80 likes | 101 Views
Loose End Message Routing Method for NATFW NSLP (LEMRM). IETF 62 - March 2005 draft-stiemerling-nsis-natfw-mrm-01.txt Martin Stiemerling stiemerling@netlab.nec.de. Changes to -00. Changed major parts of Section 2 “Signalling the wrong way” Section 3 “LEMRM”
E N D
Loose End Message Routing Method for NATFW NSLP (LEMRM) IETF 62 - March 2005 draft-stiemerling-nsis-natfw-mrm-01.txt Martin Stiemerling stiemerling@netlab.nec.de
Changes to -00 • Changed major parts of • Section 2 “Signalling the wrong way” • Section 3 “LEMRM” • Added figures explaining what state installed where • Diff between -00 and -01 is available here: • http://www.stiemerling.org/ietf/nsis/draft-stiemerling-nsis-natfw-mrm-01_diff.html
Use cases: NAT only • RESERVE-EXTERNAL-ADDRESS (REA) • Spotting the right upstream NAT • Reserving public reachable IP address • Easy case through route pinning • REA[PROXY] • Proxy mode support • Data receiver capable of NATFW NSLP only
Use cases: Firewall only • UPSTREAM CREATE (UCREATE) • Spotting upstream firewall • Install ‘deny’ policy rules • How to spot these firewalls? • Spotting single firewall is easy • Multihomed networks • Not a case for LEMRM • data sender is known (at least IP address) • Similar case like localized QoS signalling.
Open Issues • Applicability of LEMRM to other NSLP • Firewall handling for messages • Firewalls must forward NTLP D-MODE • Firewalls must permit NTLP C-MODE • Data receiver side: implies upstream NTLP must initiated C-MODE connection • Data sender side: implies that downstream NTLP must initiated C-MODE connection • Technical details still to be worked out • Need more comments from list
Thank you! Questions?