[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed 6to4 work (security)

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: Proposed 6to4 work (security)
From: itojun@iijlab.net
Date: Wed, 16 Oct 2002 15:05:09 +0900
Cc: IPv6 Operations <v6ops@ops.ietf.org>,Margaret Wasserman <mrw@windriver.com>
Delivery-date: Tue, 15 Oct 2002 23:05:46 -0700
Envelope-to: v6ops-data@psg.com

>> 	- can chew up bandwidth of the 6to4 public relay router provider, and
>> 	  there's no way for an ISP to limit accesses to the relay router
>> 	  to their customers (it has to be public service to everyone)
>I believe you *can* quite effectively limit the access.  First by not 
>advertising 2002::/16 or 192.88.99.1 to your peers (or doing it by some 
>controlled measure, like no-export community), and if it's really 
>important, placing some ACL's.

	you are correct if you don't have downstream ISPs.

	if you are a big ISP and have downstream ISPs, by doing the above you
	will prohibit your downstream ISPs from providing 6to4 relay routers.
	i'm not sure if it is an acceptable thing to do.

itojun

Prev by Date: Re: Proposed 6to4 work (security)
Next by Date: Re: Proposed 6to4 work (security)
Previous by thread: Re: Proposed 6to4 work (security)
Next by thread: Re: Proposed 6to4 work (security)
Index(es):
- Date
- Thread