nanog mailing list archives
Re: shim6 @ NANOG
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Sun, 5 Mar 2006 15:51:12 +0100
On 5-mrt-2006, at 12:09, Ian Dickinson wrote:
As an irrelevent aside, when someone comes up with a way to firewall/aclshim6, how much breaks?
The idea is that there will be a shim6 header that can do two things: carry shim6 signalling and carry data packets with rewritten addresses after a rehoming. Since data packets with rewritten addresses can only occur after there have been shim6 signalling packets on the same path, filtering out packets with the shim6 header on the initially chosen path makes it impossible for the shim state to be created so there is no multihoming. If shim packets are allowed on the initially chosen path but not on the backup path, shim6 (un) reachability detection won't work over the backup path so the backup path will be considered broken and won't be used.
In other words: you fall back to single homing without ill effects.Of course having a TCP session or the like change addresses halfway through the session may throw stateful firewalls a bit.
Current thread:
- Re: shim6 @ NANOG, (continued)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 04)
- Re: shim6 @ NANOG Matthew Petach (Mar 04)
- Re: shim6 @ NANOG Marshall Eubanks (Mar 04)
- Re: shim6 @ NANOG Edward B. DREGER (Mar 05)
- Re: shim6 @ NANOG Joe Abley (Mar 04)
- Re: shim6 @ NANOG Roland Dobbins (Mar 04)
- Re: shim6 @ NANOG Joe Abley (Mar 05)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 05)
- Re: shim6 @ NANOG Christopher L. Morrow (Mar 05)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 05)
- Message not available
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 05)
- Re: shim6 @ NANOG Christopher L. Morrow (Mar 05)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 05)
- Message not available
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 06)
- Re: shim6 @ NANOG Owen DeLong (Mar 05)
- Re: shim6 @ NANOG Joe Abley (Mar 05)
- Re: shim6 @ NANOG Stephen Sprunk (Mar 05)
- Re: shim6 @ NANOG Joe Abley (Mar 05)
- Re: shim6 @ NANOG Roland Dobbins (Mar 05)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 06)
- Re: shim6 @ NANOG Owen DeLong (Mar 06)