[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 tunnel over NAT



At Fri, 27 Sep 2002 08:44:36 +0300 (EEST), Pekka Savola wrote:
> 
> On Fri, 27 Sep 2002 itojun@iijlab.net wrote:
> > 	there's a widely-practiced alternative to Teredo, and which does not
> > 	need any special behavior from NAT wrt UDP translation behavior.
> > 
> > 	IPv6 over PPP over TCP/SSH.  it needs no documentation.
> 
> No TCP over TCP, please... :-(

In the general case, I would agree, but this is not the general case.
The question is whether IPv6/PPP/xyz/TCP is good enough for the
particular case of hosts stuck behind a NAT that they cannot remove or
upgrade.  I think that the answer in this case may well be "yes".

Please note that using PPP tunneling would also give us a handle on
some of the nasty relay issues involved with Terado, since they would
convert the exciting problem of what to do with tunneled packets from
strangers into a boring matter of setting up accounts for each PPP
identity, something that most ISPs already know how to do.

To be fair, Terado isn't the only transition scheme that has relay
problems, it's just the only one that has both has relay and NAT
traversal problems.  It's NAT traversal that makes PPP/TCP look good.

For other relay problems (eg, 6to4) it might make sense to look into
some kind of tunnel control using IPsec.  Unless I misremember the
spec, tunnel mode IPsec does allow the inner and outer versions of IP
to be different, so one could have (eg) IPv6/ESP/IPv4 and the only
additional cost over the normal 6to4 encapsulation would be the ESP
header itself.  Account setup for IPsec isn't as well understood as
for PPP, but perhaps we can use what works for PPP as a model.