[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 6to4 relays [Re: WG Review: IPv6 Operations (v6ops)]
- To: v6ops@ops.ietf.org
- Subject: Re: 6to4 relays [Re: WG Review: IPv6 Operations (v6ops)]
- From: "Fred L. Templin" <ftemplin@IPRG.nokia.com>
- Date: Fri, 13 Sep 2002 14:18:21 -0700
- Cc: Keith Moore <moore@cs.utk.edu>
- Delivery-date: Fri, 13 Sep 2002 14:06:50 -0700
- Envelope-to: v6ops-data@psg.com
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1a) Gecko/20020610
I use 6to4 on hosts every day, so I don't consider it hammering.
But 6to4 was primariliy intended for routers. That it happens
to work on some hosts is a happy side-benefit, not the design goal.
Keith
If you want to run 6to4 on a host that happens to have a global IPv4 address
and can accept 'ip-proto-41' w/o creating a security risk, then that is fine.
But (and you seem to recognize this), if one wants to postulate a "generalized
host-based 6to4" mechanism, that is a different matter and one that is not
covered by any existing RFCs.
To realize a "generalized host-based 6to4", one would need to incorporate the
NAT traversal mechanisms first pioneered by TEREDO and the two-stage (end-to-edge;
edge-to-internet) tunneling mechanism first pioneered by ISATAP. But, then this
becomes more than just vanilla 6to4 and represents a unified transition mechanism
that incorporates elements proven by earlier works in various degrees. Finally,
a truly generalized mechanism would work behind a corporate firewall w/o requiring
any per-host firewall filter configurations and w/o exposing the site to outside
attackers. It's not clear to me whether a solution for this exists - but, it
would be pretty interesting if one could be identified!
Fred
ftemplin@iprg.nokia.com