16 Sep 2003 02:57
Re: Reminder: wg last call
Daniel Fonseca <danielonline_2 <at> yahoo.com>
2003-09-16 00:57:17 GMT
2003-09-16 00:57:17 GMT
--- Pyda Srisuresh <srisuresh <at> yahoo.com> wrote: > > --- Melinda Shore <mshore <at> cisco.com> wrote: > > On Monday, September 15, 2003, at 12:32 PM, Pyda > Srisuresh wrote: > > >>> > > >>> A. NAT is configured on a per-interface > basis. As such, the > > >>> Midcom/NAT transactions would be > specified on a > > >>> per-interface > > >> basis. > > >> > > >> I do not share this view. A midcom agent has > the intention and > > >> capability > > >> to specify endpoints of communication across > the middlebox. Which > > >> interfaces > > >> of the middlebox are affected is not subject of > midcom transactions. > > > > > > It would be when the middlebox has several > interfaces. > > > > The question is fraught with all sorts of > problems. For example, it's > > probably not reasonable to expect agents to know > not only which > > interfaces > > a middlebox has but also how they're routed, at > least in an even > > modestly > > complex environment. Nevertheless I do think that > this is one area > > where > > there are more benefits from allowing the > possibility of doing this than > > from not allowing it. Frankly my expectation in > the general case would > > be > > for an agent to send a request without specifying > the interface and > > allow > > the middlebox to choose one, either returning (or > not) the selected > > interface. > > In the case where a middlebox is configured with > NAT/Firewall on a single > interface, I guess, the transactions could default > to that specific interface > when the interface is not specified. > > > > > Melinda > > > > regards, > suresh > > ===== (I found the following explanation very hard to write clearly about. Let me know if it's still confusing.) suresh, I was thinking about the case you mentioned previously, regarding specifically the interfaces connected to networks with overlapping addresses or different IP versions (did I get it right?). However, I think the protocol is meant to be transparent to the end applications. Under those circumstances, I was not able to come up with any realistic scenario where an app would attempt to connect to an address of a different version, or even know about a host in some other network with the same address space. The former seems unlikely to me, and the latter would only be possible if a Twice-NAT was already defined at the middlebox. But then the middlebox would already "know" which interfaces are involved in the transaction. That is also the case with different IP versions. Will the ALG be responsible for keeping its own NAT table, with all addresses and interfaces? Hope that was clear enough, Daniel __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
RSS Feed