[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Inside-Out ISATAP Model

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: The Inside-Out ISATAP Model
From: Fred Templin <osprey67@yahoo.com>
Date: Mon, 11 Nov 2002 06:33:52 -0800 (PST)
Cc: v6ops@ops.ietf.org
Delivery-date: Mon, 11 Nov 2002 06:35:06 -0800
Envelope-to: v6ops-data@psg.com
In-reply-to: <Pine.LNX.4.44.0211110934240.25544-100000@netcore.fi>
Sender: owner-v6ops@ops.ietf.org

Pekka,

--- Pekka Savola <pekkas@netcore.fi> wrote:
> On Sun, 10 Nov 2002, Fred Templin wrote:
> [...]
> > In the traditional model, ISATAP operates "intra-site" as its name
> > implies. Nodes within an ISATAP site connect across the global Internet
> > to other sites via 6to4, native IPv6 routing, etc. But, when globally
> > unique IPv4 addresses are used, the model can be turned "inside-out".
> > 
> > In the inside-out model, ISATAP treats the global Internet as a
> > monolithic site with IPv6 clouds hanging off the edges. As in the
> > traditional model, ISATAP treats the IPv4 Internet as a link layer
> > for IPv6, thus the interface identifier is the natural place to
> > embed the link layer address. Moreover, this model allows all 64
> > bits of the routing prefix to be used for other purposes, e.g.
> > v6 routing.
> 
> Wasn't this model already exhausted with "automatic tunneling using 
> compatible addresses"?  The topology is flat, you can't connect even 
> routers using this mechanism.

It may well have been. If it was, I either missed the discussion or
it went over my head. It seems to me that microcausms of the model
I'm describing here have been debated over the past several months
in the newsgroups, but the model itself was not mentioned from a
high-level perspective. My purpose in bringing it up now is to
inform any others like myself who had never previously considered
turning the ISATAP model inside-out, and to initiate discussion in
the design teams.   

> I fail to see what new advantages ISATAP would bring here.  Instead, the 
> trust model is completely different, and certain assumptions no longer 
> hold.

Whether/not there are advantages, and whether/not the trust model
issues can be worked is something that needs to be discussed in
the design teams, given sufficient interest. I don't have good
answers to these questions myself, and am not entirely certain
what other questions may remain. 

> btw. reference to section 4.7 in isatap Security Considerations should be 
> 4.5, I believe.

Arg! You mentioned that before, and I had every intention of fixing
it. Thanks for pointing it out - again!

Fred Templin
osprey67@yahoo.com

> -- 
> Pekka Savola                 "Tell me of difficulties surmounted,
> Netcore Oy                   not those you stumble over and fall"
> Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2

References:
- Re: The Inside-Out ISATAP Model
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: draft-ymbk-6to4-arpa-delegation-00.txt
Next by Date: Questions on Configured Tunnel MTU and TOS Byte Settings
Previous by thread: Re: The Inside-Out ISATAP Model
Next by thread: Questions on Configured Tunnel MTU and TOS Byte Settings
Index(es):
- Date
- Thread