPart_001_01C102F0.EF00FAF0-- _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 08:37:55 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA07048 for ; Mon, 2 Jul 2001 08:37:51 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA10025; Mon, 2 Jul 2001 08:32:50 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA10000 for ; Mon, 2 Jul 2001 08:32:48 -0400 (EDT) Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA06975 for ; Mon, 2 Jul 2001 08:32:04 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-1.cisco.com (8.11.3/8.9.1) with ESMTP id f62CWGh07709; Mon, 2 Jul 2001 05:32:16 -0700 (PDT) Received: from spandex (rtp-vpn-199.cisco.com [10.82.192.199]) by mira-sjc5-4.cisco.com (Mirapoint) with SMTP id AMH01055; Mon, 2 Jul 2001 05:31:54 -0700 (PDT) Message-ID: <01a001c102f3$1f7d5320$d45904d1@cisco.com> From: "Melinda Shore" To: "Cedric Aoun" , "'John LaCour'" , "'Christian Huitema'" , References: <9154CB41F208D5118DD200508BE39C3044504F@zjguc006.europe.nortel.com> Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Mon, 2 Jul 2001 08:32:55 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit > From: "Cedric Aoun" > To: "'John LaCour'" ; "'Christian Huitema'" ; > Sent: Monday, July 02, 2001 8:17 AM > Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt > Therefore we should not shut the door on having a descriptor for dynamic > prioritization of certain flows (especially for applications that can't > do this dynamic preordination), and bandwidth reservation requests > descriptors(Peak packet rate, sustained rate, ...) I think it would be helpful if people advocating doing something about QoS signaling would be specific about what they'd like to see in the documents. While we do need to keep extensibility and broader applicability in mind, QoS is definitely out of scope for the working group and what we can put in the documents is limited by that. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 10:51:48 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA06723 for ; Mon, 2 Jul 2001 10:51:48 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA14820; Mon, 2 Jul 2001 10:46:49 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA14789 for ; Mon, 2 Jul 2001 10:46:47 -0400 (EDT) Received: from mail-gw1.hursley.ibm.com (mail-gw1.hursley.ibm.com [194.196.110.15]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA02406 for ; Mon, 2 Jul 2001 10:46:00 -0400 (EDT) Received: from sp15en17.hursley.ibm.com (sp15at17.hursley.ibm.com [9.20.45.103]) by mail-gw1.hursley.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id PAA18362; Mon, 2 Jul 2001 15:46:09 +0100 Received: from hursley.ibm.com (gsine01.us.sine.ibm.com [9.14.6.41]) by sp15en17.hursley.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id PAA27036; Mon, 2 Jul 2001 15:46:07 +0100 Message-ID: <3B40891C.B0AB78EC@hursley.ibm.com> Date: Mon, 02 Jul 2001 09:45:48 -0500 From: Brian E Carpenter Organization: IBM X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: Randy Turner CC: "'Bob Penfield '" , "'Mark Duffy '" , "'midcom@ietf.org '" Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt References: <91CDB24C5FCDD31198A2009027E79021011BDB6F@exchange.2wire.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit Randy Turner wrote: > > > DiffServ *can* be end-to-end if endpoints and intermediaries follow the > guidelines for the standard set of codepoints, as the relate to EF or AF > forwarding. But we cannot rely on it. It requires all ISPs on the path to have interlocking SLAs and that is not a safe assumption. Brian > > Randy > > -----Original Message----- > From: Bob Penfield > To: Brian E Carpenter; Mark Duffy > Cc: midcom@ietf.org > Sent: 6/29/01 2:42 PM > Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt > > ----- Original Message ----- > From: "Brian E Carpenter" > To: "Mark Duffy" > Cc: "Bob Penfield" ; > Sent: Friday, June 29, 2001 5:16 PM > Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt > > > Mark Duffy wrote: > > > > > > >Diffserv doesn't have per-flow classifiers, so there is nothing a > SIP > > > >proxy can say for a single new flow. The policy system has to > define a > > > >classifier for each *type* of traffic, not for individual flows. > This > is > > > >done globally per diffserv domain and is relatively static. > > > > > > > >The classifier will be given the appropriate classifier > specifications > > > >by the diffserv policy system. These are n-tuple specifications > just > > > >like any other. If you grok MIB they look like: > > > > > > > >DiffServSixTupleClfrEntry ::= SEQUENCE { > > > > diffServSixTupleClfrId INTEGER, > > > > diffServSixTupleClfrDstAddrType InetAddressType, > > > > diffServSixTupleClfrDstAddr InetAddress, > > > > diffServSixTupleClfrDstPrefixLength InetAddressPrefixLength, > > > > diffServSixTupleClfrSrcAddrType InetAddressType, > > > > diffServSixTupleClfrSrcAddr InetAddress, > > > > diffServSixTupleClfrSrcPrefixLength InetAddressPrefixLength, > > > > diffServSixTupleClfrDscp DscpOrAny, > > > > diffServSixTupleClfrProtocol Unsigned32, > > > > diffServSixTupleClfrDstL4PortMin InetPortNumber, > > > > diffServSixTupleClfrDstL4PortMax InetPortNumber, > > > > diffServSixTupleClfrSrcL4PortMin InetPortNumber, > > > > diffServSixTupleClfrSrcL4PortMax InetPortNumber, > > > > diffServSixTupleClfrStatus RowStatus > > > >} > > > > > > Yes, but since the flows of type 'SIP' come on dynamic ports, you > can't > > > readily match them using a classifier like that. > > > > There's nothing to prevent you defining a classifier that uses > > some other n-tuple that does identify media traffic. > > > > > However, a middlebox aka > > > diffserv-domain-edge-traffic-conditioning-box that is aware of which > flows > > > are SIP could apply a *static* policy that says mark SIP packets (or > > > perhaps, SIP packets to/from certain addresses) with a certain DSCP. > And > > > in the spirit of midcom, one would want the midcom agent to tell the > > > middlebox about this flow (perhaps not what DSCP to use, but that it > is > SIP). > > > > It would all be much simpler if the source of the media stream marked > its > > own packets; then neither the proxy nor the middlebox need to worry > about > it. > > That is in fact the simplest realisation of diffserv. > > But diffserv is not end-to-end, right? If the flow is traversing several > Autonomous Systems, won't each AS apply different QOS measures? The > combination of a SIP proxy and a middlebox can constitute an ALG which > is > often implemented as what SIP calls a back-to-back user agent which > terminates and re-generates the flow. In this case, the middlebox > becomes > the source of the media flow within the local AS. > > > > > All this goes to show that it's a complex topic, beyond what I thought > midcom > > was intended for. > > > > Brian > > > > _______________________________________________ > midcom mailing list > midcom@ietf.org > http://www.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 10:52:03 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA06906 for ; Mon, 2 Jul 2001 10:52:03 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA14739; Mon, 2 Jul 2001 10:45:01 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA14715 for ; Mon, 2 Jul 2001 10:45:00 -0400 (EDT) Received: from mail-gw1.hursley.ibm.com (mail-gw1.hursley.ibm.com [194.196.110.15]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA01424 for ; Mon, 2 Jul 2001 10:44:16 -0400 (EDT) Received: from sp15en17.hursley.ibm.com (sp15at17.hursley.ibm.com [9.20.45.103]) by mail-gw1.hursley.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id PAA13232; Mon, 2 Jul 2001 15:44:20 +0100 Received: from hursley.ibm.com (gsine01.us.sine.ibm.com [9.14.6.41]) by sp15en17.hursley.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id PAA78254; Mon, 2 Jul 2001 15:44:19 +0100 Message-ID: <3B4088B2.481DDEEA@hursley.ibm.com> Date: Mon, 02 Jul 2001 09:44:03 -0500 From: Brian E Carpenter Organization: IBM X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: Cedric Aoun CC: "'Bob Penfield'" , "Midcom IETF (E-mail)" Subject: Re: [midcom] Re: draft-ietf-midcom-requirements-01.txt References: <9154CB41F208D5118DD200508BE39C3044504E@zjguc006.europe.nortel.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit > Cedric Aoun wrote: > > Bob, > I agree that setting dynamically certain flow's priorities might be required: > -This could be done through the application's signaling and marked at the endpoint (IP telephony is one of these applications) > > -It could also be done at the Middle Box covering the endpoint, this is done through MIDCOM > > So we found an agreement on that. > This will require that the Middle Box has the mapping of the Midcom Agent Service Class priorities > to DSCP marking, this is required because there is no "uniform" PHBs between networks. DSCPs are not priorities. I think the true statement is that it is entirely appropriate for a middlebox to *also* act as a diffserv node, getting its diffserv configuration from ... somewhere, not necessarily the midcom agent. I still object to QOS being shown as a fundamental part of the midcom model, although I agree that we should not close the door in the design. Brian > Thanks > > Cedric > > -----Original Message----- > From: Bob Penfield [mailto:bpenfield@acmepacket.com] > Sent: Friday, June 29, 2001 4:52 PM > To: Aoun, Cedric [QPD:0000:EXCH] > Subject: Re: [midcom] Re: draft-ietf-midcom-requirements-01.txt > > ----- Original Message ----- > From: "Cedric Aoun" > To: "'Bob Penfield'" > Sent: Friday, June 29, 2001 9:57 AM > Subject: RE: [midcom] Re: draft-ietf-midcom-requirements-01.txt > > > > > > > > John, > > > We all agree that the Middle Box is a policy enforcement point, but > > > there is no need to define a PHB on per call, the main purpose of > Diffserv > > > is to do traffic prioritization and assign a behavior for certain type > of > > > traffic classified > > > by the flow priority (the DSCP in our case). > > > These PHBs are on the MB either by manual config or > > > by propping down policies from a Policy Decision Point. > > > I don't see the need to discuss that in the context of MIDCOM. > > > > I disagree. The idea is that a midcom agent be able to "assign" one of > these > > established PHBs to a flow it is enabling thru the middlebox. I don't > think > > anybody wants to use MIDCOM to define PHBs. We just need to be able set > the > > priority for a flow that would otherwise get ordinary best-efforts > > treatment. > > > > The application server can also request the application end point > > to put the appropriate DSCP setting for the packet. This is already done > in > > most > > IP telephony products. > > But the point is valid for applications that have not developed this > > capability, > > this is required to ensure that the flows are assigned proper > > classification. > > ...Cedric > > > In a multi-domain scenario, QOS treatment needs to be applied within each > domain. An application endpoint in a different network cannot do MPLS > insertion or DSCP setting for PHBs defined in my network. These need to be > applied as the packets enter my network. > > (-:bob _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 11:14:38 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA24708 for ; Mon, 2 Jul 2001 11:14:37 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA15453; Mon, 2 Jul 2001 11:04:41 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA15422 for ; Mon, 2 Jul 2001 11:04:39 -0400 (EDT) Received: from zrc2s03g.us.nortel.com ([47.103.122.66]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA16174 for ; Mon, 2 Jul 2001 11:03:50 -0400 (EDT) Received: from smtprch1.nortel.com (erchg0j.us.nortel.com [47.113.64.103]) by zrc2s03g.us.nortel.com (8.9.3+Sun/8.9.1) with ESMTP id KAA21279 for ; Mon, 2 Jul 2001 10:05:42 -0500 (CDT) Received: from zrchb200.us.nortel.com by smtprch1.nortel.com; Mon, 2 Jul 2001 10:03:09 -0500 Received: by zrchb200.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jul 2001 10:03:03 -0500 Message-ID: <85AA7486A2C1D411BCA20000F8073E43016BC001@crchy271.us.nortel.com> From: "Sanjoy Sen" To: "'Bob Penfield'" , Brian E Carpenter , midcom Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Mon, 2 Jul 2001 10:02:59 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C10308.1555A2C0" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C10308.1555A2C0 Content-Type: text/plain; charset="iso-8859-1" > -----Original Message----- > From: Bob Penfield [mailto:bpenfield@acmepacket.com] > Sent: Friday, June 29, 2001 6:37 AM > To: Brian E Carpenter; midcom > Subject: Re: [midcom] Re: I-D > ACTION:draft-ietf-midcom-framework-02.txt > > > Being able to set the DS code point is definitely something that > applications are going to want to do. For example, a SIP > proxy acting as a > midcom agent talking to a middlebox at the border between > networks will need > to instruct the middlebox to set the DSCP in the RTP packets > that will flow > thru the middlebox. The RTP packets will not flow thru the > SIP proxy/midcom > agent. The middlebox is the only place the application will be able to > affect QoS for the data flows. > Or, the SIP Proxy (MA) may be able to engage a PDP to set the DS filters in the Middlebox. Does this mean that we may also need to define, in future, an interface between the MA and the PDP? Sanjoy ------_=_NextPart_001_01C10308.1555A2C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [midcom] Re: I-D = ACTION:draft-ietf-midcom-framework-02.txt

> -----Original Message-----
> From: Bob Penfield [mailto:bpenfield@acmepacket.com= ]
> Sent: Friday, June 29, 2001 6:37 AM
> To: Brian E Carpenter; midcom
> Subject: Re: [midcom] Re: I-D
> = ACTION:draft-ietf-midcom-framework-02.txt
>
>
> Being able to set the DS code point is = definitely something that
> applications are going to want to do. For = example, a SIP
> proxy acting as a
> midcom agent talking to a middlebox at the = border between
> networks will need
> to instruct the middlebox to set the DSCP in = the RTP packets
> that will flow
> thru the middlebox. The RTP packets will not = flow thru the
> SIP proxy/midcom
> agent. The middlebox is the only place the = application will be able to
> affect QoS for the data flows.
>

Or, the SIP Proxy (MA) may be able to engage a PDP to = set the DS filters in the Middlebox. Does this mean that we may also = need to define, in future, an interface between the MA and the = PDP?

