Re: [MEXT] firewall-vendor and firewall-admin review - editorial

[RYUJI WAKIKAWA <ryuji.wakikawa at gmail.com>]

Hi Suresh,

On 2008/02/16, at 6:36, Suresh Krishnan wrote:

> Hi William,
>   Thanks for the comments. Please find my responses inline
>
>> Recommendation/Question #4
>> ===========================
>> Regarding the firewall-vendor document.
>>
>> In today's MIP deployments (v6, v4, NEMO), when MIP signaling is  
>> blocked
>> by a firewall, does that firewall return any type of message to allow
>> one to debug the system?  Quite a few years ago when I did NEMO IPv4
>> with a T-Mobile network we were operating fine one day and the next  
>> day
>> everything broke.  It turned out T-Mobile started administratively
>> filtering on what we considered an open network.  At least we  
>> received
>> "administratively filtered" messages and could track down the  
>> problem.
>> http://roland.grc.nasa.gov/~ivancic/t-mobile/administrative_filtering.pd
>> f
>>
>> My recommendation is that vendors should provide some type of uniform
>> signaling to indicate that MIP signaling was administratively  
>> filtered.
>> Perhaps some new ICMP message or at least a recommendation of which  
>> to
>> send.
>
> ICMPv6 Type 1 (Destination unreachable) message with code 1 -
> communication with destination administratively prohibited seems  
> like a
> good fit for this, but I am open to the idea of a new type/code

Any notification is useful to know the firewall condition for the  
debugging purpose.
But how can the MIP6 stack process these ICMP packets?
Are you going to specify the new MN's behavior here ?

regards,
ryuji


> Thanks
> Suresh
>
> _______________________________________________
> MEXT mailing list
> MEXT at ietf.org
> http://www.ietf.org/mailman/listinfo/mext

_______________________________________________
MEXT mailing list
MEXT at ietf.org
http://www.ietf.org/mailman/listinfo/mext