[Mip6-firewall] HA Firewall BCP draft
Gabor.Bajko at nokia.com
Gabor.Bajko at nokia.com
Fri Jun 29 03:05:13 EDT 2007
Suresh,
In section 3.2, we should mention that even though HoTI/HoT may pass
through the fw when the specified pattern is created, when there is a fw
on the path between the MN and CN, CoTI/CoT will not, as they are sent
from untrusted addresses. Thus without additional mechanism to create
the necessary pattern, the RRT will not be successful.
MIP6 is designed to work even without RO as the MN falls back to reverse
tunnelling through the HA when RRT fails, a direct path without
involving intermediaries would be desirable by real-time, delay
sensitive applications.
It might be better to consider the scenarios when the HA is behind fw,
the MN is behind fw, the CN is behind fw and a conbination of these
separately.
Do we want to talk in the draft about the relation between fw rules and
ipsec policies?
- gabor
-----Original Message-----
From: mip6-firewall-bounces at zeke.ecotroph.net
[mailto:mip6-firewall-bounces at zeke.ecotroph.net] On Behalf Of ext Suresh
Krishnan
Sent: Thursday, June 28, 2007 9:45 PM
To: mip6-firewall at zeke.ecotroph.net
Subject: [Mip6-firewall] HA Firewall BCP draft
Hi Folks,
Here is the first cut of the firewall draft as promised. Please take
some time to review this. I have not had the time to settle the author
list yet.So if you would like to be included as an listed author, please
let me know.
Cheers
Suresh
More information about the Mip6-firewall
mailing list