[Mip6-firewall] HA Firewall BCP draft
QIU Ying
qiuying at i2r.a-star.edu.sg
Fri Jun 29 03:26:16 EDT 2007
Hi, Suresh
The file looks good. But I have argument on section 3.2.
According to RFC 3776, the HoTI/HoT messages between MN and HA is
encapsulated by ESP. So it is not need a special configuration for HoT
message.
Since checking protocol number is more popular than the header type, why not
just filter the mobility protocol number (it is 135 according to RFC3775)
for these signaling messages?
If not objected, I would like to add sections about "CN behind a firewall"
and "MN behind a firewall". The process of CN behind firewall would be
similar as HA behind firewall, but the CoTI/CoT is never protect by ipsec.
The process of MN behind firewall is a bit complicated as the
source/destination address CoA is changed frequently. I hope I could finish
by tomorrow.
Regards
Qiu Ying
----- Original Message -----
From: "Suresh Krishnan" <suresh.krishnan at ericsson.com>
To: <mip6-firewall at zeke.ecotroph.net>
Sent: Friday, June 29, 2007 12:45 PM
Subject: [Mip6-firewall] HA Firewall BCP draft
> Hi Folks,
> Here is the first cut of the firewall draft as promised. Please take
> some time to review this. I have not had the time to settle the author
> list yet.So if you would like to be included as an listed author, please
> let me know.
>
> Cheers
> Suresh
>
------------ Institute For Infocomm Research - Disclaimer -------------This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank you.--------------------------------------------------------
More information about the Mip6-firewall
mailing list