Default security functions on an IPv6 CPE

Mikael Abrahamsson swmike at swm.pp.se
Thu May 12 11:49:15 CEST 2011


On Thu, 12 May 2011, Ted Mittelstaedt wrote:

> I don't see why it would.  Any e2e application written with any modicum 
> of regard for the user is going to be done in such a way that the 
> "receiving" user will be requested whether or not they want to receive 
> incoming traffic from the other end.  When they indicate yes then their 
> client can issue a UPNPv6 request to the firewall.

How would the e2e application know if it's being contacted if it can't 
receive traffic from the Internet in the first place? If you say "via the 
server it connected to initially" then you have just defined a non-e2e 
application (it's not standalone).

So with a FW on, you *need* UPNP, and in a hierichal network home 
(multiple gateways getting prefixes through PD), these UPNP messages need 
to traverse multiple potential gateways as well.

It's complicated, it's going to cause problems, but I don't really see how 
it can be avoided.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se


More information about the ipv6-ops mailing list