Firewalls: Re: ATM adapter for SUN

Firewalls
(March 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: ATM adapter for SUN
From:	chris @ mcc . com (Chris E Creighton)
Date:	Wed, 26 Mar 1997 12:48:55 -0600
To:	Rich Friedeman <rich . friedeman @ anixter . com>, woods @ ucar . edu (Greg Woods), smaret @ datelec . com (Sylvain Maret)
Cc:	firewalls @ GreatCircle . COM

At 9:57 AM 3/26/97, Rich Friedeman wrote:

>>Second, does this really give you what your looking for?  perhaps an
>>ATM firewall that might need to understand protocols that are somewhat
>>different than what is accustom with a more standard firewall, i.e.
>>classic ip,...
>
>possible, but unlikely.  It certainly has to turn cells back to frames...
>but they are the real original frames coming off the card once they work
>their way up the stack.  You would, of course, have the variable of the
>vendor's device driver to consider, but I've never checked out a FDDI
>driver either ;).

Ok Rich, but one of the points that I was raising is that ATM is not a
one to one mapping to say a frame based Ethernet packet.  We were
considering that this machine is acting as a firewall for a WAN connection
that I'd assume is utilizing QOS... and perhaps other unique ATM services
and once it has been converted from from it original ATM cells and is being
processed on the Firewall that has originally been designed to process
Ethernet frames, what happens?  I'm on shaky gound here but I'd have to
believe that the application level firewall may now have something it may
not have been designed to deal with.  The question is, "Can it deal with
raw ATM?"

Now, if the ATM cells were totally converted to a frame and were processed
on the firewall as if they'd come in via Ethernet and are then sent out via
ATM cells. The question here is "has anything been lost?",i.e. QOS,etc..
that may have been in the origianl ATM cells.  Of course, frames can travel
through an ATM cloud and can exit in the same form, (that's what LANE was
designed to do) but the inverse is not necessarily true.  Something unique
has to be done to accomplish this, like CIF (building your cells and inserting
them within a frame prior to passing them through a frame based network).

So I think there are several question here that are still unaswered.  I'd
like to hear some input regarding specific application level firewalls in
regard to dealing with ATM and perhaps someone who has a more in depth
understanding of ATM than I do, that might be able to clarify these issues.

chris

Follow-Ups:

Re: ATM adapter for SUN
From: robp @ anubis . network . com (Rob Peglar)

Indexed By Date	Previous:	Secure Email From: ygerman @ genre . com
Indexed By Date	Next:	Re: Linux - Acceptable Business OS? From: "K.M." <goertzek @ wangfed . com>
Indexed By Thread	Previous:	Re: ATM adapter for SUN From: Rich Friedeman <rich . friedeman @ anixter . com>
Indexed By Thread	Next:	Re: ATM adapter for SUN From: robp @ anubis . network . com (Rob Peglar)