Le samedi 16 juin 2007, Ole Troan a écrit : > >> > To be clear, if even a small fraction of firewalls get deployed > >> > that just block all traffic with a RH, MIPv6 breaks and becomes > >> > undeployable in practice. For EVERYONE! > >> > >> The answer to the upcoming question must be obvious to many people > >> here, but anyway not to me: Does blocking RH2 breaks Mobile Nodes > >> in your network, or does it break both Mobile Nodes *AND* > >> Correspondant Nodes? > > > > It breaks mobile nodes. The HA sends traffic to the MN using a type > > 2 RH header. That is, instead of "tunneling", e.g., via IP in IP, > > the HA forwards packets to the MN at its temporary Care-of-Address > > via a type 2 RH header. The HA can't communicate with the MN if > > such traffic is filtered. > > > > Hence, if such filtering becomes even occasionaly common on the > > open Internet, MIPv6 will become unusable/undeployable in practice. > > we could fix MIPv6. i.e use IP in IP instead of RH2.
At the end of the day, it would only add more overhead while decreasing the "expresiveness" of the mobility header (which is a "vulgar" IP header instead of specifically a mobility header). And it would annoy firewall vendors as much as RH does, since they would still have to parse skip through inner IP header in order to reach the transport header. Therefore, I think it is totally pointless, and it definitely is NOT a "fix". -- Rémi Denis-Courmont http://www.remlab.net/
signature.asc
Description: This is a digitally signed message part.
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
