This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/go/artf6483?nav=1 at Thu, 03 Nov 2022 22:54:37 GMT SourceForge : artf6483: Firewall Traversal Protocol (FiTP)

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin
Search Tracker
Project: Editor     Trackers > Published > View Artifact
Artifact artf6483 : Firewall Traversal Protocol (FiTP)
Tracker: Published
Title: Firewall Traversal Protocol (FiTP)
Description:
Firewalls control traffic flows between internal and external communication partners. Mostly traffic from inside to 
outside is allowed, but traffic coming from outside must be explicitly configured. The rules which packets may traverse 
the firewall and which not are normally configured manually by firewall administrators. To speed up such kind of access 
list changes, it would be desirable to dynamically signal access requests and automatically change those access lists. 
Though some protocols are inspectable by firewalls already like FTP, SIP and H.323, a general protocol, which could be 
used for signaling dynamically required access rules, is not available until now. 
This paper proposes a standard protocol, which would allow such signaling in a secure manner. Firewalls which have 
installed a corresponding inspection module could be configured automatically, which would ease the configuration of 
such systems a lot.
Submitted By: Ralph Niederberger
Submitted On: 09/09/2011 3:10 PM EDT
Last Modified: 09/06/2012 8:17 AM EDT

Status / Comments Change Log Associations Attachments (8)  
Status  
Group: *
Status:* Closed
Category: * Community Practice
Customer: *
Priority: * 1
Assigned To: * Andre Merzky
Reported in Release: *
Fixed in Release: *
Estimated Hours: * 0
Actual Hours: * 0
resolution: * Accepted
Comments
Andre Merzky: 09/06/2012 8:17 AM EDT
  Comment:
update header (GWD -> GFD)
  Attachment: draft-gwdrp-ralphniederberger-fitp-v4.7.pdf (501.33 KB)
  Action: Update
Added an attachment.
Andre Merzky: 09/06/2012 8:16 AM EDT
  Comment:
update header (GWD -> GFD)
  Attachment: draft-gwdrp-ralphniederberger-fitp-v4.7.doc (452.5 KB)
  Action: Update
Added an attachment.
Greg Newby: 08/29/2012 3:06 PM EDT
  Action: Move
Moved from Submit OGF Draft to Published
Category changed from Recommendations Track to Community Practice
Group changed from Infrastructure to none (no value)
resolution set to Accepted
Status changed from Ready to Publish to Closed
Greg Newby: 07/31/2012 6:01 PM EDT
  Comment:
Awaiting publication.
  Action: Update
Assigned To changed from Joel Replogle to Andre Merzky
Greg Newby: 05/24/2012 2:16 PM EDT
  Comment:
This is the document with the new copyright statement, for Joel to do a final header/footer if needed and publish.  Thanks to the authors/editors for 
effort on this document!
  Attachment: draft-gwdrp-ralphniederberger-fitp-v4.7.doc (453.5 KB)
  Action: Update
Added an attachment.
Greg Newby: 05/22/2012 11:34 AM EDT
  Action: Update
Assigned To changed from Greg Newby to Joel Replogle
Priority changed from 2 to 1
Status changed from GFSG Review: 15-day final to Ready to Publish
Greg Newby: 05/22/2012 11:33 AM EDT
  Comment:
Per the May 22 standards council telecon, this is approved for publication as GFD-R-P.196.  However, there is a slightly revised OGF copyright 
statement we will need to put into the document.
  Action: Update
Greg Newby: 05/15/2012 1:57 PM EDT
  Comment:
Thanks - we'll get this to the standards council.
  Action: Update
Assigned To changed from Richard Hughes-Jones to Greg Newby
Status changed from Author Action Needed to GFSG Review: 15-day final
Ralph Niederberger: 05/15/2012 9:45 AM EDT
  Comment:
Final version 4.6 is now available
  Attachment: draft-gwdrp-ralphniederberger-fitp-v4.6.doc (473.5 KB)
  Action: Update
Added an attachment.
Ralph Niederberger: 05/15/2012 4:34 AM EDT
  Comment:
I have provided a new version 4.5 where I tried to include all very useful suggestions of Richard Hughes-Jones.
  Action: Update
