Re: SMUX comments

Hi, Matthew.  Thanks for commenting.

It may well be that for certain firewall configurations, you will want
to restrict the kinds or varieties of MUX channels that are present
behind a single TCP port for security purposes.  That is, behind port
680 (or whatever), you have MUX channels with only HTTP-NG/TCWA servers
behind them.  However, this does not reduce the usefulness of MUX. 
Let's consider the `big 3' purposes of having MUX to begin with:

1)  Multiple virtual circuits on top of a single TCP connection.  This
is to allow the congestion control algorithms to work again by reducing
the number of actual TCP connections.  Still useful even if a TCP port
is restricted to HTTP/HTTP-NG.

2)  Record-marking.  That is, support for reliable sequenced datagrams
over an underlying byte stream.  Still useful.

3)  Bi-directional streams over a single TCP connection.  Still useful.

In addition, by using HTTP-NG instead of HTTP, filtering based on
protocol concerns should be considerably easier.

Incidentally, an modified version of tcpdump that dumps MUX and HTTP-NG
headers is available as
ftp://ftp.parc.xerox.com/transient/janssen/tcpdump-3.4a6-rpc.tar.Z.

Bill

Received on Friday, 24 July 1998 21:00:04 UTC