[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on draft-itojun-v6ops-v4mapped-harmful-00.txt
- To: Alain Durand <Alain.Durand@Sun.COM>
- Subject: Re: comments on draft-itojun-v6ops-v4mapped-harmful-00.txt
- From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
- Date: Mon, 16 Sep 2002 23:19:48 +0900
- Cc: v6ops@ops.ietf.org
- Delivery-date: Mon, 16 Sep 2002 07:20:15 -0700
- Envelope-to: v6ops-data@psg.com
>> for each host, the above story may make sense. however, for a operator
>> of a given site (like sun.com) there will be IPv4-only nodes, IPv6-only
>> nodes (with SIIT support) and IPv4/v6 dual stack nodes. if we are
>> to add the above sentences somewhere and leave IPv4 mapped address
>> on wire be legal, it will be unmanageable.
>I do not see why it would add any extra unmanageable complexity.
>The only place where extra caution would be needed would be
>the firewalls, and those one anyway need to be rethink
>to understand Ipv6 in Ipv4 tunnels better.
so tell me - assuming that there are mixture of IPv4/v6 dual stack
nodes and IPv6-only nodes in your site. when IPv4 traffic comes in to
your firewall box, how a firewall can decide if it should let the
traffic go through as is, or to translate it in SIIT way?
>Actually, I think that a solution like this one (SIIT+NAT64)
>would enable me to deploy an Ipv6 only island in my network
>with reasonable chances to make it work
>(that is, no worse than today's NAT)
SIIT/NAT64 are RSIP for IPv4 and IPv6 - end node knows what needs to
be done at NAT box, and end node must act like IPv4 box (see RFC2765
page 6 for very strange description - it asks IPv6-only node to compute
IPv4 AH checksum). i don't think they are workable even in IPv6-only
cloud.
itojun