Le 2014-04-18 14:20, William Herrin a écrit :
On Fri, Apr 18, 2014 at 2:06 PM, Simon Perreault <simon@per.reau.lt> wrote:
IMHO, what the IETF can do is recommend a set of behavioural traits that make IPv6 firewalls behave like good citizens in the Internet ecosystem. Meaning that a firewall that obeys those requirements will not break the Internet. For example, passing ICMPv6 Too Big messages is important to not break the Internet.
That would either be a very short document or a document so ideologically loaded that it has no technical utility. The Internet is pretty resilient. There isn't much a firewall can do to break it.
In IETF we routinely use the phrase "breaking the Internet" to mean something rather more limited than "breaking all of the Internet". There are tons of things firewalls can do, and some do today, that would be considered breaking the Internet. FYI, we had a similar document targeted at CGNs: http://tools.ietf.org/html/rfc6888
From the abstract:
This document describes behavior that is required of those multi- subscriber NATs for interoperability. It is not an IETF endorsement of CGNs or a real specification for CGNs; rather, it is just a minimal set of requirements that will increase the likelihood of applications working across CGNs. That is exactly the kind of requirements I am thinking of when I say "not breaking the Internet". Still, there were a few "feature shopping list" requirements that crept into that RFC. It's far from perfect. Simon