Layer Two Tunneling Protocol Extensions (l2tpext)

The IESG | 6 Nov 2002 21:39

Picon

Last Call: Signalling of Modem-On-Hold status in Layer 2 Tunneling Protocol (L2TP) to Proposed Standard


The IESG has received a request from the Layer Two Tunneling Protocol 
Extensions Working Group to consider Signalling of Modem-On-Hold status 
in Layer 2 Tunneling Protocol (L2TP) <draft-ietf-l2tpext-v92-moh-02.txt> 
as a Proposed Standard.  

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send any comments to the 
iesg <at> ietf.org or ietf <at> ietf.org mailing lists by 2002-12-6.

Files can be obtained via http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-v92-moh-02.txt

James Huang | 7 Nov 2002 01:11

UDP-encapsulated IPsec Transport mode

Hi all,
	In the appendix A of draft-ietf-ipsec-udp-encaps-04.txt, there is
some discussions on the issue of multiple clients running UDP-encapsulated
IPsec transport mode tunnels behind a NAT box.  However, I did not find any
discussion on another related issue:  In the traffic selector (ID) payload
the client sends out during quick mode exchange, should the client use its
own private address or the public routable address (i.e. the NAT box's
public IP address)?  If it the later, how does the client know about that
public address?  This seems to be a serious issue, especially for L2TP
voluntary tunnels secured by IPsec (in transport mode).

Regards,
James C. Huang

James Huang | 7 Nov 2002 01:11

UDP-encapsulated IPsec Transport mode

Hi all,
	In the appendix A of draft-ietf-ipsec-udp-encaps-04.txt, there is
some discussions on the issue of multiple clients running UDP-encapsulated
IPsec transport mode tunnels behind a NAT box.  However, I did not find any
discussion on another related issue:  In the traffic selector (ID) payload
the client sends out during quick mode exchange, should the client use its
own private address or the public routable address (i.e. the NAT box's
public IP address)?  If it the later, how does the client know about that
public address?  This seems to be a serious issue, especially for L2TP
voluntary tunnels secured by IPsec (in transport mode).

Regards,
James C. Huang

Markus Stenberg | 7 Nov 2002 08:51

Picon

Picon

Re: UDP-encapsulated IPsec Transport mode

James Huang <james.huang <at> watchguard.com> writes:
> Hi all,
> 	In the appendix A of draft-ietf-ipsec-udp-encaps-04.txt, there is
> some discussions on the issue of multiple clients running UDP-encapsulated
> IPsec transport mode tunnels behind a NAT box.  However, I did not find any
> discussion on another related issue:  In the traffic selector (ID) payload
> the client sends out during quick mode exchange, should the client use its
> own private address or the public routable address (i.e. the NAT box's
> public IP address)?  If it the later, how does the client know about that
> public address?  This seems to be a serious issue, especially for L2TP
> voluntary tunnels secured by IPsec (in transport mode).

L2TP specific issues I am blissfully unaware of; however, because the NAT
boxes are not neccessarily even controlled by the IPsec user, sending the
public address is not really an option that can be supported everywhere.

Here's how the information flow goes as far as I see it:

 Public address doesn't really need to be sent in any case as the remote
 side's public address is the address we're talking IKE with (or at least
 remote address+port combination, but in NAPT case you don't really have
 more of an remote address in any case).

 Private address that is used by the OS for actual traffic is provided
 within the NAT-OA payload so the checksums et al can be corrected.

Therefore, at least as far as implementation I used to work on goes, ID
payload in transport mode case doesn't matter (I seem to recall we sent
private address, but pretty much ignored what was sent by remote).

(Continue reading)

James Huang | 7 Nov 2002 20:01

RE: UDP-encapsulated IPsec Transport mode


> -----Original Message-----
> From: Markus Stenberg [mailto:fingon <at> iki.fi]
> Sent: Wednesday, November 06, 2002 11:51 PM
> To: James Huang
> Cc: ipsec <at> lists.tislabs.com; 'l2tpext <at> ietf.org'
> Subject: Re: UDP-encapsulated IPsec Transport mode
> 
> 
> James Huang <james.huang <at> watchguard.com> writes:
> > Hi all,
> > 	In the appendix A of 
> draft-ietf-ipsec-udp-encaps-04.txt, there is
> > some discussions on the issue of multiple clients running 
> UDP-encapsulated
> > IPsec transport mode tunnels behind a NAT box.  However, I 
> did not find any
> > discussion on another related issue:  In the traffic 
> selector (ID) payload
> > the client sends out during quick mode exchange, should the 
> client use its
> > own private address or the public routable address (i.e. 
> the NAT box's
> > public IP address)?  If it the later, how does the client 
> know about that
> > public address?  This seems to be a serious issue, 
> especially for L2TP
> > voluntary tunnels secured by IPsec (in transport mode).
> 
> L2TP specific issues I am blissfully unaware of; however,

