[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 relays [Re: WG Review: IPv6 Operations (v6ops)]



I use 6to4 on hosts every day, so I don't consider it hammering.

But 6to4 was primariliy intended for routers.  That it happens
to work on some hosts is a happy side-benefit, not the design goal.

Keith
If you want to run 6to4 on a host that happens to have a global IPv4 address
and can accept 'ip-proto-41' w/o creating a security risk, then that is fine.
But (and you seem to recognize this), if one wants to postulate a "generalized
host-based 6to4" mechanism, that is a different matter and one that is not
covered by any existing RFCs.

To realize a "generalized host-based 6to4", one would need to incorporate the
NAT traversal mechanisms first pioneered by TEREDO and the two-stage (end-to-edge;
edge-to-internet) tunneling mechanism first pioneered by ISATAP. But, then this
becomes more than just vanilla 6to4 and represents a unified transition mechanism
that incorporates elements proven by earlier works in various degrees. Finally,
a truly generalized mechanism would work behind a corporate firewall w/o requiring
any per-host firewall filter configurations and w/o exposing the site to outside
attackers. It's not clear to me whether a solution for this exists - but, it
would be pretty interesting if one could be identified!

Fred
ftemplin@iprg.nokia.com