[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comment on unmanaged analysis presentation/doc

To: Erik Nordmark <Erik.Nordmark@sun.com>
Subject: Re: comment on unmanaged analysis presentation/doc
From: itojun@iijlab.net
Date: Mon, 23 Sep 2002 22:42:14 +0900
Cc: v6ops@ops.ietf.org
Delivery-date: Mon, 23 Sep 2002 06:43:20 -0700
Envelope-to: v6ops-data@psg.com

>> 	in that case, what is your comment to 6to4 routers?  they accept
>> 	tunnelled packet from anyone, with no authentication whatsoever.
>You mean 6to4 relay (routers)?

	no, 6to4 router for any sites, not just relay routers.

	if a node in 6to4 site A (2002:xxxx:xxxx::/48) tries to talk to a node
	in 6to4 site B (2002:yyyy:yyyy::/48), 6to4 router for site A
	will directly contact 6to4 router for site B.  therefore, any 6to4
	routers will need to accept tunnelled packet from anybody.

>6to4 routers should only accept tunneled packets from their configured
>relay(s).

	if you've done the first sentence, packets from other 6to4 sites will
	get (mistakenly) rejected.

>I think the relays are quite problematic because of this behavior.

	the problem is not just relays, but all 6to4 routers.

itojun

Prev by Date: Re: comment on unmanaged analysis presentation/doc
Next by Date: RE: comment on unmanaged analysis presentation/doc
Previous by thread: Re: comment on unmanaged analysis presentation/doc
Next by thread: RE: comment on unmanaged analysis presentation/doc
Index(es):
- Date
- Thread