[MEXT] firewall-vendor and firewall-admin review - editorial

To: <mext at ietf.org>
Subject: [MEXT] firewall-vendor and firewall-admin review - editorial
From: "Ivancic, William D. (GRC-RCN0)" <william.d.ivancic at nasa.gov>
Date: Fri, 15 Feb 2008 15:18:50 -0600
Delivered-to: ietfarch-mip6-web-archive at core3.amsl.com
Delivered-to: mext at core3.amsl.com
List-archive: <http://www.ietf.org/pipermail/mext>
List-help: <mailto:mext-request@ietf.org?subject=help>
List-id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-post: <mailto:mext@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
Sender: mext-bounces at ietf.org
Thread-index: AchwGFutbo4Ncb28QMCyEfpGGyhAuA==
Thread-topic: firewall-vendor and firewall-admin review - editorial

I was asked to review both 

Guidelines for firewall vendors regarding MIPv6 traffic
draft-krishnan-mip6-firewall-vendor-02

and 

Guidelines for firewall administrators regarding MIPv6 traffic
draft-krishnan-mip6-firewall-admin-02

I read the earlier versions and now the most recent versions.  I read
them over a few times and do not have much to add to those documents
except for some minor editorial suggestions.  I believe most details are
covered regarding how to allow MIP to work relative to communicating
through a firewalled network.

I will  submit a second email on operations.  This only covers editorial
comments except for recommendation 4.

Recommendation #1
=================

In both document in the introduction, section 2 it states:

"Since firewalls are not aware of MIPv6 protocol details, they will
probably interfere with the smooth operation of the protocol."

To me, there is no doubt or probability.  Firewall WILL break MIPv6 (and
MIPv4 and NEMO) unless steps are taken.  Thus, I suggest changing the
wording to:

"Firewalls will interfere with the smooth operation of the MIPv6
protocol unless specific steps are taken to allow Mobile IPv6 signaling
and data messages to pass through the firewall."

Recommendation #2
===================
The people on the MEXT or MIP6 mail lists are probably familiar with the
MIP abbreviations - although even I have to sometimes go back and look
up what HoTI or CoT are.   A firewall vendor or administrator is likely
to have little familiarity with those terms.     For example in the
firewall-vendor draft section 4.

"4.  Allowing signaling response packets

   The MIPv6 signaling messages are usually performed as a request-
   response pair. ..... There are 3 message pairs that are
   of importance to MIPv6 signaling.  They are the BU/BA, HoTI/HoT and
   CoTI/CoT pairs.  ...."
   
Thus, I recommend that an abbreviations list be provided as is done in
section 3 of RFC4487 - see below.  Also, if there is a MIPv6 or MIP
document that defines mobile ip terms, it would be good to reference
such a document.

Follow-Ups:
- Re: [MEXT] firewall-vendor and firewall-admin review - editorial
  - From: Suresh Krishnan

Prev by Date: Re: [MEXT] [Recharter.2]
Next by Date: Re: [MEXT] firewall-vendor and firewall-admin review - editorial
Previous by thread: [MEXT] I-D Action:draft-haddad-mext-enhanced-reachability-test-00.txt (fwd)
Next by thread: Re: [MEXT] firewall-vendor and firewall-admin review - editorial
Index(es):
- Date
- Thread

[MEXT] firewall-vendor and firewall-admin review - editorial

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.