At 9:57 AM 3/26/97, Rich Friedeman wrote:
>>Second, does this really give you what your looking for? perhaps an
>>ATM firewall that might need to understand protocols that are somewhat
>>different than what is accustom with a more standard firewall, i.e.
>possible, but unlikely. It certainly has to turn cells back to frames...
>but they are the real original frames coming off the card once they work
>their way up the stack. You would, of course, have the variable of the
>vendor's device driver to consider, but I've never checked out a FDDI
>driver either ;).
Ok Rich, but one of the points that I was raising is that ATM is not a
one to one mapping to say a frame based Ethernet packet. We were
considering that this machine is acting as a firewall for a WAN connection
that I'd assume is utilizing QOS... and perhaps other unique ATM services
and once it has been converted from from it original ATM cells and is being
processed on the Firewall that has originally been designed to process
Ethernet frames, what happens? I'm on shaky gound here but I'd have to
believe that the application level firewall may now have something it may
not have been designed to deal with. The question is, "Can it deal with
Now, if the ATM cells were totally converted to a frame and were processed
on the firewall as if they'd come in via Ethernet and are then sent out via
ATM cells. The question here is "has anything been lost?",i.e. QOS,etc..
that may have been in the origianl ATM cells. Of course, frames can travel
through an ATM cloud and can exit in the same form, (that's what LANE was
designed to do) but the inverse is not necessarily true. Something unique
has to be done to accomplish this, like CIF (building your cells and inserting
them within a frame prior to passing them through a frame based network).
So I think there are several question here that are still unaswered. I'd
like to hear some input regarding specific application level firewalls in
regard to dealing with ATM and perhaps someone who has a more in depth
understanding of ATM than I do, that might be able to clarify these issues.