Sanjoy

------_=_NextPart_001_01C10308.1555A2C0-- _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 13:40:57 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA00534 for ; Mon, 2 Jul 2001 13:40:57 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA20728; Mon, 2 Jul 2001 13:29:01 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA20696 for ; Mon, 2 Jul 2001 13:28:57 -0400 (EDT) Received: from mail-gw1.hursley.ibm.com (mail-gw1.hursley.ibm.com [194.196.110.15]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA22520 for ; Mon, 2 Jul 2001 13:28:12 -0400 (EDT) Received: from sp15en17.hursley.ibm.com (sp15at17.hursley.ibm.com [9.20.45.103]) by mail-gw1.hursley.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id SAA23544; Mon, 2 Jul 2001 18:28:22 +0100 Received: from hursley.ibm.com (gsine01.us.sine.ibm.com [9.14.6.41]) by sp15en17.hursley.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id SAA35236; Mon, 2 Jul 2001 18:28:19 +0100 Message-ID: <3B40AE2C.1FD6CAE8@hursley.ibm.com> Date: Mon, 02 Jul 2001 12:23:56 -0500 From: Brian E Carpenter Organization: IBM X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: Sanjoy Sen CC: "'Bob Penfield'" , midcom Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt References: <85AA7486A2C1D411BCA20000F8073E43016BC001@crchy271.us.nortel.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit > Sanjoy Sen wrote: > > > -----Original Message----- > > From: Bob Penfield [mailto:bpenfield@acmepacket.com] > > Sent: Friday, June 29, 2001 6:37 AM > > To: Brian E Carpenter; midcom > > Subject: Re: [midcom] Re: I-D > > ACTION:draft-ietf-midcom-framework-02.txt > > > > > > Being able to set the DS code point is definitely something that > > applications are going to want to do. For example, a SIP > > proxy acting as a > > midcom agent talking to a middlebox at the border between > > networks will need > > to instruct the middlebox to set the DSCP in the RTP packets > > that will flow > > thru the middlebox. The RTP packets will not flow thru the > > SIP proxy/midcom > > agent. The middlebox is the only place the application will be able to > > affect QoS for the data flows. > > > > Or, the SIP Proxy (MA) may be able to engage a PDP to set the DS filters in the Middlebox. Does this mean that we may also > need to define, in future, an interface between the MA and the PDP? We won't be changing QOS policy on a per-call basis, so I don't see why that would be needed. Brian _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 17:35:10 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA00125 for ; Mon, 2 Jul 2001 17:35:09 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA29453; Mon, 2 Jul 2001 17:22:46 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA29422 for ; Mon, 2 Jul 2001 17:22:44 -0400 (EDT) Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA21871 for ; Mon, 2 Jul 2001 17:22:00 -0400 (EDT) Received: from isis.visi.com (isis.visi.com [209.98.98.8]) by corb.mc.mpls.visi.com (Postfix) with ESMTP id 6744F8133 for ; Mon, 2 Jul 2001 16:21:22 -0500 (CDT) Received: from localhost (amolitor@localhost) by isis.visi.com (8.8.8/8.8.8) with ESMTP id QAA23743 for ; Mon, 2 Jul 2001 16:21:22 -0500 (CDT) X-Authentication-Warning: isis.visi.com: amolitor owned process doing -bs Date: Mon, 2 Jul 2001 16:21:21 -0500 (CDT) From: Andrew Molitor To: midcom@ietf.org Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt In-Reply-To: <3B40AE2C.1FD6CAE8@hursley.ibm.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org On Mon, 2 Jul 2001, Brian E Carpenter wrote: > We won't be changing QOS policy on a per-call basis, so I don't see > why that would be needed. I'm not entirely sure what this means, but I do have a comment. It is certainly desireable to be able to set things QoS and bandwidth parameters on a call by call (actually on a media-stream-by-media-stream) basis. Obviously things like video have different bandwidth requirements, and may have different QoS requirements than, say, an audio stream. It is not at all clear to me that it's useful to: - change QoS/bandwidth parameters on a given stream after it's set up. - support fine grained control (probably sufficient to allow a handful of "grades" of service with guidelines, and map a requested service grade into whatever works underneath. E.G an Agent could ask for 'DATA', 'PHONE', 'CD', or 'VIDEO' or something. Also, something the IP Telephony chaps will soon want to offer is 'premium' audio service as well as perhaps 'cheaper' audio service. Not that I have heard anyone talking about it, but it seems a no-brainer (and relatively simple) to build equipment capable of delivering phone/FM/CD quality audio. Then a service provider can turn the ability to deliver various audio grades into a differentiators and revenue streams. It is clearly desirable to allow something like a SIP Proxy server to actively provision network elements with QoS/bandwidth parameters. My personal opinion is that MIDCOM is the right place to do this -- but I am also happy to concur that MIDCOM should table that issue in favor of, say, getting something done now. Andrew _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 17:39:38 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA03071 for ; Mon, 2 Jul 2001 17:39:37 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA29928; Mon, 2 Jul 2001 17:32:31 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA29899 for ; Mon, 2 Jul 2001 17:32:29 -0400 (EDT) Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [192.161.36.5]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA28050 for ; Mon, 2 Jul 2001 17:31:45 -0400 (EDT) Received: from blv-av-02.boeing.com ([192.54.3.92]) by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id OAA24308 for ; Mon, 2 Jul 2001 14:30:28 -0700 (PDT) Received: from blv-hub-01.boeing.com (localhost [127.0.0.1]) by blv-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-01) with ESMTP id OAA06628 for ; Mon, 2 Jul 2001 14:31:22 -0700 (PDT) Received: from xch-pssbh-03.nw.nos.boeing.com by blv-hub-01.boeing.com with ESMTP; Mon, 2 Jul 2001 14:31:10 -0700 Received: by xch-pssbh-03.nw.nos.boeing.com with Internet Mail Service (5.5.2650.21) id <3B4CVBZR>; Mon, 2 Jul 2001 14:31:10 -0700 Message-Id: <8006AC6A777F3F4F8B2A6383C19C5B7A01F12E09@XCH-NW-01.nw.nos.boeing.com> From: "Fleischman, Eric W" To: "'Andrew Molitor'" , midcom@ietf.org Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Mon, 2 Jul 2001 14:31:09 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org >From: Andrew Molitor [mailto:amolitor@visi.com] >I'm not entirely sure what this means, but I do have a comment. >It is certainly desireable to be able to set things QoS and bandwidth >parameters on a call by call (actually on a media-stream-by-media-stream) >basis. Obviously things like video have different bandwidth requirements, >and may have different QoS requirements than, say, an audio stream. It is >not at all clear to me that it's useful to: When our peers wrote that QoS is outside of Midcom's scope, they weren't meaning that Midcom Agents -- or any other appropriate device -- can't do QoS. They were intending, rather, that there is NOTHING SPECIAL QoS-wise about Midcom -- that Midcom has no special QoS requirements nor any special "binding" to QoS that needs to be documented in our specs -- and that QoS issues are therefore out of our scope. When you make your implementation, therefore, you can do anything appropriate regarding QoS. However, you are doing this for standard QoS-related reasons, not because of the midcom protocol. _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 17:58:38 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA15004 for ; Mon, 2 Jul 2001 17:58:38 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA00442; Mon, 2 Jul 2001 17:54:43 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA00411 for ; Mon, 2 Jul 2001 17:54:41 -0400 (EDT) Received: from mail5.microsoft.com (mail5.microsoft.com [131.107.3.121]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA12062 for ; Mon, 2 Jul 2001 17:53:56 -0400 (EDT) Received: from 157.54.9.108 by mail5.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 02 Jul 2001 14:47:04 -0700 (Pacific Daylight Time) Received: from red-imc-01.redmond.corp.microsoft.com ([157.54.9.102]) by inet-imc-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 2 Jul 2001 14:46:52 -0700 Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 2 Jul 2001 14:47:03 -0700 Received: from win-msg-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.134]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 2 Jul 2001 14:46:18 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Mon, 2 Jul 2001 14:46:19 -0700 Message-ID: Thread-Topic: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt thread-index: AcEDPZ9oWgx4Nx8tR0Wdj4bSqOGZSQAAiGnQ From: "Christian Huitema" To: "Andrew Molitor" , X-OriginalArrivalTime: 02 Jul 2001 21:46:18.0135 (UTC) FILETIME=[6CCE8A70:01C10340] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by optimus.ietf.org id RAA00412 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 8bit > -----Original Message----- > From: Andrew Molitor [mailto:amolitor@visi.com] > Sent: Monday, July 02, 2001 2:21 PM > To: midcom@ietf.org > Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt > > > > On Mon, 2 Jul 2001, Brian E Carpenter wrote: > > > We won't be changing QOS policy on a per-call basis, so I don't see > > why that would be needed. > > I'm not entirely sure what this means, but I do have a comment. > It is certainly desireable to be able to set things QoS and bandwidth > parameters on a call by call (actually on a media-stream-by-media-stream) > basis. That may or may not be desirable, but that is not in scope. There are other working groups that are dealing with the issue of QoS signaling; MIDCOM is not licensed to invent an alternative to Intserv or Diffserv. An obvious reason for QoS signaling being out of scope is that it affects many more boxes than just firewalls and NATs. Indeed, some could argue that anything in the network is a middle box, but that is pushing a bit. For better or worse, the group was chartered for dealing with firewalls and NATs, not to re-engineer routing. The group's membership reflects its initial focus; extending the scope at this late hour is a bad idea. -- Christian Huitema _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 18:04:37 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA18859 for ; Mon, 2 Jul 2001 18:04:36 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA00826; Mon, 2 Jul 2001 18:01:07 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA00799 for ; Mon, 2 Jul 2001 18:01:05 -0400 (EDT) Received: from thalia.fm.intel.com (fmfdns02.fm.intel.com [132.233.247.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA16080 for ; Mon, 2 Jul 2001 18:00:20 -0400 (EDT) Received: from SMTP (fmsmsxvs02-1.fm.intel.com [132.233.42.202]) by thalia.fm.intel.com (8.9.1a+p1/8.9.1/d: relay.m4,v 1.40 2001/06/06 21:14:49 root Exp $) with SMTP id VAA13836; Mon, 2 Jul 2001 21:58:23 GMT Received: from fmsmsx29.FM.INTEL.COM ([132.233.48.29]) by 132.233.48.202 (Norton AntiVirus for Internet Email Gateways 1.0) ; Mon, 02 Jul 2001 21:58:23 0000 (GMT) Received: by fmsmsx29.fm.intel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jul 2001 14:58:21 -0700 Message-ID: From: "Maciocco, Christian" To: midcom@ietf.org Cc: "'ietf-openproxy@imc.org'" Date: Mon, 2 Jul 2001 14:58:19 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Subject: [midcom] Proxies / ALG in Midcom framework document Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org While the Midcom framework scope is defined to be NAT & Firewall in the Introduction chapter I think that describing Proxies and especially ALG later in the doc is confusing about this WG charter. There have been a lot of "proposed extension" lately, e.g. QoS support, OOP w/ packets diversion, etc. We should make sure to focus the document to transport level issues only. The concern I have if we describe ALG in this doc at this point is that as we use SIP/RTP-RTCP/RTSP as example to describe the NAT & FW requirements, having the ALG in the doc makes me think that I'm not too far from being authorized by the Midcom framework to "process" these bitstreams content. If the OPES WG is chartered, a framework enabling content processing would be one aspect of this WG work. Considering the OPES box as a "Content level middlebox" it will be interesting to see how it does cooperate w/ the MIDCOM box. Thanks Christian > -----Original Message----- > From: Scott Brim [mailto:sbrim@cisco.com] > Sent: Saturday, June 30, 2001 6:45 AM > To: Pyda Srisuresh > Cc: midcom@ietf.org > Subject: Re: [midcom] Out-of-Path Midcom Agents in framework-02 > > > On 25 Jun 2001 at 14:57 -0700, Pyda Srisuresh apparently wrote: > > --- Scott Brim wrote: > > > On 19 Jun 2001 at 13:11 -0700, Pyda Srisuresh apparently wrote: > > > > 1. Paragraph 1 of section 1 - Introduction > > > > > > > > "Application Level gateways (ALGs) are used in > conjunction with NAT > > > > to provide end-to-end transparency for many of the > applications." > > > > > > > > I think, it should be OK to leave this unchanged. > > > > > > OK, we're talking about application-layer transparency. > As long as you > > > mean that the application data and the application behavior are > > > unchanged, since that would fit the strict definition. I > think I agree. > > > > > > > ALG does not guarantee that application data is not > changed, even though > > its intention is to keep the application behaviour unchanged. > > It may in fact change the data in control payloads. So, the term > > "application level transparency" above doesnt meet the dictionary > > definition. > > > > Would the following rewording work for you? > > > > Application Level gateways (ALGs) are used in > conjunction with NAT > > to examine and optionally modify application payload so the > > end-to-end application behaviour remains unchanged for many > > of the applications traversing NAT middleboxes. > > Yes, thanks. > > > _______________________________________________ > midcom mailing list > midcom@ietf.org > http://www.ietf.org/mailman/listinfo/midcom > _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 18:05:18 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA19333 for ; Mon, 2 Jul 2001 18:05:18 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA00868; Mon, 2 Jul 2001 18:01:37 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA00842 for ; Mon, 2 Jul 2001 18:01:35 -0400 (EDT) Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA16421 for ; Mon, 2 Jul 2001 18:00:50 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-4.cisco.com (8.11.3/8.9.1) with ESMTP id f62LxYr28928; Mon, 2 Jul 2001 14:59:34 -0700 (PDT) Received: from spandex (rtp-vpn-211.cisco.com [10.82.192.211]) by mira-sjc5-4.cisco.com (Mirapoint) with SMTP id AMK04300; Mon, 2 Jul 2001 14:59:20 -0700 (PDT) Message-ID: <004201c10342$64537340$d45904d1@cisco.com> From: "Melinda Shore" To: "Christian Huitema" , "Andrew Molitor" , References: Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Mon, 2 Jul 2001 18:00:19 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit > From: "Christian Huitema" > To: "Andrew Molitor" ; > Sent: Monday, July 02, 2001 5:46 PM > Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt > The group's membership > reflects its initial focus; extending the scope at this late hour is a > bad idea. More precisely, extending the scope at this late hour is not possible, period. