[Swift-devel] Fwd: [wg-all] New document published: Firewall Traversal Protocol

Michael Wilde wilde at mcs.anl.gov
Mon Aug 20 09:28:49 CDT 2012


Perhaps relevant to Swift...

----- Forwarded Message -----
From: "Greg Newby" <gbnewby at alaska.edu>
To: "All WG" <wg-all at ogf.org>
Sent: Monday, August 20, 2012 8:30:32 AM
Subject: [wg-all] New document published: Firewall Traversal Protocol

OGF Community:

A new document has been published in the OGF series.  All OGF
documents (including any that are open for public comment) may be
found here:

  http://www.ogf.org/gf/docs/

* GFD-R-P.196 "Firewall Traversal Protocol (FiTP)," R. Niederberger via the Inffrastructure FVGA-WG.

 Abstract:
Firewalls control traffic flows between internal and external communication partners. Mostly traffic from inside to outside is allowed, but traffic coming from outside must be explicitly configured. The rules which packets may traverse the firewall and which not are normally configured manually by firewall administrators. To speed up such kind of access list changes, it would be desirable to dynamically signal access requests and automatically change those access lists. Though some protocols are inspectable by firewalls already like FTP, SIP and H.323, a general protocol, which could be used for signaling dynamically required access rules, is not available until now.

This paper proposes a standard protocol, which would allow such signaling in a secure manner. Firewalls which have installed a corresponding inspection module could be configured automatically, which would ease the configuration of such systems a lot.

The proposed protocol (FiTP) can be used in two ways. First of all, a firewall aware of FiTP, could automatically allow connections signaled by authorized users. Secondly, an intermediate solution could be implemented, so that firewalls unaware of FiTP could be configured by the server process, which is the end point of the FiTP control connection. Via this approach a smooth transition would be possible. Installations having old firewall hard- and/or software could use the new protocol already, before installing a system which is FiTP enabled.

  -- Greg Newby, OGF Editor

Dr. Gregory Newby, Director of the Arctic Region Supercomputing Center
Univ of Alaska Fairbanks-909 Koyukuk Dr-PO Box 756020-Fairbanks-AK 99775-6020
e: gbnewby at alaska.edu v: 907-450-8663 f: 907-450-8603 w: people.arsc.edu/~newby

--
  The wg-all mailing list is an umbrella list for all
  OGF mailing lists.  If you are subscribed to any OGF
  mailing list, you will receive mails to wg-all.

  You can unsubscribe from this list on

  http://www.ogf.org/cgi-bin/perl/unsubscribe-wg-all.pl

  wg-all mailing list
  wg-all at ogf.org
  https://www.ogf.org/mailman/listinfo/wg-all

-- 
Michael Wilde
Computation Institute, University of Chicago
Mathematics and Computer Science Division
Argonne National Laboratory




More information about the Swift-devel mailing list