Ralph Niederberger: 05/15/2012 4:32 AM EDT
  Attachment: draft-gwdrp-ralphniederberger-fitp-v4.5.doc (469.5 KB)
  Action: Update
Added an attachment.
Greg Newby: 05/14/2012 2:08 PM EDT
  Comment:
Clarification: there will be some further changes to the document.
  Action: Update
Assigned To changed from Greg Newby to Richard Hughes-Jones
Status changed from GFSG Review: 15-day final to Author Action Needed
Greg Newby: 05/14/2012 1:27 PM EDT
  Comment:
Richard sent follow-up email.  Next status will be confirmed by the Standards Council at their next telecon.
  Action: Update
Assigned To changed from Richard Hughes-Jones to Greg Newby
Status changed from AD Review to GFSG Review: 15-day final
Greg Newby: 04/22/2012 6:54 PM EDT
  Comment:
Per the April 17 standards council telecon, we are still awaiting AD input.
  Action: Update
Greg Newby: 03/27/2012 11:09 AM EDT
  Comment:
Still waiting for ADs (status from telecon March 27)
  Action: Update
Status changed from GFSG Review: 15-day final to AD Review
Greg Newby: 03/12/2012 7:23 AM EDT
  Comment:
Responding to comment #7b (thanks for spotting this): please use "All rights reserved" consistent with #152 and #63.  We are looking at updating the 
document templates to agree.  
  Action: Update
Greg Newby: 03/12/2012 6:44 AM EDT
  Comment:
Status from standards council meeting March 12: Richard and Alan will touch base on this, to confirm readiness for publication.
  Action: Update
Greg Newby: 03/12/2012 6:36 AM EDT
  Action: Update
Status changed from Author Action Needed to GFSG Review: 15-day final
Greg Newby: 02/22/2012 10:30 AM EST
  Comment:
The new document.  This is the final version, and will go to standards council final review, either at OGF or soon thereafter.
  Attachment: draft-gwdrp-ralphniederberger-fitp-v4.4.doc (445.5 KB)
  Action: Update
Added an attachment.
Greg Newby: 02/22/2012 10:29 AM EST
  Comment:
Ralph Niederberger provided two files via email.  A "Comments" and an updated version.  The the comments:
  Attachment: Comments on Firewall Traversal Protocol.doc (48 KB)
  Action: Update
Added an attachment.
Greg Newby: 02/13/2012 3:41 AM EST
  Comment:
Per the 2012/02/14 standards council telecon, Richard is asked to check with the group to confirm they know the next step is in their hands.
  Action: Update
Greg Newby: 01/24/2012 11:19 AM EST
  Comment:
Public comment is complete.  Authors/editors, please respond to public comments.  If necessary, provide an updated document.  Let me know (via this 
tracker, or email) when you are ready for next steps.  The next step, typically, is standards council final review.
  Action: Update
Assigned To changed from Joel Replogle to Richard Hughes-Jones
Priority changed from 3 to 2
Status changed from Public Comment Period to Author Action Needed
Ralph Niederberger: 01/06/2012 5:59 AM EST
  Comment:
Comments on Firewall Traversal Protocol (FiTP)
2011-12-13, Freek Dijkstra

1. I would strongly recommend to add a section on related work. While this is -as far as I know- the only Firewall traversal protocol, there certainly
 are existing NAT traversal protocols (the process is often called "NAT hole punching"). Some of these protocols are stateless (which is unrelated to 
this protocol), but some have explicit control signals, and some explicitly mention firewalls as well. The introduction section of RFC 5128 gives a 
good overview of the different protocols (even though the rest of that RFC is focussed on stateless solutions, unlike FiTP).

The related work section should at least mention:
* Stiemerling, M., Tschofenig, H., Aoun, C., and E. Davies, "NAT/Firewall NSIS Signaling Layer Protocol (NSLP)", RFC 5973, October 2010. http://tools.
ietf.org/html/rfc5973

As well as related RFCs by the NSIS working group (http://www.ietf.org/wg/concluded/nsis.html): RFC 4080, RFC 5971, and RFC 5981 

(Note: I've only just become aware of this work after following some references, but it seems similar to FiTP!)