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 18:12:10 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA23611 for ; Mon, 2 Jul 2001 18:12:09 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA01040; Mon, 2 Jul 2001 18:08:36 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA01010 for ; Mon, 2 Jul 2001 18:08:33 -0400 (EDT) Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA20934 for ; Mon, 2 Jul 2001 18:07:49 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-4.cisco.com (8.11.3/8.9.1) with ESMTP id f62M89r05263 for ; Mon, 2 Jul 2001 15:08:09 -0700 (PDT) Received: from spandex (rtp-vpn-211.cisco.com [10.82.192.211]) by mira-sjc5-4.cisco.com (Mirapoint) with SMTP id AMK04679; Mon, 2 Jul 2001 15:07:29 -0700 (PDT) Message-ID: <005001c10343$87fd4860$d45904d1@cisco.com> From: "Melinda Shore" To: Date: Mon, 2 Jul 2001 18:08:31 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Content-Transfer-Encoding: 7bit Subject: [midcom] Showstoppers, August meeting agenda Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit August is nearly at our throats and I hope that we're coming into the home stretch on both documents. I think we need to identify showstoppers now rather than waiting for them to appear as we try to go to last call. From my perspective something that's absolutely, unequivocally a showstopper is anything in the documents that's out-of- scope. I've requested a 2.5-hour slot at the August meeting (and I know that people travelling from the west coast of the US will *really* appreciate a morning meeting). Right now I'm planning on using that time to thrash through outstanding issues for last call on both documents, but the more we can get done prior to the meeting the more time we can spend in London talking about futures. If you have other material you feel we should discuss during the meeting, please let me know. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 18:23:37 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA01094 for ; Mon, 2 Jul 2001 18:23:37 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA01323; Mon, 2 Jul 2001 18:20:10 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA01291 for ; Mon, 2 Jul 2001 18:20:08 -0400 (EDT) Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA28336 for ; Mon, 2 Jul 2001 18:19:24 -0400 (EDT) Received: from isis.visi.com (isis.visi.com [209.98.98.8]) by corb.mc.mpls.visi.com (Postfix) with ESMTP id D2AE88159 for ; Mon, 2 Jul 2001 17:20:07 -0500 (CDT) Received: from localhost (amolitor@localhost) by isis.visi.com (8.8.8/8.8.8) with ESMTP id RAA27189 for ; Mon, 2 Jul 2001 17:20:07 -0500 (CDT) X-Authentication-Warning: isis.visi.com: amolitor owned process doing -bs Date: Mon, 2 Jul 2001 17:20:07 -0500 (CDT) From: Andrew Molitor To: midcom@ietf.org Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org At risk of being boring and repetitive, let me quote myself: On Mon, 2 Jul 2001, Andrew Molitor wrote: > My personal opinion is that MIDCOM is the right place > to do this -- but I am also happy to concur that MIDCOM should table > that issue in favor of, say, getting something done now. Did this part get clipped off of the copy everyone else saw, or is it simply not clear that this means: 'I know QoS is out of scope and I agree that it doesn't go in the documents' That's what it does mean, for the record. Andrew _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 2 18:59:32 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA24224 for ; Mon, 2 Jul 2001 18:59:32 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA02225; Mon, 2 Jul 2001 18:55:48 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA02200 for ; Mon, 2 Jul 2001 18:55:46 -0400 (EDT) Received: from mail.netscreen.com (mail.netscreen.com [63.126.135.15]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA21340 for ; Mon, 2 Jul 2001 18:55:04 -0400 (EDT) Received: from ns-ca.netscreen.com (ns-ca.netscreen.com [10.100.10.21]) by mail.netscreen.com (8.10.0/8.10.0) with ESMTP id f62MLOi17108; Mon, 2 Jul 2001 15:21:24 -0700 Received: by NS-CA with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jul 2001 15:52:03 -0700 Message-ID: From: John LaCour To: "'Maciocco, Christian'" , midcom@ietf.org Cc: "'ietf-openproxy@imc.org'" Subject: RE: [midcom] Proxies / ALG in Midcom framework document Date: Mon, 2 Jul 2001 15:57:52 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > From: Maciocco, Christian [mailto:christian.maciocco@intel.com] > > While the Midcom framework scope is defined to be NAT & > Firewall in the > Introduction chapter I think that describing Proxies and > especially ALG > later in the doc is confusing about this WG charter. There > have been a lot > of "proposed extension" lately, e.g. QoS support, OOP w/ > packets diversion, > etc. We should make sure to focus the document to transport > level issues > only. Its not clear to me whether or not the MIDCOM group is chartered to be concerned ONLY about middleboxes which affect or care about layers 3 and 4. It is clear to me that MIDCOM appears to have chosen to focus on packet filters and NAT initially. Will we extend the scope of the wg to additional layer 3 and 4 middlebox functions or other functions in other layers as well? I have a middlebox that enforces policies based on layers 2 through 7. I'd like to minimize the number of MIDCOM-like protocols I have to deal with without losing the ability for trusted application agents to tell me how to help them manage/mangle/manipulate data at the relevant layer. -John LaCour _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Tue Jul 3 08:42:34 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA00939 for ; Tue, 3 Jul 2001 08:42:33 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA04926; Tue, 3 Jul 2001 08:31:17 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA04897 for ; Tue, 3 Jul 2001 08:31:14 -0400 (EDT) Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.24.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA23798 for ; Tue, 3 Jul 2001 08:30:29 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-2.cisco.com (8.11.3/8.9.1) with ESMTP id f63CUix05990; Tue, 3 Jul 2001 05:30:44 -0700 (PDT) Received: from spandex (rtp-vpn-189.cisco.com [10.82.192.189]) by mira-sjc5-4.cisco.com (Mirapoint) with SMTP id AML05547; Tue, 3 Jul 2001 05:30:34 -0700 (PDT) Message-ID: <027901c103bc$1ab09680$d45904d1@cisco.com> From: "Melinda Shore" To: "John LaCour" , Cc: References: Subject: Re: [midcom] Proxies / ALG in Midcom framework document Date: Tue, 3 Jul 2001 08:31:36 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit > From: "John LaCour" > To: "'Maciocco, Christian'" ; > Cc: > Sent: Monday, July 02, 2001 6:57 PM > Subject: RE: [midcom] Proxies / ALG in Midcom framework document > Its not clear to me whether or not the MIDCOM group is chartered > to be concerned ONLY about middleboxes which affect or care > about layers 3 and 4. We are. We're trying to solve a pressing problem with firewall and NAT traversal. We're trying to do it in a manner that may generalize well to other middlebox-type problems, but we do have a very specific piece of work in front of us at this time. The question of our relationship with groups doing application-layer middlebox interfaces remains open, in no small part because this work is so new. I believe that there are plans to discuss what midcom is doing and how it relates to OPES at the OPES session during the August meeting. We can discuss it on the mailing list prior to that, obviously. As we start to think about rechartering and as charter/scope issues continue to crop up on the mailing list it might be worth considering 1) what a next rev. of a midcom working group might look like, and 2) how people interested in using midcom for something else (QoS, packet diversion) might proceed. My *personal* opinion and my personal preference is that if we are rechartered it will be specifically to do protocol development for an interface to firewalls and NATs. We are not here to solve every problem related to middleboxes in the network. However, if we do a good job and the framework is correct and useful, it may be that other work is proposed to the IETF based on our framework, and that work will have to go through the chartering and review process on its own. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Tue Jul 3 08:47:52 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA04352 for ; Tue, 3 Jul 2001 08:47:51 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA05262; Tue, 3 Jul 2001 08:41:17 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA05228 for ; Tue, 3 Jul 2001 08:41:15 -0400 (EDT) Received: from marvin.axion.bt.co.uk (marvin.axion.bt.co.uk [132.146.16.82]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA29502 for ; Tue, 3 Jul 2001 08:40:28 -0400 (EDT) From: richard.swale@bt.com Received: from cbtlipnt02.btlabs.bt.co.uk by marvin (local) with ESMTP; Tue, 3 Jul 2001 13:39:39 +0100 Received: by cbtlipnt02.btlabs.bt.co.uk with Internet Mail Service (5.5.2652.35) id ; Tue, 3 Jul 2001 13:39:16 +0100 Message-ID: To: brian@hursley.ibm.com, sanjoy@nortelnetworks.com Cc: bpenfield@acmepacket.com, midcom@ietf.org Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Tue, 3 Jul 2001 13:31:23 +0100 X-Mailer: Internet Mail Service (5.5.2652.35) MIME-version: 1.0 Content-type: text/plain; charset="iso-8859-1" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Brian, > > > > > > Being able to set the DS code point is definitely something that > > > applications are going to want to do. For example, a SIP > > > proxy acting as a > > > midcom agent talking to a middlebox at the border between > > > networks will need > > > to instruct the middlebox to set the DSCP in the RTP packets > > > that will flow > > > thru the middlebox. The RTP packets will not flow thru the > > > SIP proxy/midcom > > > agent. The middlebox is the only place the application > will be able to > > > affect QoS for the data flows. > > > > > > > Or, the SIP Proxy (MA) may be able to engage a PDP to set > the DS filters in the Middlebox. Does this mean that we may also > > need to define, in future, an interface between the MA and the PDP? > > We won't be changing QOS policy on a per-call basis, so I don't see > why that would be needed. > > Brian > The settings of DS bits, or TOS bits _may_ have different meanings on either side of a Middlebox (i.e. where it is firewalling between two networks). In such cases it may be necessary for a MIDCOM Agent to request a Middlebox to apply a specific mapping to a specific flow traversing the Middlebox. This is a definite requirement and is IMHO certainly within the scope of MIDCOM to allow. End-end signalling for QoS is a different matter altogether and so clearly out of scope. regards Richard _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Tue Jul 3 09:13:57 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA20446 for ; Tue, 3 Jul 2001 09:13:56 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id JAA06550; Tue, 3 Jul 2001 09:05:45 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id JAA06516 for ; Tue, 3 Jul 2001 09:05:43 -0400 (EDT) Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA15104 for ; Tue, 3 Jul 2001 09:04:58 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-1.cisco.com (8.11.3/8.9.1) with ESMTP id f63D5Bh21951; Tue, 3 Jul 2001 06:05:11 -0700 (PDT) Received: from spandex (rtp-vpn-300.cisco.com [10.82.193.44]) by mira-sjc5-4.cisco.com (Mirapoint) with SMTP id AML05891; Tue, 3 Jul 2001 06:05:06 -0700 (PDT) Message-ID: <003401c103c0$ed8b0640$d45904d1@cisco.com> From: "Melinda Shore" To: Cc: References: Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Tue, 3 Jul 2001 09:06:08 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit > From: > To: ; > Cc: ; > Sent: Tuesday, July 03, 2001 8:31 AM > Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt > End-end signalling for QoS is a different matter altogether and so > clearly out of scope. Any QoS signaling is out of scope. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Tue Jul 3 11:04:10 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA28186 for ; Tue, 3 Jul 2001 11:04:10 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA11008; Tue, 3 Jul 2001 10:56:50 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA10978 for ; Tue, 3 Jul 2001 10:56:48 -0400 (EDT) Received: from mail-gw1.hursley.ibm.com (mail-gw1.hursley.ibm.com [194.196.110.15]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA23113 for ; Tue, 3 Jul 2001 10:56:03 -0400 (EDT) Received: from sp15en17.hursley.ibm.com (sp15at17.hursley.ibm.com [9.20.45.103]) by mail-gw1.hursley.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id PAA24178; Tue, 3 Jul 2001 15:56:16 +0100 Received: from hursley.ibm.com (gsine05.us.sine.ibm.com [9.14.6.45]) by sp15en17.hursley.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id PAA52362; Tue, 3 Jul 2001 15:56:14 +0100 Message-ID: <3B41DCF5.17B69A09@hursley.ibm.com> Date: Tue, 03 Jul 2001 09:55:49 -0500 From: Brian E Carpenter Organization: IBM X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: richard.swale@bt.com CC: sanjoy@nortelnetworks.com, bpenfield@acmepacket.com, midcom@ietf.org Subject: Re: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit Richard (and Andrew Molitor, to clarify what I meant), Indeed a midcom middlebox can apply diffserv traffic conditioning, and the diffserv regime can be different downstream from upstream (in which case the midcom middlebox is at a diffserv domain boundary). But this applies to diffserv traffic aggregates, not to individual flows, as does everything in diffserv. We can't be changing the parameters of a traffic aggregate each time a flow starts & stops. Now, if you mean that when a new flow starts (and stops), the diffserv classifier in the midcom middlebox needs to be told the relevant 5-tuple so that it can create (and destroy) a classifier for that flow, that I can see, but it's the only scaleable flow-specific change I can imagine. Regards Brian richard.swale@bt.com wrote: > > Brian, > > > > > > > > > Being able to set the DS code point is definitely something that > > > > applications are going to want to do. For example, a SIP > > > > proxy acting as a > > > > midcom agent talking to a middlebox at the border between > > > > networks will need > > > > to instruct the middlebox to set the DSCP in the RTP packets > > > > that will flow > > > > thru the middlebox. The RTP packets will not flow thru the > > > > SIP proxy/midcom > > > > agent. The middlebox is the only place the application > > will be able to > > > > affect QoS for the data flows. > > > > > > > > > > Or, the SIP Proxy (MA) may be able to engage a PDP to set > > the DS filters in the Middlebox. Does this mean that we may also > > > need to define, in future, an interface between the MA and the PDP? > > > > We won't be changing QOS policy on a per-call basis, so I don't see > > why that would be needed. > > > > Brian > > > > The settings of DS bits, or TOS bits _may_ have different meanings on either > side of a Middlebox (i.e. where it is firewalling between two networks). In > such cases it may be necessary for a MIDCOM Agent to request a Middlebox to > apply a specific mapping to a specific flow traversing the Middlebox. This > is a definite requirement and is IMHO certainly within the scope of MIDCOM > to allow. End-end signalling for QoS is a different matter altogether and so > clearly out of scope. > > regards > > Richard _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Tue Jul 3 17:34:54 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA10217 for ; Tue, 3 Jul 2001 17:34:54 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA24692; Tue, 3 Jul 2001 17:27:01 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA24661 for ; Tue, 3 Jul 2001 17:26:59 -0400 (EDT) Received: from hypnos.cps.intel.com (hypnos.cps.intel.com [192.198.165.17]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA04816 for ; Tue, 3 Jul 2001 17:26:14 -0400 (EDT) Received: from SMTP (fmsmsxvs03-1.fm.intel.com [132.233.42.203]) by hypnos.cps.intel.com (8.9.1a+p1/8.9.1/d: relay.m4,v 1.40 2001/06/06 21:14:49 root Exp $) with SMTP id TAA26574; Tue, 3 Jul 2001 19:43:26 GMT Received: from fmsmsx19.fm.intel.com ([132.233.48.19]) by 132.233.48.203 (Norton AntiVirus for Internet Email Gateways 1.0) ; Tue, 03 Jul 2001 19:43:16 0000 (GMT) Received: from SMTP (fmsmsxvs03-1.fm.intel.com [132.233.42.203]) by fmsmsx19.fm.intel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id NKZVF349; Tue, 3 Jul 2001 12:43:13 -0700 Received: from condryvaio-mobl.intel.com ([134.134.159.55]) by 132.233.42.203 (Norton AntiVirus for Internet Email Gateways 1.0) ; Tue, 03 Jul 2001 19:43:13 0000 (GMT) Message-Id: <5.1.0.14.2.20010703124134.05842d38@FMSMSX63.intel.com> X-Sender: mwcondry@FMSMSX63.intel.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 03 Jul 2001 12:41:48 -0700 To: "Melinda Shore" , "John LaCour" , From: "Michael W. Condry" Subject: Re: [midcom] Proxies / ALG in Midcom framework document Cc: In-Reply-To: <027901c103bc$1ab09680$d45904d1@cisco.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org group cooperation is good for all of us. At 08:31 AM 7/3/2001 -0400, Melinda Shore wrote: > > From: "John LaCour" > > To: "'Maciocco, Christian'" ; > > > Cc: > > Sent: Monday, July 02, 2001 6:57 PM > > Subject: RE: [midcom] Proxies / ALG in Midcom framework document > > > > Its not clear to me whether or not the MIDCOM group is chartered > > to be concerned ONLY about middleboxes which affect or care > > about layers 3 and 4. > >We are. We're trying to solve a pressing problem with firewall >and NAT traversal. We're trying to do it in a manner that may >generalize well to other middlebox-type problems, but we do have >a very specific piece of work in front of us at this time. The >question of our relationship with groups doing application-layer >middlebox interfaces remains open, in no small part because this >work is so new. I believe that there are plans to discuss what >midcom is doing and how it relates to OPES at the OPES session >during the August meeting. We can discuss it on the mailing >list prior to that, obviously. > >As we start to think about rechartering and as charter/scope issues >continue to crop up on the mailing list it might be worth >considering 1) what a next rev. of a midcom working group might >look like, and 2) how people interested in using midcom for something >else (QoS, packet diversion) might proceed. My *personal* opinion >and my personal preference is that if we are rechartered it will be >specifically to do protocol development for an interface to firewalls >and NATs. We are not here to solve every problem related to >middleboxes in the network. However, if we do a good job and >the framework is correct and useful, it may be that other work >is proposed to the IETF based on our framework, and that work will >have to go through the chartering and review process on its own. > >Melinda Michael W. Condry Director, Network Edge Technology _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Tue Jul 3 23:32:41 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA13392 for ; Tue, 3 Jul 2001 23:32:36 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id XAA04541; Tue, 3 Jul 2001 23:24:43 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id XAA04511 for ; Tue, 3 Jul 2001 23:24:41 -0400 (EDT) Received: from obsoft.com (sdsl-208-185-238-35.dsl.sjc.megapath.net [208.185.238.35]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA12965 for ; Tue, 3 Jul 2001 23:23:55 -0400 (EDT) Received: from obsoft.com (IDENT:sardana@localhost.localdomain [127.0.0.1]) by obsoft.com (8.9.3/8.9.3) with ESMTP id UAA19508; Tue, 3 Jul 2001 20:28:22 -0700 Message-ID: <3B428D56.EC8F3279@obsoft.com> Date: Tue, 03 Jul 2001 20:28:22 -0700 From: Bobby Sardana Organization: ObjectSoftware, Inc X-Mailer: Mozilla 4.61 [en] (X11; U; Linux 2.2.12-20 i686) X-Accept-Language: en MIME-Version: 1.0 To: Melinda Shore CC: John LaCour , midcom@ietf.org, ietf-openproxy@imc.org Subject: Re: [midcom] Proxies / ALG in Midcom framework document References: <027901c103bc$1ab09680$d45904d1@cisco.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit Greetings: So what happens to all the application layer protocols (SIP,HTTP) who have their own means of firewall traversal? Will they have to comply to the MIDCOM specification once it is published? Regards, Bobby Sardana. sardana@obsoft.com Melinda Shore wrote: > > From: "John LaCour" > > To: "'Maciocco, Christian'" ; > > Cc: > > Sent: Monday, July 02, 2001 6:57 PM > > Subject: RE: [midcom] Proxies / ALG in Midcom framework document > > > Its not clear to me whether or not the MIDCOM group is chartered > > to be concerned ONLY about middleboxes which affect or care > > about layers 3 and 4. > > We are. We're trying to solve a pressing problem with firewall > and NAT traversal. We're trying to do it in a manner that may > generalize well to other middlebox-type problems, but we do have > a very specific piece of work in front of us at this time. The > question of our relationship with groups doing application-layer > middlebox interfaces remains open, in no small part because this > work is so new. I believe that there are plans to discuss what > midcom is doing and how it relates to OPES at the OPES session > during the August meeting. We can discuss it on the mailing > list prior to that, obviously. > > As we start to think about rechartering and as charter/scope issues > continue to crop up on the mailing list it might be worth > considering 1) what a next rev. of a midcom working group might > look like, and 2) how people interested in using midcom for something > else (QoS, packet diversion) might proceed. My *personal* opinion > and my personal preference is that if we are rechartered it will be > specifically to do protocol development for an interface to firewalls > and NATs. We are not here to solve every problem related to > middleboxes in the network. However, if we do a good job and > the framework is correct and useful, it may be that other work > is proposed to the IETF based on our framework, and that work will > have to go through the chartering and review process on its own. > > Melinda > > _______________________________________________ > midcom mailing list > midcom@ietf.org > http://www.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Wed Jul 4 03:09:17 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id DAA01500 for ; Wed, 4 Jul 2001 03:09:17 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id CAA20218; Wed, 4 Jul 2001 02:58:53 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id CAA20187 for ; Wed, 4 Jul 2001 02:58:51 -0400 (EDT) Received: from znsgs0ja.europe.nortel.com (znsgs0ja.nortelnetworks.com [47.165.25.40]) by ietf.org (8.9.1a/8.9.1a) with SMTP id CAA00764 for ; Wed, 4 Jul 2001 02:58:07 -0400 (EDT) Received: from qnsgs000.nortel.com (znsgs016 [47.255.64.31]) by znsgs0ja.europe.nortel.com (8.11.0/8.11.0) with ESMTP id f646wKw24209 for ; Wed, 4 Jul 2001 07:58:20 +0100 (BST) Received: from znsgd00t.europe.nortel.com by qnsgs000.nortel.com; Wed, 4 Jul 2001 07:57:54 +0100 Received: by znsgd00t.europe.nortel.com with Internet Mail Service (5.5.2653.19) id <3HB6Z152>; Wed, 4 Jul 2001 07:57:53 +0100 Message-ID: <9154CB41F208D5118DD200508BE39C3044505D@zjguc006.europe.nortel.com> From: "Cedric Aoun" To: "'Andrew Molitor'" Cc: midcom@ietf.org Subject: RE: [midcom] Re: I-D ACTION:draft-ietf-midcom-framework-02.txt Date: Wed, 4 Jul 2001 07:57:53 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C10456.A5632000" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C10456.A5632000 Content-Type: text/plain; charset="iso-8859-1" Sorry if I'm repeating things that other WG members already mentioned ... "It is clearly desirable to allow something like a SIP Proxy server to actively provision network elements with QoS/bandwidth parameters.." Andrew I totally agree with you, but we need to stick with delivering the framework and protocol requirements for a protocol that allows negotiation and control of Packet filtering and NAT Middle Box functions. Within these 2 documents (we should express that the protocol could be easily extended to control other Middle Box functions(Qos and others, this is already mentioned in the documents). In case we fail to deliver our current expected work items, we won't be re-chartered to start going into the protocol spec work and try to find an existing protocol (with probably some extensions) that will meet the MIDCOM protocol requirements. After being re-charted we need to see how we could get Qos and other functions to be handled by MIDCOM. Thanks Cedric _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom ------_=_NextPart_001_01C10456.A5632000 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [midcom] Re: I-D = ACTION:draft-ietf-midcom-framework-02.txt

Sorry if I'm repeating things that other WG members = already mentioned ...

"It is clearly desirable to allow something like = a SIP Proxy
server to actively provision network elements with = QoS/bandwidth
parameters.."

Andrew I totally agree with you, but we need to stick = with delivering the framework
and protocol requirements for a protocol that allows = negotiation and control of
Packet filtering and NAT Middle Box functions. = Within these 2 documents (we
should express that the protocol could be easily = extended to control other Middle
Box functions(Qos and others, this is already = mentioned in the documents).

In case we fail to deliver our current expected work = items, we won't be
re-chartered to start going into the protocol spec = work and try to find an existing protocol
(with probably some extensions) that will meet the = MIDCOM protocol requirements.
After being re-charted we need to see how we could = get Qos and other functions to be
handled by MIDCOM.
