[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on draft-itojun-v6ops-v4mapped-harmful-00.txt




On Sunday, September 15, 2002, at 11:17 AM, Jun-ichiro itojun Hagino wrote:

	where this recommendation is documented?  i believe nowhere.
I think this is the core of the discussion. My take is that
it should be documented somewhere that if one one implements
basic API semantic, the kernel should drop incoming packets with
IPv4-mapped src address, but if one decides to accept them,
then when the same kernel is asked to send an IPv4-mapped
address, it should sent it on the wire as an IPv6 address.

The fist behavior is fine for dual stack host, the second
for IPv6-only hosts.
for each host, the above story may make sense. however, for a operator
of a given site (like sun.com) there will be IPv4-only nodes, IPv6-only
nodes (with SIIT support) and IPv4/v6 dual stack nodes. if we are
to add the above sentences somewhere and leave IPv4 mapped address
on wire be legal, it will be unmanageable.
I do not see why it would add any extra unmanageable complexity.
The only place where extra caution would be needed would be
the firewalls, and those one anyway need to be rethink
to understand Ipv6 in Ipv4 tunnels better.

Actually, I think that a solution like this one (SIIT+NAT64)
would enable me to deploy an Ipv6 only island in my network
with reasonable chances to make it work
(that is, no worse than today's NAT)

	- Alain.