(Continue reading)

James Huang | 7 Nov 2002 20:01

RE: UDP-encapsulated IPsec Transport mode


> -----Original Message-----
> From: Markus Stenberg [mailto:fingon <at> iki.fi]
> Sent: Wednesday, November 06, 2002 11:51 PM
> To: James Huang
> Cc: ipsec <at> lists.tislabs.com; 'l2tpext <at> ietf.org'
> Subject: Re: UDP-encapsulated IPsec Transport mode
> 
> 
> James Huang <james.huang <at> watchguard.com> writes:
> > Hi all,
> > 	In the appendix A of 
> draft-ietf-ipsec-udp-encaps-04.txt, there is
> > some discussions on the issue of multiple clients running 
> UDP-encapsulated
> > IPsec transport mode tunnels behind a NAT box.  However, I 
> did not find any
> > discussion on another related issue:  In the traffic 
> selector (ID) payload
> > the client sends out during quick mode exchange, should the 
> client use its
> > own private address or the public routable address (i.e. 
> the NAT box's
> > public IP address)?  If it the later, how does the client 
> know about that
> > public address?  This seems to be a serious issue, 
> especially for L2TP
> > voluntary tunnels secured by IPsec (in transport mode).
> 
> L2TP specific issues I am blissfully unaware of; however,

(Continue reading)

The IESG | 7 Nov 2002 21:11

Picon

Note Well Statement


From time to time, especially just before a meeting, this statement is to
be sent to each and every IETF working group mailing list.
===========================================================================

				NOTE WELL

All statements related to the activities of the IETF and addressed to the
IETF are subject to all provisions of Section 10 of RFC 2026, which grants
to the IETF and its participants certain licenses and rights in such
statements.

Such statements include verbal statements in IETF meetings, as well as
written and electronic communications made at any time or place, which are
addressed to

    - the IETF plenary session,
    - any IETF working group or portion thereof,
    - the IESG, or any member thereof on behalf of the IESG,
    - the IAB or any member thereof on behalf of the IAB,
    - any IETF mailing list, including the IETF list itself,
      any working group or design team list, or any other list
      functioning under IETF auspices,
    - the RFC Editor or the Internet-Drafts function

Statements made outside of an IETF meeting, mailing list or other function,
that are clearly not intended to be input to an IETF activity, group or
function, are not subject to these provisions.

Skip Booth | 8 Nov 2002 04:30

Picon

RE: UDP-encapsulated IPsec Transport mode

James, does the recommendation in section 3.1.2 a) answer your question?  I
believe after fixing up the IP header to include the private address which was
advertised during the negotiation, the packet will pass through the SG filters.
The authors of this draft should be able to provide further clarification if
this doesn't address your concerns.

-Skip

On Thu, 7 Nov 2002, James Huang wrote:

>
>
> > -----Original Message-----
> > From: Markus Stenberg [mailto:fingon <at> iki.fi]
> > Sent: Wednesday, November 06, 2002 11:51 PM
> > To: James Huang
> > Cc: ipsec <at> lists.tislabs.com; 'l2tpext <at> ietf.org'
> > Subject: Re: UDP-encapsulated IPsec Transport mode
> >
> >
> > James Huang <james.huang <at> watchguard.com> writes:
> > > Hi all,
> > > 	In the appendix A of
> > draft-ietf-ipsec-udp-encaps-04.txt, there is
> > > some discussions on the issue of multiple clients running
> > UDP-encapsulated
> > > IPsec transport mode tunnels behind a NAT box.  However, I
> > did not find any
> > > discussion on another related issue:  In the traffic

(Continue reading)

James Huang | 8 Nov 2002 19:27

RE: UDP-encapsulated IPsec Transport mode

Skip,
	If we fix up the source IP address using the private address
advertised in NAT-OA during IKE negotiation, then why should TCP/UDP
checksum be re-computed at the security gateway as was described in section
3.1.2?   The checksum was originally computed by the client using its
private address.  Also is this solution the same as the "built-in NAT"
solution mentioned in Appendix A of draft-ietf-ipsec-udp-encaps-04.txt to
solve the problem of multiple clients behind a NAT with overlapped traffic
specifications?