Thanks
Cedric

_______________________________________________
midcom mailing list
midcom@ietf.org
http://www.ietf.org/mailman/listinfo/midcom=

------_=_NextPart_001_01C10456.A5632000-- _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Wed Jul 4 08:51:20 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA05874 for ; Wed, 4 Jul 2001 08:51:20 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA02451; Wed, 4 Jul 2001 08:43:14 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA02423 for ; Wed, 4 Jul 2001 08:43:12 -0400 (EDT) Received: from sj-msg-core-3.cisco.com (sj-msg-core-3.cisco.com [171.70.157.152]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA05734 for ; Wed, 4 Jul 2001 08:42:26 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-3.cisco.com (8.11.3/8.9.1) with ESMTP id f64CesH05082; Wed, 4 Jul 2001 05:40:55 -0700 (PDT) Received: from spandex (rtp-vpn-156.cisco.com [10.82.192.156]) by mira-sjc5-4.cisco.com (Mirapoint) with SMTP id AMU01738; Wed, 4 Jul 2001 05:42:32 -0700 (PDT) Message-ID: <014101c10486$f1520e60$d45904d1@cisco.com> From: "Melinda Shore" To: "Bobby Sardana" Cc: , References: <027901c103bc$1ab09680$d45904d1@cisco.com> <3B428D56.EC8F3279@obsoft.com> Subject: Re: [midcom] Proxies / ALG in Midcom framework document Date: Wed, 4 Jul 2001 08:43:35 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit > So what happens to all the application layer protocols (SIP,HTTP) who have their > own means of firewall traversal? Will they have to comply to the MIDCOM > specification once it is published? I don't know of any protocol that has its own means of firewall traversal. Firewalls may or may not have support for particular protocols. That won't change, of course, and firewalls that do stateful inspection will continue to be useful in cases where there's no application support for midcom or when performance and application security are not issues. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Thu Jul 5 14:14:35 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA22215 for ; Thu, 5 Jul 2001 14:14:31 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA03487; Thu, 5 Jul 2001 13:53:50 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA03457 for ; Thu, 5 Jul 2001 13:53:48 -0400 (EDT) Received: from web13805.mail.yahoo.com (web13805.mail.yahoo.com [216.136.175.15]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA21612 for ; Thu, 5 Jul 2001 13:53:02 -0400 (EDT) Message-ID: <20010705175346.89829.qmail@web13805.mail.yahoo.com> Received: from [65.12.33.187] by web13805.mail.yahoo.com; Thu, 05 Jul 2001 10:53:46 PDT Date: Thu, 5 Jul 2001 10:53:46 -0700 (PDT) From: Pyda Srisuresh Subject: RE: [midcom] Framework draft review To: "'midcom@ietf.org'" Cc: Sanjoy Sen , Mary Barnes In-Reply-To: <85AA7486A2C1D411BCA20000F8073E43016BBFA8@crchy271.us.nortel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org --- Sanjoy Sen wrote: > > > Here're some feedback from myself & Mary Barnes on the Framework draft. > Please find our comments within the delimiters, such as [SS] and [/SS]. > > Regards, > Sanjoy > Thanks. Sorry about the delay in responding. > ======================= > 1. Introduction > ---------------- > > 3rd sentence: Network Address Translator service, on the other hand, > provides routing transparency across address realms (within IPv4 routing > network or across V4 and V6 routing realms). Application Level gateways > (ALGs) are used in conjunction with NAT to provide end-to-end transparency > for many of the applications. > > [MB] I think this has already been discussed before, but transparency is not > a term here for either of these sentences. I would suggest rewording these > 2 sentences as: > > The address mapping of Network Address Translation (within IPv4 routing > network or across V4 and V6 routing realms), however, is independent from > the end application. An Application Level Gateway (ALG) used in conjunction > with NAT can remove the knowledge of NATs for applications for which NATs > are problematic. [/MB] > I believe, I addressed this in a different thread with Brian Carpenter and Scott Brim. Thanks. > 2.5. Proxy > > A proxy is an intermediate relay agent between clients and servers > of an application, relaying application messages between the two. > Proxies use special protocol mechanisms to communicate with proxy > clients and relay client data to servers and vice versa. > > [SS] The proxies described here are application layer proxies. There're > other types of proxies which relays the transport stream (Transport layer > proxies), such as an RTP proxy, without higher layer application awareness. > These two types should perhaps be distinguished. The reason is that while > application layer proxies can be a type of Midcom agent, the transport layer > proxies can be a type of Middle-Box (and I think that Midcom is a general > framework with the eventual goal of addressing all kinds of Middleboxes). > Proxies which are application-unaware but need application-specific > intelligence are also Middle-boxes. [/SS] > You are right. Some proxies can be application unaware. But, all Proxy clients (i.e., applications using proxy servers) are aware of proxies. In any case, the description in the document is not restricted to application specific proxies, as you claim. > > 2.8. MIDCOM Agents > > MIDCOM agents are entities performing ALG function, ... > > [SS] Why only ALG's? Application layer proxies (since you've distinguished > between ALG's & proxies) can also be Midcom agents, as you've provided some > examples in the next paragraph. [/SS] > > The protocol will allow MIDCOM agents to signal > the middleboxes to let complex applications using dynamic port > based sessions through them (i.e., middleboxes) seamlessly. > > [SS] There are additional protocol requirements which may need to be > addressed here (or perhaps in the Requirements draft), such as the > following. The protocol should allow exchange of state synchronization > information (such as resource availability, state of the binding in case > NAT's, health-checks etc) between the Midcom Agent & the Middle-box. The > protocol should also allow modification of state in the Middle-box during > runtime. The protocol should be able to specify direction of the connection > through the Middle-box. [/SS] > These are protocol Requirements. Not addressed here. > Connection setup must be preceded by registration of the > MIDCOM agent with either the middlebox or the Policy Server. > > [SS] There might be situations where this registration process is initiated > by the Middle-box itself. So, isn't it better to phrase the above sentence > as "Connection set-up must be preceded by a registration phase between the > Midcom agent and either the Middle-box or the Policy server". This also > concurrs more with the text in the Protocol Requirements DRAFT. [/SS] > I belive, the text as it exists, reads fine. Registration here specifically refers to registration of MIDCOM agents. > Alternately, a MIDCOM session termination may be triggered by > one of (a) agent going out of service and not being available > for further MIDCOM operations, .... > > [SS] It would also be triggered by the Middle-box going out of service. > [/SS] > Sure. I will fix the text to reflect this. Thanks. > During connection establishment, an agent would identify > itself as either In-Path or Out-Of-Path(OOP) to the middlebox. > > [SS] This should be during Registration phase, right? > Is support of OOP Midcom agent (& the associated "diversion" function in the > Middle-box), mandatory under the framework or is it optional? This should be > mentioned too. [/SS] > The document will be revised to remove discussion on OOP agents. > Profile of a MIDCOM agent includes agent authorization policy (i.e, > session tuples for which the agent is authorized to act as ALG), ... > > [SS] Please define Session Tuple. If its the Session id address/port, protocol>, then in many cases, the MA doesn't know about it > until the session is being initiated (e.g., SIP session). It may not be > possible for the MA to have this information during the time of > registration. [/SS] > > 4. MIDCOM Protocol > > [MB] Initially, I was in agreement with Eric Fleishman's comments that the > last 2 paragraphs of Section 4 are misplaced as they describe functionality > of the Middlebox (stateful vs. stateless) rather than the protocol itself. > However, in re-reading, I think that the concept is also protocol related > (i.e. which messages effect a change in the Protocol state machine). > Perhaps, there needs to be a paragraph in Section 3 such as: > > Some middlebox services are stateless. However, there are many that > are stateful and maintain per-connection state in the system. > Firewall service may be implemented as a stateless list of ACLs. > Many firewall implementations, however, are stateful. NAT > service, on the other hand, is inherently stateful. As such, > support of the MIDCOM protocol will require a middlebox to be > stateful. Refer to Section 4.0 for further detail. > > And a paragraph in Section 4 (replacing the current last 2 paragraphs) that > reads something like: > > The MIDCOM protocol may require a middlebox to be > stateful. For the case of a middlebox implementing firewall > service, with the advent of MIDCOM protocol, the middlebox is > required to allocate dynamic resources, such as pin-holes, > upon request from agents. Explicit release of dynamically > allocated resources happens when the application session is > ended or when a Midcom agent requests the middlebox to release > the resource. However, the middlebox must be able to recover the > dynamically allocated resources at some point in time even if > the agent that was responsible for the dynamic allocation is not > alive. Typically, this is done by tracking the state of each > dynamically allocated pin-hole with some type of a timer. > This exemplifies that even the firewall function will need to > maintain per-connection state, as a requirement to support the > MIDCOM protocol. > > [/MB] > I will remove both these paragraphs from the document and simply add a section titled "Timers on Middlebox considered useful" in the Operational Considerations section. > > The technique described above is necessary for the pre-registration of > MIDCOM agents with the > Middlebox. However, it is possible to retain the provisioning on > middlebox unchanged, by > requiring MIDCOM agents to initiate the connection to middlebox. In such > a case, the > agent should initiate the connection prior to the start of the > application. ... > > > [SS] I assume that you're talking about Registration connection here. How > does the Midcom agent know when to initiate this connection? Again, going > back to the SIP example, the agent can only initiate the connection on > receipt of a SIP INVITE message. It makes sense to me for apriori > registration between the MB & MA, & MA be ready for connection set-up > whenever required. The registration is refreshed periodically. [/SS] That may very well be the case. (i.e., apriori connection between MB and MA). > > [SS] Typo in the third line of last para of page 20 - "... media stream, > When used" [/SS] > What is the typo? > Section 7.3 - Middlebox implementing NAPT & Firewall call flows: > > | | | | > | |++Permit RTP1 & RTCP1 | | > | | sessions External to| | > | | middlebox, namely | | > | | Ma to Ea:Eport1, | | > | | Ma to Ea:Eport1+1 | | > | | sessions ++++++++++>| | > | |<+Ma to Ea:Eport1, | | > | | Ma to Ea:Eport1+1 | | > | | sessions OKed ++++++| > > > [SS] Should this be Ma or is it Pa? > It is Ma. > For certain types of NAPT, you won't be able to complete the binding & > update the NAPT table until you know the port address of the callee, which > is not part of the SDP in INVITE. In many cases, the SDP of the callee > (containing the port) is carried in the provisional response 180/183, and > Early Media follows the provisional response. The MA should be able to > complete the NAPT binding based on the SDP of the callee in the response > message, to allow early media. [/SS] > In order for the early media messages to reach the caller, it should be OK to open UDP sessions from any port of the callee to caller. > 9.3. Asynchronous notification to MIDCOM agents > > Asynchronous notification by the middlebox to a MIDCOM agent > can be useful for events such as Session creation, Session > termination, MIDCOM protocol failure, Middlebox function > failure or any other significant event. Independently, ICMP > error codes can also be useful to notify transport layer > failures to the agents. ... > > [SS] We should perhaps also include the following: > - Exchange state synchronization information (described earlier) > - Periodic health check message exchange Please see my comments above about creating a new section titled "Timers on Middlebox considered useful". > - MB send logs of unauthorized access & unsolicitated alarms to the > MA This sounds like generic middlebox managment/monitoring requirement. Not sure, this is MA specific. In any case, I believe, mention of "periodic notification of various forms of data such as statistics update" would cover any specific cases that may be required by an MA. > [/SS] > > Regards, > Sanjoy Sen > Thanks. cheers, suresh ===== __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Fri Jul 6 12:00:30 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA09790 for ; Fri, 6 Jul 2001 12:00:30 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA20841; Fri, 6 Jul 2001 11:42:02 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA20806 for ; Fri, 6 Jul 2001 11:41:58 -0400 (EDT) Received: from sj-msg-core-3.cisco.com (sj-msg-core-3.cisco.com [171.70.157.152]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA08874 for ; Fri, 6 Jul 2001 11:41:07 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-3.cisco.com (8.11.3/8.9.1) with ESMTP id f66FdeH26359 for ; Fri, 6 Jul 2001 08:39:41 -0700 (PDT) Received: from spandex.cisco.com (rtp-vpn-254.cisco.com [10.82.192.254]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id ANG02538; Fri, 6 Jul 2001 08:41:18 -0700 (PDT) Message-Id: <5.1.0.14.0.20010706113523.009edaf0@mira-sjc5-4.cisco.com> X-Sender: mshore@mira-sjc5-4.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 06 Jul 2001 11:42:19 -0400 To: midcom@ietf.org From: Melinda Shore Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: [midcom] London meeting time Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org We're tentatively scheduled to meet from 9-1130 on Thursday, 9 August. Also scheduled at that time are: APP trade Internet Open Trading Protocol WG OPS rap-II Resource Allocation Protocol WG SEC sacred Securely Available Credentials WG SUB-IP tewg Internet Traffic Engineering WG TSV avt-II Audio/Video Transport WG At the top of the agenda are wrapping up those things which need to be wrapped in the framework document and the requirements document. Please let me know if there's anything you feel *must* be addressed in the meeting beyond work on the documents. Note, however, that it would be very, very, very much appreciated if issues could be raised on the mailing list ahead of time - the meeting is not *the* place where work is done, but one place among several. The bulk of the work is done on mailing lists, and that's where consensus is developed. Also, as we prepare to go into last call on the framework document, do raise issues as soon as you become aware of them rather than waiting until the last minute and gumming up the process. Many thanks. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Fri Jul 6 12:31:01 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA11602 for ; Fri, 6 Jul 2001 12:30:56 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA22318; Fri, 6 Jul 2001 12:14:15 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA22282 for ; Fri, 6 Jul 2001 12:14:13 -0400 (EDT) Received: from sj-msg-core-3.cisco.com (sj-msg-core-3.cisco.com [171.70.157.152]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA10576 for ; Fri, 6 Jul 2001 12:13:26 -0400 (EDT) Received: from airborne.cisco.com (airborne.cisco.com [171.71.154.32]) by sj-msg-core-3.cisco.com (8.11.3/8.9.1) with ESMTP id f66G7WH09602; Fri, 6 Jul 2001 09:11:48 -0700 (PDT) Received: from SBRIM-W2K.cisco.com (sjc-vpn1-12.cisco.com [10.21.96.12]) by airborne.cisco.com (Mirapoint) with ESMTP id AFJ09572; Fri, 6 Jul 2001 09:09:10 -0700 (PDT) X-Mailer: emacs 20.7.1 (via feedmail 9-beta-12 I); VM 6.92 under Emacs 20.7.1 From: "Scott Brim" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15173.58021.800000.530129@gargle.gargle.HOWL> Date: Fri, 6 Jul 2001 12:09:09 -0400 To: Pyda Srisuresh Cc: "'midcom@ietf.org'" , Sanjoy Sen , Mary Barnes Subject: RE: [midcom] Framework draft review In-Reply-To: <20010705175346.89829.qmail@web13805.mail.yahoo.com> References: <85AA7486A2C1D411BCA20000F8073E43016BBFA8@crchy271.us.nortel.com> <20010705175346.89829.qmail@web13805.mail.yahoo.com> Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit On 5 Jul 2001 at 10:53 -0700, Pyda Srisuresh apparently wrote: > --- Sanjoy Sen wrote: > > ======================= > > 1. Introduction > > ---------------- > > > > 3rd sentence: Network Address Translator service, on the other hand, > > provides routing transparency across address realms (within IPv4 routing > > network or across V4 and V6 routing realms). Application Level gateways > > (ALGs) are used in conjunction with NAT to provide end-to-end transparency > > for many of the applications. > > > > [MB] I think this has already been discussed before, but transparency is not > > a term here for either of these sentences. I would suggest rewording these > > 2 sentences as: > > > > The address mapping of Network Address Translation (within IPv4 routing > > network or across V4 and V6 routing realms), however, is independent from > > the end application. An Application Level Gateway (ALG) used in conjunction > > with NAT can remove the knowledge of NATs for applications for which NATs > > are problematic. [/MB] > > > > I believe, I addressed this in a different thread with Brian Carpenter > and Scott Brim. Thanks. Actually we didn't reach agreement. I dropped it because I felt that it wasn't productive to pursue it when we had much bigger issues to deal with, like requirements. _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Fri Jul 6 18:42:01 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA22485 for ; Fri, 6 Jul 2001 18:42:01 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA03328; Fri, 6 Jul 2001 18:36:32 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA03295 for ; Fri, 6 Jul 2001 18:36:29 -0400 (EDT) Received: from nemo.corp.equinix.com (somehost-3.equinix.net [207.20.85.155]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA22338 for ; Fri, 6 Jul 2001 18:35:42 -0400 (EDT) From: hardie@equinix.com Received: (from hardie@localhost) by nemo.corp.equinix.com (8.9.3/8.9.3) id PAA03074; Fri, 6 Jul 2001 15:33:43 -0700 (PDT) Message-Id: <200107062233.PAA03074@nemo.corp.equinix.com> To: midcom@ietf.org Date: Fri, 6 Jul 2001 15:33:43 -0700 (PDT) Reply-to: hardie@equinix.com X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Subject: [midcom] Firewall interaction with BEEP Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit As many of you may know, beep is an application protocol framework standardized within the IETF as a method for reusing common protocol elements for connection-oriented application protocols (see RFCs 3080 and 3081 for the core specs and the mapping onto TCP). Thinking about how beep works, it occured to me that there might be a requirement for MIDCOM agents to refer to specific protocols layered on top of beep. With his permission, I've attached below an email response from Marshall Rose on the issue; his basic message is that an effective message to a firewall about a beep connection will need a tuple of (src, dest, profiles) to cover the policy requirements. On the positive side, as he notes, all elements of a beep session are currently bound to a single TCP connection and there are not FTP-data type problems to contend with. Despite there being no current firewall applications that are beep capable, I believe we may need language in the requirements document to cover the use of profiles within beep sessions. regards, Ted Hardie >From mrose@dbc.mtview.ca.us Fri Jul 6 12:33:01 2001 >> Do you have any information on how current firewall configurations >> handle beep's ability to handle multiple applications, and do you have >> a sense of whether src,dest,application is a sufficient tuple for the >> applicationof firewall logic? >hi. i'm not aware of any firewalls that are beep capable. that's probably >because the first set of beep applications haven't rolled out yet, and most >firewall vendors operate in a reactive mode with respect to the market. >at a first cut, a tuple of is adequate. >this is a bit different that what you suggest, for two reasons. >first, i use the term "profile" rather than "application", since this is the >term that beep knows about and exchanges. that is, a firewall could be >figured to allow traffic from a particular src/dst pair, if it looked like >beep, but only if profiles from allowed list were started. >second, i use the plural "profiles" because you may want more than one. for >example, the first thing the peers might do is start up a sasl channel for >authentication, and then they might start one or more data channels for >exchange. >there is one nuance to all this: if the TLS profile (or a SASL profile that >does privacy in addition to authentication) is on the allowed list, then the >firewall is going to lose the ability to observe traffic. the same is true >if the tunnel profile from the idxp working group is on the allowed list. >maybe this is an okay thing, it's up to the administrator to setup the list >of acceptable profiles to start. >of course, things like APEX imply the same kind of issues that you'd find >with allowing SMTP traffic; similarly, things like SOAP imply the same kind >of issues that you'd find with allowing HTTP traffic. >on the bright side, since all the traffic for a beep session is currently >bound to a single tcp session, you don't have the ftp-data/h.323 issue. >hope that helps. >/mtr _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Fri Jul 6 22:22:18 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA26712 for ; Fri, 6 Jul 2001 22:22:18 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id WAA08514; Fri, 6 Jul 2001 22:15:14 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id WAA08451 for ; Fri, 6 Jul 2001 22:15:09 -0400 (EDT) Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10]) by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA26514 for ; Fri, 6 Jul 2001 22:14:22 -0400 (EDT) Received: from airborne.cisco.com (airborne.cisco.com [171.71.154.32]) by sj-msg-core-4.cisco.com (8.11.3/8.9.1) with ESMTP id f672CcP14689; Fri, 6 Jul 2001 19:12:38 -0700 (PDT) Received: from SBRIM-W2K.cisco.com (sjc-vpn2-16.cisco.com [10.21.112.16]) by airborne.cisco.com (Mirapoint) with ESMTP id AFP00276; Fri, 6 Jul 2001 19:12:29 -0700 (PDT) X-Mailer: emacs 20.7.1 (via feedmail 9-beta-12 Q); VM 6.92 under Emacs 20.7.1 From: "Scott Brim" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15174.24053.637000.999121@gargle.gargle.HOWL> Date: Fri, 6 Jul 2001 20:55:17 -0400 To: "Maciocco, Christian" Cc: midcom@ietf.org, "'ietf-openproxy@imc.org'" Subject: Re: [midcom] Proxies / ALG in Midcom framework document In-Reply-To: References: Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit On 2 Jul 2001 at 14:58 -0700, Maciocco, Christian apparently wrote: > The concern I have if we describe ALG in this doc at this point is that as > we use SIP/RTP-RTCP/RTSP as example to describe the NAT & FW requirements, > having the ALG in the doc makes me think that I'm not too far from being > authorized by the Midcom framework to "process" these bitstreams content. If > the OPES WG is chartered, a framework enabling content processing would be > one aspect of this WG work. Considering the OPES box as a "Content level > middlebox" it will be interesting to see how it does cooperate w/ the MIDCOM > box. What you do in a Midcom "agent" is completely out of scope for Midcom. Midcom cares about how the agent controls the behavior (in particular the NAT/Firewall behavior) of the middlebox functions. You can manipulate content all you want and the midcom protocol won't ever hear about it. If you want some protocol that communicates how content is or should be manipulated, that's where you talk to OPES. ...Scott _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Fri Jul 6 22:22:39 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA26726 for ; Fri, 6 Jul 2001 22:22:38 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id WAA08509; Fri, 6 Jul 2001 22:15:13 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id WAA08450 for ; Fri, 6 Jul 2001 22:15:09 -0400 (EDT) Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.24.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA26513 for ; Fri, 6 Jul 2001 22:14:22 -0400 (EDT) Received: from airborne.cisco.com (airborne.cisco.com [171.71.154.32]) by sj-msg-core-2.cisco.com (8.11.3/8.9.1) with ESMTP id f672CXx24369; Fri, 6 Jul 2001 19:12:33 -0700 (PDT) Received: from SBRIM-W2K.cisco.com (sjc-vpn2-16.cisco.com [10.21.112.16]) by airborne.cisco.com (Mirapoint) with ESMTP id AFP00271; Fri, 6 Jul 2001 19:12:19 -0700 (PDT) X-Mailer: emacs 20.7.1 (via feedmail 9-beta-12 Q); VM 6.92 under Emacs 20.7.1 From: "Scott Brim" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15174.23029.140000.335102@gargle.gargle.HOWL> Date: Fri, 6 Jul 2001 20:38:13 -0400 To: Brian E Carpenter Cc: Cedric Aoun , "'Bob Penfield'" , "Midcom IETF (E-mail)" Subject: Re: [midcom] Re: draft-ietf-midcom-requirements-01.txt In-Reply-To: <3B4088B2.481DDEEA@hursley.ibm.com> References: <9154CB41F208D5118DD200508BE39C3044504E@zjguc006.europe.nortel.com> <3B4088B2.481DDEEA@hursley.ibm.com> Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit On 2 Jul 2001 at 09:44 -0500, Brian E Carpenter apparently wrote: > I still object to QOS being shown as a fundamental part of the midcom model, > although I agree that we should not close the door in the design. Right, exactly. There is no reason for midcom to mention QoS, as long as the requirements draft clearly says the midcom protocol must be extensible. Bundling in instructions on diffserv markings would be a simple extension, just as it is for COPS or RSVP. _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Fri Jul 6 22:29:03 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA26843 for ; Fri, 6 Jul 2001 22:29:03 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id WAA08642; Fri, 6 Jul 2001 22:22:09 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id WAA08608 for ; Fri, 6 Jul 2001 22:22:07 -0400 (EDT) Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10]) by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA26671 for ; Fri, 6 Jul 2001 22:21:20 -0400 (EDT) Received: from airborne.cisco.com (airborne.cisco.com [171.71.154.32]) by sj-msg-core-4.cisco.com (8.11.3/8.9.1) with ESMTP id f672LhP17288; Fri, 6 Jul 2001 19:21:43 -0700 (PDT) Received: from SBRIM-W2K.cisco.com (sjc-vpn2-16.cisco.com [10.21.112.16]) by airborne.cisco.com (Mirapoint) with ESMTP id AFP00334; Fri, 6 Jul 2001 19:21:35 -0700 (PDT) X-Mailer: emacs 20.7.1 (via feedmail 9-beta-12 I); VM 6.92 under Emacs 20.7.1 From: "Scott Brim" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15174.29232.149000.544611@gargle.gargle.HOWL> Date: Fri, 6 Jul 2001 22:21:36 -0400 To: hardie@equinix.com Cc: midcom@ietf.org Subject: Re: [midcom] Firewall interaction with BEEP In-Reply-To: <200107062233.PAA03074@nemo.corp.equinix.com> References: <200107062233.PAA03074@nemo.corp.equinix.com> Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit On 6 Jul 2001 at 15:33 -0700, hardie@equinix.com apparently wrote: > Despite there being no current firewall applications that are > beep capable, I believe we may need language in the requirements > document to cover the use of profiles within beep sessions. I think this comes down to a statement that the midcom protocol syntax needs to be flexible enough to do not just what we are focused on right now, but what others might need to do in the future -- we already have this covered -- and that we should add beep-based communications to the list of possible future needs. I don't see a problem here. ...Scott _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Sat Jul 7 23:13:53 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA26600 for ; Sat, 7 Jul 2001 23:13:53 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id XAA20369; Sat, 7 Jul 2001 23:08:45 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id XAA20340 for ; Sat, 7 Jul 2001 23:08:44 -0400 (EDT) Received: from yourwebsite.com (cd-179-62.ra30.dc.capu.net [64.50.179.62]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA26567 for ; Sat, 7 Jul 2001 23:07:56 -0400 (EDT) From: lprice@capu.net Message-Id: <200107080307.XAA26567@ietf.org> Reply-To: lprice@capu.net To: midcom@ietf.org Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Sat, 7 Jul 2001 23:04:32 -0400 Subject: [midcom] Ride the Wave of Success!!/FREE MEMBERSHIP!!! Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org JOIN NOW FOR FREE!!! SERIOUS ONLINE INCOME: NO PRODUCTS TO SELL, NO MEETING TO ATTEND, NO MONTHLY QUOTAS We are a FOUR 4 YEAR OLD INTERNET BUSINESS AND GROWING VERY FAST. WE HAD OVER 60,000 VIPS SIGNUP COMPANY WIDE IN THE MONTH OF JUNE 2001. SEE WHY THOUSANDS OF PEOPLE FROM ALL OVER THE WORLD ARE JOINING US AT RECORD RATES.; THE MEMBERSHIP IS FREE at. http://onlineprofits.50megs.com. . Enter your first and last name and email address. Afterwards you will start recieving various emails about company and the business opportunity. Also, you will become a FREE MEMBER and you can START SHOPPING from at least 70 brand name online stores and BE ENTERED in our monthly $100 shopping spree!. Take your time and review our company's benefits and opportunities. . GUARANTEED minimum commission every month . you can get 200 members a month added to you downline . Free Software . and a strong team support Now remember anybody that signs up after you will be in your downline. This is very important if you want join our company and get a monthly check. Don't pass this one up. GET YOUR FREE MEMBERSHIP AT: http://onlineprofits.50megs.com --- type in your name and email address and hit the submit botton. We will talk soon, GIVIE IT A TRY, YOU HAVE NOTHING TO LOSE AND POSSIBLE A LOT TO GAIN. _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 13:39:12 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA23344 for ; Mon, 9 Jul 2001 13:39:12 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA03998; Mon, 9 Jul 2001 13:31:32 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA03971 for ; Mon, 9 Jul 2001 13:31:31 -0400 (EDT) Received: from nemo.corp.equinix.com (somehost-3.equinix.net [207.20.85.155]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA23001 for ; Mon, 9 Jul 2001 13:30:42 -0400 (EDT) From: hardie@equinix.com Received: (from hardie@localhost) by nemo.corp.equinix.com (8.9.3/8.9.3) id KAA27617; Mon, 9 Jul 2001 10:31:24 -0700 (PDT) Message-Id: <200107091731.KAA27617@nemo.corp.equinix.com> Subject: Re: [midcom] Firewall interaction with BEEP To: sbrim@cisco.com (Scott Brim) Date: Mon, 9 Jul 2001 10:31:24 -0700 (PDT) Cc: hardie@equinix.com, midcom@ietf.org In-Reply-To: <15174.29232.149000.544611@gargle.gargle.HOWL> from "Scott Brim" at Jul 06, 2001 10:21:36 PM Reply-to: hardie@equinix.com X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit Scott, Adding beep-based communications to the list of possible future needs would help, but I think we need more than a statement that the protocol syntax needs to be flexible. I think we need to explicitly say that the MIDCOM protocol must be able to handle control channels that fall into three categories: port based, mux-based, and external channel. For the midcom protocol to handle a port-based protocol (like WHOIS, for example) is pretty easy: the agent can request a pinhole for the specific port on a specific destination. For the external channel, the agent uses data from one channel to request a pinhole for a distinct src/dest pair. For a mux-based protocol, the agent must be able to do more, because the src/dest pair doesn't make for a full tuple; it must name the profiles as well. Without that, all beep profiles would have to be considered equivalent; the result would look much like a firewall control protocol that could only specific IP address (and could not specify port number): all tcp and udp-based protocols would look the same. Though I can't point to an existing firewall implementation to prove it, I have a strong suspicion that that won't suffice. regards, Ted Hardie > > On 6 Jul 2001 at 15:33 -0700, hardie@equinix.com apparently wrote: > > Despite there being no current firewall applications that are > > beep capable, I believe we may need language in the requirements > > document to cover the use of profiles within beep sessions. > > I think this comes down to a statement that the midcom protocol syntax > needs to be flexible enough to do not just what we are focused on right > now, but what others might need to do in the future -- we already have > this covered -- and that we should add beep-based communications to the > list of possible future needs. I don't see a problem here. > > ...Scott > _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 14:27:04 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA24898 for ; Mon, 9 Jul 2001 14:26:59 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA05444; Mon, 9 Jul 2001 14:22:54 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA05416 for ; Mon, 9 Jul 2001 14:22:53 -0400 (EDT) Received: from mail5.microsoft.com (mail5.microsoft.com [131.107.3.121]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA24717 for ; Mon, 9 Jul 2001 14:22:02 -0400 (EDT) Received: from 157.54.9.100 by mail5.