The following standards may or may not be applicable (I leave it up to the authors to decide on that):
* Cheshire, S., Krochmal, M., and K. Sekar, "NAT Port Mapping Protocol (NAT-PMP)", Work in Progress (?), April 2008. http://tools.ietf.org/html/draft-
cheshire-nat-pmp
* Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address 
Translators (NATs)", RFC 3489, March 2003. http://tools.ietf.org/html/rfc3489
* UPnP Forum, "Internet Gateway Device (IGD) Standardized Device Control Protocol V 1.0", November 2001. http://www.upnp.org/standardizeddcps/igd.asp

2. I would like to see some pictures in the document. In particular two pictures on the two deployment scenarios (with and without a FiTP-aware 
firewall) would be helpful, showing the FiTP control connection, some (proprietary) protocol between host and firewall and the data flow through the 
firewall.

3. A (picture of) a state diagram might be useful, although I have to say that the description of result codes is already pretty extensive. At least, 
it would give the reader a quick idea on the different states.

4. Section 8 registers port number 4711 for the FiTP protocol. Please register this protocol with IANA at http://www.iana.org/cgi-bin/usr-port-number.
pl (note that IANA has changed their procedure in Summer 2011 to accommodate for SRV registrations without specific port number, this is still the old
 form. It still seems to work though.)

Port 4711 is still unassigned according to http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

5. The abstract mentions a "smooth transistion" from a scenario with the end point of an FiTP control connection at (a) a external host to (b) the 
firewall itself. It is unclear to me how this is "smooth": does the initiator of a FiTP control connection need to know about the end-point? If it is 
aware of this, and the end-point changes, then this does not seem transparent to me. Perhaps I missed the transition scenario, but otherwise, it may 
be useful to elaborate on this issue.

6. Please specify the license for the Perl program in chapter 7. 
For example, all IETF documents contain the following note:

   Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Also, the Perl sample program uses a "FiTP" perl module, as mentioned in section 2.4. Is that module also available, and if so, where and under what 
license?

7. The front page does not follow the guidelines as set forward by GFD.152 (Unfortunately, most GFD documents fail in this respect). Please see the 
updated templates at http://forge.gridforum.org/sf/docman/do/listDocuments/projects.ggf-editor/docman.root.author_guidelines_and_templates
- The Status should be or "Grid Working Document (GWD) Recommendations track (RP)" or "Grid Final Draft (GFD) Recommendations track (RP)". (don't ask 
me what RP really means; I've also seem other terms for GWD and GFD.)
- The Copyright Notices should be "Copyright © Open Grid Forum (2008-2011).  Some Rights Reserved.  Distribution is unlimited." In chapter 17, the "
All Rights Reserved." should be changed to "Some Rights Reserved."
- The Trademark is not applicable to this document and should be removed.

8. There are some minor layout issues, e.g. the indentation in section 5.6.

9. Some sentences could perhaps be improved. If you have the Word source, I am happy to go through the Abstract and Introduction for some suggestions.

  Action: Update
Greg Newby: 12/19/2011 12:28 PM EST
  Comment:
There will be a further round of public comments, due to some technical difficulties with the tracker. Probably for another month or so, per the 
standards council call December 19.
  Action: Update
Joel Replogle: 10/21/2011 7:38 AM EDT
  Comment:
Entered public comment on the OGF web site on 2011-10-18. 
Comment URL is: 
http://www.ogf.org/gf/docs/comment.php?id=381
  Action: Update
Greg Newby: 10/10/2011 12:24 PM EDT
  Comment:
This is now approved for public comment.  Author, please solicit WG members and others to provide public comments.
  Action: Update
Assigned To changed from Richard Hughes-Jones to Joel Replogle
Priority changed from 4 to 3
Status changed from GFSG Review: Initial to Public Comment Period
Greg Newby: 09/15/2011 1:45 PM EDT
  Comment:
Thanks, this is looking fine.  The Standards Council will discuss it, either at OGF in Lyons, or the next meeting afterwards.  Then, it will move to 
the next step (public comment).
  Action: Update
Assigned To changed from Greg Newby to Richard Hughes-Jones
Status changed from Editor Review: Initial to GFSG Review: Initial
Ralph Niederberger: 09/09/2011 3:10 PM EDT
  Attachment: draft-gwdrp-ralphniederberger-fitp-v4.doc (309.5 KB)
  Action: Create
Added an attachment.


 
 
 
< Previous
 
 
Next >
 


The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/go/artf6483?nav=1 at Thu, 03 Nov 2022 22:54:49 GMT