Thanks,
- James 

> -----Original Message-----
> From: Skip Booth [mailto:ebooth <at> cisco.com]
> Sent: Thursday, November 07, 2002 7:31 PM
> To: James Huang
> Cc: 'Markus Stenberg'; ipsec <at> lists.tislabs.com; 'l2tpext <at> ietf.org'
> Subject: RE: UDP-encapsulated IPsec Transport mode
> 
> 
> 
> James, does the recommendation in section 3.1.2 a) answer 
> your question?  I
> believe after fixing up the IP header to include the private 
> address which was
> advertised during the negotiation, the packet will pass 
> through the SG filters.
> The authors of this draft should be able to provide further 
> clarification if

(Continue reading)

W. Mark Townsley | 8 Nov 2002 20:35

Picon

l2tpext agenda for 55th IETF in Atlanta

Agenda Bashing
5 minutes

W. Mark Townsley
- WG Update
- L2TPv3 Status
15 minutes

Tom Mistretta
draft-l2tpext-infomsg-01.txt and
draft-nmcgill-l2tp-radius-ext-nas-port-00.txt
15 minutes

Rahul Aggarwal
draft-ietf-l2tpext-pwe3-ethernet-00.txt
10 minutes

Group

gmane.ietf.l2tpext.

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6

Articles in period: 56

November 2002

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Emulation of basic ISDN interfaces using TDMPWs (30 Dec 2011)
Set up of TDMPWs after the establishment of a call (13 Dec 2011)
PWs in the NGN network (12 Dec 2011)
Different manipulation of channels in a Nx64 service (12 Dec 2011)
Payload needs to align with a 32-bit boundary (1 Dec 2011)
FR over PWs (20 Nov 2011)
TDMoIP AAL2 and TSSI/RDTD structures (13 Oct 2011)
FRPW: LAPF or Core-LAPF (8 Aug 2011)
[Editorial Errata Reported] RFC3931 (2766) (4 Apr 2011)
L2TPV3 (25 Mar 2011)
Fwd: NomCom 2010-2011: Call for More Nominations (17 Sep 2010)
Pseudo-wires: uni-directional o bi-directional? (18 Jun 2010)
RFC 4349 and RFC 4591: FR negotiation (18 Jun 2010)
RFC 4591 and RFC 4349: DLCI at egress LCCE (16 Jun 2010)
RFC 4591 and RFC 4349: DLCI at egress LCCE (15 Jun 2010)
L2TPext | Interest on Expired Milestones (10 Jun 2010)
RFC 5641 on Layer 2 Tunneling Protocol Version 3 (L2TPv3) Extended Cir (1 Sep 2009)
RFC 5611 on Layer Two Tunneling Protocol version 3 - Setup of Time-Div (19 Aug 2009)
An error in RFC 4446 "IANA Allocations for Pseudowire Edge to Edge Emu (18 Aug 2009)
Protocol Action: 'L2TPv3 Extended Circuit Status Values' to Proposed S (20 Jul 2009)
I-D Action:draft-ietf-l2tpext-circuit-status-extensions-05.txt (13 Jul 2009)

Archives

7	December 2011
1	November 2011
1	October 2011
1	September 2011
2	August 2011
5	April 2011
1	March 2011
1	September 2010
5	July 2010
25	June 2010
1	September 2009
15	August 2009
5	July 2009
5	June 2009
1	May 2009
5	April 2009
7	March 2009
1	February 2009
1	December 2008
4	November 2008
2	October 2008
3	September 2008
10	August 2008
1	July 2008
1	June 2008
3	March 2008
1	February 2008
1	January 2008
1	December 2007
3	November 2007
1	October 2007
5	August 2007
6	July 2007
11	June 2007
1	May 2007
5	March 2007
3	February 2007
2	January 2007
7	December 2006
5	November 2006
5	October 2006
25	September 2006
8	August 2006
4	July 2006
9	June 2006
5	May 2006
4	April 2006
4	March 2006
6	February 2006
6	January 2006
12	December 2005
5	November 2005
10	October 2005
27	September 2005
10	August 2005
12	July 2005
13	June 2005
20	May 2005
9	April 2005
3	March 2005
2	February 2005
1	January 2005
5	December 2004
14	November 2004
9	October 2004
28	September 2004
6	August 2004
5	July 2004
7	June 2004
1	May 2004
1	April 2004
4	March 2004
1	February 2004
11	January 2004
5	December 2003
7	November 2003
11	October 2003
11	September 2003
5	August 2003
11	July 2003
9	June 2003
9	May 2003
10	April 2003
7	March 2003
7	February 2003
9	January 2003
6	December 2002
56	November 2002
5	October 2002
4	September 2002
27	August 2002
33	July 2002
16	June 2002
33	May 2002
17	April 2002
1	February 2001

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template