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 09 Jul 2001 11:15:10 -0700 (Pacific Daylight Time) Received: from red-imc-01.redmond.corp.microsoft.com ([157.54.9.102]) by inet-imc-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 9 Jul 2001 11:15:07 -0700 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.82]) by red-imc-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 9 Jul 2001 11:14:57 -0700 Received: from win-msg-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.134]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 9 Jul 2001 11:14:04 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.5683.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: [midcom] Firewall interaction with BEEP Date: Mon, 9 Jul 2001 11:14:04 -0700 Message-ID: Thread-Topic: [midcom] Firewall interaction with BEEP Thread-Index: AcEInUbsCQQivdpKRyi8F9NwyXTWfgABU8aQ From: "Christian Huitema" To: , "Scott Brim" Cc: X-OriginalArrivalTime: 09 Jul 2001 18:14:04.0571 (UTC) FILETIME=[EFE71EB0:01C108A2] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by optimus.ietf.org id OAA05417 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 8bit Ted, I don't think that it is a good idea to add additional requirements at this point in the game. We understand protocols and ports very well, and we should specify that. When firewalls get developed that perform specific treatment for BEEP, then we will study the extensions. By the way, BEEP is not unique there -- at some point we will also need extensions for SCTP, SOAP, and maybe even HTTP or SMTP... -- Christian Huitema > -----Original Message----- > From: hardie@equinix.com [mailto:hardie@equinix.com] > Sent: Monday, July 09, 2001 10:31 AM > To: Scott Brim > Cc: hardie@equinix.com; midcom@ietf.org > Subject: Re: [midcom] Firewall interaction with BEEP > > Scott, > Adding beep-based communications to the list of possible > future needs would help, but I think we need more than a statement > that the protocol syntax needs to be flexible. I think we need to > explicitly say that the MIDCOM protocol must be able to handle control > channels that fall into three categories: port based, mux-based, and > external channel. For the midcom protocol to handle a port-based > protocol (like WHOIS, for example) is pretty easy: the agent can > request a pinhole for the specific port on a specific destination. > For the external channel, the agent uses data from one channel to > request a pinhole for a distinct src/dest pair. For a mux-based > protocol, the agent must be able to do more, because the src/dest pair > doesn't make for a full tuple; it must name the profiles as well. > Without that, all beep profiles would have to be considered > equivalent; the result would look much like a firewall control > protocol > that could only specific IP address (and could not specify port > number): > all tcp and udp-based protocols would look the same. Though I > can't point to an existing firewall implementation to prove it, I > have a strong suspicion that that won't suffice. > regards, > Ted Hardie > > > > > > > > > > On 6 Jul 2001 at 15:33 -0700, hardie@equinix.com apparently wrote: > > > Despite there being no current firewall applications that are > > > beep capable, I believe we may need language in the requirements > > > document to cover the use of profiles within beep sessions. > > > > I think this comes down to a statement that the midcom protocol > syntax > > needs to be flexible enough to do not just what we are focused on > right > > now, but what others might need to do in the future -- we already > have > > this covered -- and that we should add beep-based communications to > the > > list of possible future needs. I don't see a problem here. > > > > ...Scott > > > > > _______________________________________________ > midcom mailing list > midcom@ietf.org > http://www.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 14:33:26 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA25244 for ; Mon, 9 Jul 2001 14:33:25 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA05577; Mon, 9 Jul 2001 14:27:13 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA05548 for ; Mon, 9 Jul 2001 14:27:11 -0400 (EDT) Received: from astro.cs.utk.edu (astro.cs.utk.edu [160.36.58.43]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA24883 for ; Mon, 9 Jul 2001 14:26:22 -0400 (EDT) Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with ESMTP id OAA19584; Mon, 9 Jul 2001 14:27:00 -0400 (EDT) Message-Id: <200107091827.OAA19584@astro.cs.utk.edu> X-URI: http://www.cs.utk.edu/~moore/ From: Keith Moore To: hardie@equinix.com cc: sbrim@cisco.com (Scott Brim), midcom@ietf.org Subject: Re: [midcom] Firewall interaction with BEEP In-reply-to: Your message of "Mon, 09 Jul 2001 10:31:24 PDT." <200107091731.KAA27617@nemo.corp.equinix.com> Date: Mon, 09 Jul 2001 14:27:00 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org I think this is just further demonstration that we need for each protocol that the network is going to know about to have a unique port assignment, even if it's layered over a substrate such as BEEP. Expecting the network to sort out details of protocols higher than the packet level is not only a gross layering violation, it doesn't scale well. It's one thing to build firewalls that do this as a stopgap measure, but we shouldn't invest time trying to standardize such hacks. Keith > Scott, > Adding beep-based communications to the list of possible > future needs would help, but I think we need more than a statement > that the protocol syntax needs to be flexible. I think we need to > explicitly say that the MIDCOM protocol must be able to handle control > channels that fall into three categories: port based, mux-based, and > external channel. For the midcom protocol to handle a port-based > protocol (like WHOIS, for example) is pretty easy: the agent can > request a pinhole for the specific port on a specific destination. > For the external channel, the agent uses data from one channel to > request a pinhole for a distinct src/dest pair. For a mux-based > protocol, the agent must be able to do more, because the src/dest pair > doesn't make for a full tuple; it must name the profiles as well. > Without that, all beep profiles would have to be considered > equivalent; the result would look much like a firewall control protocol > that could only specific IP address (and could not specify port number): > all tcp and udp-based protocols would look the same. Though I > can't point to an existing firewall implementation to prove it, I > have a strong suspicion that that won't suffice. > regards, > Ted Hardie _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 15:16:17 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA26263 for ; Mon, 9 Jul 2001 15:16:16 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA06989; Mon, 9 Jul 2001 15:02:29 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAB06960 for ; Mon, 9 Jul 2001 15:02:27 -0400 (EDT) Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA25967 for ; Mon, 9 Jul 2001 15:01:36 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-1.cisco.com (8.11.3/8.9.1) with ESMTP id f69J1uh05739; Mon, 9 Jul 2001 12:01:56 -0700 (PDT) Received: from spandex.cisco.com (rtp-vpn-162.cisco.com [10.82.192.162]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id AOG03352; Mon, 9 Jul 2001 12:01:48 -0700 (PDT) Message-Id: <5.1.0.14.0.20010709145534.00a18340@mira-sjc5-4.cisco.com> X-Sender: mshore@mira-sjc5-4.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 09 Jul 2001 15:02:53 -0400 To: "Christian Huitema" , , "Scott Brim" From: Melinda Shore Subject: RE: [midcom] Firewall interaction with BEEP Cc: In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org At 11:14 AM 7/9/01 -0700, Christian Huitema wrote: >I don't think that it is a good idea to add additional requirements at >this point in the game. We understand protocols and ports very well, and >we should specify that. I don't think that we should be requiring specifically BEEP profiles as demultiplexors, but it doesn't seem to me to be a huge stretch to require that the language be expressive enough to be able to transport stuff in addition to ports and addresses. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 16:30:13 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA27976 for ; Mon, 9 Jul 2001 16:30:13 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA09248; Mon, 9 Jul 2001 16:19:01 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA09215 for ; Mon, 9 Jul 2001 16:18:59 -0400 (EDT) Received: from astro.cs.utk.edu (astro.cs.utk.edu [160.36.58.43]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA27738 for ; Mon, 9 Jul 2001 16:18:10 -0400 (EDT) Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with ESMTP id QAA20227; Mon, 9 Jul 2001 16:18:29 -0400 (EDT) Message-Id: <200107092018.QAA20227@astro.cs.utk.edu> X-URI: http://www.cs.utk.edu/~moore/ From: Keith Moore To: Melinda Shore cc: "Christian Huitema" , hardie@equinix.com, "Scott Brim" , midcom@ietf.org Subject: Re: [midcom] Firewall interaction with BEEP In-reply-to: Your message of "Mon, 09 Jul 2001 15:02:53 EDT." <5.1.0.14.0.20010709145534.00a18340@mira-sjc5-4.cisco.com> Date: Mon, 09 Jul 2001 16:18:29 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > I don't think that we should be requiring specifically > BEEP profiles as demultiplexors, but it doesn't seem to > me to be a huge stretch to require that the language be > expressive enough to be able to transport stuff in addition > to ports and addresses. to me this is a very huge stretch. why do we have layering at all if every network element is going to expect to look at arbitrary layers of the protocol stack? _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 16:49:36 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA28215 for ; Mon, 9 Jul 2001 16:49:36 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA10050; Mon, 9 Jul 2001 16:46:10 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA10020 for ; Mon, 9 Jul 2001 16:46:08 -0400 (EDT) Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA28136 for ; Mon, 9 Jul 2001 16:45:19 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-4.cisco.com (8.11.3/8.9.1) with ESMTP id f69KjgP28643; Mon, 9 Jul 2001 13:45:42 -0700 (PDT) Received: from spandex.cisco.com (rtp-vpn-162.cisco.com [10.82.192.162]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id AOI00720; Mon, 9 Jul 2001 13:44:52 -0700 (PDT) Message-Id: <5.1.0.14.0.20010709164021.00a19060@mira-sjc5-4.cisco.com> X-Sender: mshore@mira-sjc5-4.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 09 Jul 2001 16:45:28 -0400 To: Keith Moore From: Melinda Shore Subject: Re: [midcom] Firewall interaction with BEEP Cc: "Christian Huitema" , hardie@equinix.com, "Scott Brim" , midcom@ietf.org In-Reply-To: <200107092018.QAA20227@astro.cs.utk.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org At 04:18 PM 7/9/01 -0400, Keith Moore wrote >to me this is a very huge stretch. why do we have layering >at all if every network element is going to expect to look >at arbitrary layers of the protocol stack? If a firewall is going to to pass BEEP traffic it's going to be looking into the payload, anyway. This is a symptom, not the disease. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 16:53:36 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA28310 for ; Mon, 9 Jul 2001 16:53:36 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA10151; Mon, 9 Jul 2001 16:50:21 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA10118 for ; Mon, 9 Jul 2001 16:50:19 -0400 (EDT) Received: from astro.cs.utk.edu (astro.cs.utk.edu [160.36.58.43]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA28207 for ; Mon, 9 Jul 2001 16:49:31 -0400 (EDT) Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with ESMTP id QAA20620; Mon, 9 Jul 2001 16:50:07 -0400 (EDT) Message-Id: <200107092050.QAA20620@astro.cs.utk.edu> X-URI: http://www.cs.utk.edu/~moore/ From: Keith Moore To: Melinda Shore cc: Keith Moore , "Christian Huitema" , hardie@equinix.com, "Scott Brim" , midcom@ietf.org Subject: Re: [midcom] Firewall interaction with BEEP In-reply-to: Your message of "Mon, 09 Jul 2001 16:45:28 EDT." <5.1.0.14.0.20010709164021.00a19060@mira-sjc5-4.cisco.com> Date: Mon, 09 Jul 2001 16:50:07 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > >to me this is a very huge stretch. why do we have layering > >at all if every network element is going to expect to look > >at arbitrary layers of the protocol stack? > > If a firewall is going to to pass BEEP traffic it's going to be > looking into the payload, anyway. This is a symptom, not the > disease. in that case, seems like the disease is trying to decide whether you can reasonably pass the traffic by looking at the content, rather than by looking at whether the parties are authorized to communicate. but my point is - we need to be working on scalable and technically sane approaches, not trying to standardize non-scalable hacks. Keith _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 17:02:09 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA28459 for ; Mon, 9 Jul 2001 17:02:09 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA10361; Mon, 9 Jul 2001 16:57:41 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA10329 for ; Mon, 9 Jul 2001 16:57:39 -0400 (EDT) Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA28381 for ; Mon, 9 Jul 2001 16:56:50 -0400 (EDT) Received: from airborne.cisco.com (airborne.cisco.com [171.71.154.32]) by sj-msg-core-1.cisco.com (8.11.3/8.9.1) with ESMTP id f69KvCh07276; Mon, 9 Jul 2001 13:57:12 -0700 (PDT) Received: from SBRIM-W2K.cisco.com (rtp-vpn2-4.cisco.com [10.82.96.4]) by airborne.cisco.com (Mirapoint) with ESMTP id AGE01871; Mon, 9 Jul 2001 13:56:52 -0700 (PDT) X-Mailer: emacs 20.7.1 (via feedmail 9-beta-12 I); VM 6.92 under Emacs 20.7.1 From: "Scott Brim" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15178.6800.52000.350951@gargle.gargle.HOWL> Date: Mon, 9 Jul 2001 16:56:48 -0400 To: Melinda Shore Cc: Keith Moore , "Christian Huitema" , hardie@equinix.com, midcom@ietf.org Subject: Re: [midcom] Firewall interaction with BEEP In-Reply-To: <5.1.0.14.0.20010709164021.00a19060@mira-sjc5-4.cisco.com> References: <5.1.0.14.0.20010709164021.00a19060@mira-sjc5-4.cisco.com> Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit On 9 Jul 2001 at 16:45 -0400, Melinda Shore apparently wrote: > At 04:18 PM 7/9/01 -0400, Keith Moore wrote > >to me this is a very huge stretch. why do we have layering > >at all if every network element is going to expect to look > >at arbitrary layers of the protocol stack? > > If a firewall is going to to pass BEEP traffic it's going to be > looking into the payload, anyway. This is a symptom, not the > disease. But it doesn't have to look at it with higher layer semantics (if it does we've just reproduced the current situation). I think we can do this. _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 17:05:49 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA28657 for ; Mon, 9 Jul 2001 17:05:49 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA10794; Mon, 9 Jul 2001 17:01:28 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA10766 for ; Mon, 9 Jul 2001 17:01:27 -0400 (EDT) Received: from astro.cs.utk.edu (astro.cs.utk.edu [160.36.58.43]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA28421 for ; Mon, 9 Jul 2001 17:00:38 -0400 (EDT) Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with ESMTP id RAA20800; Mon, 9 Jul 2001 17:00:34 -0400 (EDT) Message-Id: <200107092100.RAA20800@astro.cs.utk.edu> X-URI: http://www.cs.utk.edu/~moore/ From: Keith Moore To: "Scott Brim" cc: Melinda Shore , Keith Moore , "Christian Huitema" , hardie@equinix.com, midcom@ietf.org Subject: Re: [midcom] Firewall interaction with BEEP In-reply-to: Your message of "Mon, 09 Jul 2001 16:56:48 EDT." <15178.6800.52000.350951@gargle.gargle.HOWL> Date: Mon, 09 Jul 2001 17:00:34 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > > If a firewall is going to to pass BEEP traffic it's going to be > > looking into the payload, anyway. This is a symptom, not the > > disease. > > But it doesn't have to look at it with higher layer semantics (if it > does we've just reproduced the current situation). I think we can do > this. we shouldn't standardize looking below the packet layer. if people want the network to distinguish different kinds of traffic, they need to expose that distinction to the network - not expect the network to parse the traffic streams. anybody else remember when we understood why separation of function between layers was important? Keith _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 17:31:26 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29070 for ; Mon, 9 Jul 2001 17:31:26 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA11318; Mon, 9 Jul 2001 17:21:22 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA11287 for ; Mon, 9 Jul 2001 17:21:20 -0400 (EDT) Received: from nemo.corp.equinix.com (somehost-3.equinix.net [207.20.85.155]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA28951 for ; Mon, 9 Jul 2001 17:20:31 -0400 (EDT) From: hardie@equinix.com Received: (from hardie@localhost) by nemo.corp.equinix.com (8.9.3/8.9.3) id OAA05176; Mon, 9 Jul 2001 14:21:15 -0700 (PDT) Message-Id: <200107092121.OAA05176@nemo.corp.equinix.com> Subject: Re: [midcom] Firewall interaction with BEEP To: moore@cs.utk.edu (Keith Moore) Date: Mon, 9 Jul 2001 14:21:15 -0700 (PDT) Cc: hardie@equinix.com, sbrim@cisco.com (Scott Brim), midcom@ietf.org In-Reply-To: <200107091827.OAA19584@astro.cs.utk.edu> from "Keith Moore" at Jul 09, 2001 02:27:00 PM Reply-to: hardie@equinix.com X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit Keith, Given the threat model firewalls address, I find it very unlikely that assigning a port number to specific beep-substrate protocols would solve the problem. I believe it very likely that the firewalls will have to inspect at least the control channel of beep sessions to meet their security requirements. On the other hand, I expect that if a firewall sees something that is not allowed in such a session it will close the whole beep session, rather than trying to eliminate some channel in the mux. This isn't the worst case, but as you note, it isn't pretty. Unfortunately, I can't see how a firewall could meet its security requirements in the face of beep's characteristics without doing so. If you have another way of approaching the problem, now is the time to get it out, because we don't have any beep-capable firewalls to work around and we have a reasonable opportunity to suggest less problematic behavior. I raised this issue because this seems to be the time to ensure that the MIDCOM protocol syntax has sufficient flexibility to include information beyond host and port. There seem to me cases in which appropriate communication with firewalls does seem to require that the tuple for identification of permitted application goes beyond src,dest. Beep seems to me an important case in point. I agree with Christian that we understand src, dest well and do not understand all of the nuances of (src, dest, profiles), but I disagree that the work of getting that out should be put off. I strongly suspect that doing the work of understanding the needed semantics now will make getting an appropriate syntax correct far easier than working it out later as an addendum. After all, the base semantics for src,dest might need an "or" syntax at all, where the beep capable syntax needs to be able to handle something like "src and dest and (profile1 or profile2 or profile3)" or even "src and dest and not (profile1 or profile3)". regards, Ted Hardie Keith writes: > I think this is just further demonstration that we need for each > protocol that the network is going to know about to have a unique > port assignment, even if it's layered over a substrate such as BEEP. > Expecting the network to sort out details of protocols higher > than the packet level is not only a gross layering violation, > it doesn't scale well. It's one thing to build firewalls that > do this as a stopgap measure, but we shouldn't invest time trying > to standardize such hacks. > _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 17:35:31 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29116 for ; Mon, 9 Jul 2001 17:35:30 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA11809; Mon, 9 Jul 2001 17:31:02 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA11778 for ; Mon, 9 Jul 2001 17:31:00 -0400 (EDT) Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.24.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29051 for ; Mon, 9 Jul 2001 17:30:11 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-2.cisco.com (8.11.3/8.9.1) with ESMTP id f69LUcx11495; Mon, 9 Jul 2001 14:30:38 -0700 (PDT) Received: from spandex.cisco.com (rtp-vpn-162.cisco.com [10.82.192.162]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id AOI02886; Mon, 9 Jul 2001 14:29:34 -0700 (PDT) Message-Id: <5.1.0.14.0.20010709172909.00a23e00@mira-sjc5-4.cisco.com> X-Sender: mshore@mira-sjc5-4.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 09 Jul 2001 17:30:39 -0400 To: Keith Moore , "Scott Brim" From: Melinda Shore Subject: Re: [midcom] Firewall interaction with BEEP Cc: Keith Moore , "Christian Huitema" , hardie@equinix.com, midcom@ietf.org In-Reply-To: <200107092100.RAA20800@astro.cs.utk.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org At 05:00 PM 7/9/01 -0400, Keith Moore wrote: >anybody else remember when we understood why separation of function >between layers was important? We're headed off-topic. Let's not. Melinda _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 17:40:01 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29226 for ; Mon, 9 Jul 2001 17:40:01 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA11957; Mon, 9 Jul 2001 17:36:09 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA11929 for ; Mon, 9 Jul 2001 17:36:08 -0400 (EDT) Received: from nemo.corp.equinix.com (somehost-3.equinix.net [207.20.85.155]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29113 for ; Mon, 9 Jul 2001 17:35:19 -0400 (EDT) From: hardie@equinix.com Received: (from hardie@localhost) by nemo.corp.equinix.com (8.9.3/8.9.3) id OAA05678; Mon, 9 Jul 2001 14:36:02 -0700 (PDT) Message-Id: <200107092136.OAA05678@nemo.corp.equinix.com> Subject: Re: [midcom] Firewall interaction with BEEP To: moore@cs.utk.edu (Keith Moore) Date: Mon, 9 Jul 2001 14:36:02 -0700 (PDT) Cc: midcom@ietf.org, hardie@equinix.com (Ted Hardie) In-Reply-To: <200107092050.QAA20620@astro.cs.utk.edu> from "Keith Moore" at Jul 09, 2001 04:50:07 PM Reply-to: hardie@equinix.com X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 7bit Keith, Sorry that I hadn't read this before I sent my previous response. The point I'm making is that parties may be authorized to carry out one communication type but not another. Given that beep allows you to multiplex different types of communication over a single session, someone attempting to decide whether to authorize the communication can do one of several things: 1) Authorize any communication which might use that session The consequence is that any beep-substrate protocol being allowed allows all beep-substrate protocols 2) Deny any communication which might use that session The consequence is that denying any beep-substrate protocol denies all beep-substrate protocols 3) Assign a different port to each beep-substrate protocol (a)If you trust the port assignment to eliminate beeps capability to multiplex different types of communication over the same session, you are back to src,dest (b)If you do not trust the port assignment, you are at (1) or (2), depending on whether you allow or deny. 4) Permit communication based on specific profiles (a)If you trust the profiles asserted the only ones which will use the assigned session, you open the pinhole and you're done. (b)If you don't trust that the profiles asserted are the only ones which one party might use during the session, you inspect the session and close it if a profile other than one asserted is used. Fundamentally, the issue of protocol layers comes down to this: beep does not use a classic port-assignment method of opening communication channels. It uses a profile negotiation method within a session. If we don't deal with that, we will not have restored the classic port-assignment method, we will simply have produced a middlebox communication protocol that is less useful than it might be. regards, Ted Hardie > > > >to me this is a very huge stretch. why do we have layering > > >at all if every network element is going to expect to look > > >at arbitrary layers of the protocol stack? > > > > If a firewall is going to to pass BEEP traffic it's going to be > > looking into the payload, anyway. This is a symptom, not the > > disease. > > in that case, seems like the disease is trying to decide whether you > can reasonably pass the traffic by looking at the content, rather than > by looking at whether the parties are authorized to communicate. > > but my point is - we need to be working on scalable and technically > sane approaches, not trying to standardize non-scalable hacks. > > Keith > > _______________________________________________ > midcom mailing list > midcom@ietf.org > http://www.ietf.org/mailman/listinfo/midcom > _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 17:43:18 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29298 for ; Mon, 9 Jul 2001 17:43:13 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA12042; Mon, 9 Jul 2001 17:38:30 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA12016 for ; Mon, 9 Jul 2001 17:38:28 -0400 (EDT) Received: from astro.cs.utk.edu (astro.cs.utk.edu [160.36.58.43]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29177 for ; Mon, 9 Jul 2001 17:37:39 -0400 (EDT) Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with ESMTP id RAA21036; Mon, 9 Jul 2001 17:38:18 -0400 (EDT) Message-Id: <200107092138.RAA21036@astro.cs.utk.edu> X-URI: http://www.cs.utk.edu/~moore/ From: Keith Moore To: hardie@equinix.com cc: moore@cs.utk.edu (Keith Moore), sbrim@cisco.com (Scott Brim), midcom@ietf.org Subject: Re: [midcom] Firewall interaction with BEEP In-reply-to: Your message of "Mon, 09 Jul 2001 14:21:15 PDT." <200107092121.OAA05176@nemo.corp.equinix.com> Date: Mon, 09 Jul 2001 17:38:18 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > Given the threat model firewalls address, I find it very > unlikely that assigning a port number to specific beep-substrate > protocols would solve the problem. I believe it very likely that the > firewalls will have to inspect at least the control channel of beep > sessions to meet their security requirements. I have no doubt that firewalls that inspect content will continue to exist. The question is whether these should be explicitly supported with standard Internet protocols for controlling them. I think it is a terrible idea, because it encourages poor design and it doesn't scale. > This isn't the worst case, but as you note, it isn't pretty. > Unfortunately, I can't see how a firewall could meet its security > requirements in the face of beep's characteristics without doing so. > If you have another way of approaching the problem, now is the > time to get it out, because we don't have any beep-capable firewalls > to work around and we have a reasonable opportunity to suggest > less problematic behavior. I think midcom is inherently trying to solve a very limited problem, because as soon as you try to generalize it, it becomes intractable. So it needs to stick with the subset of the problem that is tractable. Yes, it's probably the case that whatever midcom produces will be only of limited utility. But I think that's a direct consequence of the solution space that midcom anticipates. > I raised this issue because this seems to be the time to > ensure that the MIDCOM protocol syntax has sufficient flexibility to > include information beyond host and port. There seem to me cases in > which appropriate communication with firewalls does seem to require > that the tuple for identification of permitted application goes beyond > src,dest. Beep seems to me an important case in point. I think it would be a very poor decision if we taught MIDCOM to deal with protocol information beyond host and port. MIDCOM should not try to support and encourage everything that firewalls do. That way lies madness. Keith _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 17:49:09 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29437 for ; Mon, 9 Jul 2001 17:49:08 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA12207; Mon, 9 Jul 2001 17:43:37 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA12180 for ; Mon, 9 Jul 2001 17:43:36 -0400 (EDT) Received: from astro.cs.utk.edu (astro.cs.utk.edu [160.36.58.43]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29294 for ; Mon, 9 Jul 2001 17:42:47 -0400 (EDT) Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with ESMTP id RAA21074; Mon, 9 Jul 2001 17:43:23 -0400 (EDT) Message-Id: <200107092143.RAA21074@astro.cs.utk.edu> X-URI: http://www.cs.utk.edu/~moore/ From: Keith Moore To: Melinda Shore cc: Keith Moore , "Scott Brim" , "Christian Huitema" , hardie@equinix.com, midcom@ietf.org Subject: Re: [midcom] Firewall interaction with BEEP In-reply-to: Your message of "Mon, 09 Jul 2001 17:30:39 EDT." <5.1.0.14.0.20010709172909.00a23e00@mira-sjc5-4.cisco.com> Date: Mon, 09 Jul 2001 17:43:23 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > We're headed off-topic. Let's not. if separation of layers is off topic, this entire group is off topic. _______________________________________________ midcom mailing list midcom@ietf.org http://www.ietf.org/mailman/listinfo/midcom From midcom-admin@ietf.org Mon Jul 9 17:51:30 2001 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29475 for ; Mon, 9 Jul 2001 17:51:26 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA12356; Mon, 9 Jul 2001 17:47:22 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA12321 for ; Mon, 9 Jul 2001 17:47:20 -0400 (EDT) Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.24.11]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA29377 for ; Mon, 9 Jul 2001 17:46:31 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-2.cisco.com (8.11.3/8.9.1) with ESMTP id f69Lkwx23002; Mon, 9 Jul 2001 14:46:58 -0700 (PDT) Received: from spandex.cisco.com (rtp-vpn-162.cisco.com [10.82.192.162]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id AOI03581; Mon, 9 Jul 2001 14:46:32 -0700 (PDT) Message-Id: <5.1.0.14.0.20010709174148.00a18750@mira-sjc5-4.cisco.com> X-Sender: mshore@mira-sjc5-4.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 09 Jul 2001 17:47:37 -0400 To: Keith Moore From: Melinda Shore