[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions



Tim Chown wrote:

To play devil's advocate, who is using 6to4 in a notable deployment?

At Sun we are using 6to4, as an early transition mechanism, for our deployment. For the past few years we have had a few (read 3) engineering sites connected by configured tunnels. We found deployment scalability problems with this approach, so we decided to go with 6to4. Why? In these tough economic times, were it is near impossible to convince cost constrained IT departments to upgrade their core routers, 6to4 becomes the poor man's solution. We are in the process of creating 10-15 6to4 sites which will consist of engineering and labs groups. Unlike configured tunnels, new 6to4 sites can be added at will, instead of having to dig a new configured tunnel for each site. When Alain and I explained how configured tunnels might work, the IT folks turned green remembering deploying multicast. :)

At Sun we have the, possibly not so unique, situation of not "owning" parts of our network. A few years back, Sun outsourced mostly all of its network. There is an interface for upgrading routers and such, but this brings up back to the cost problem. Also, our IT department requires that emerging technologies go through a Trial phase (described below) and thus are unwilling to simply "turn-on" native IPv6 routing.

Our plan for deployment has four phases. Proof-of-concept - Trial - Pilot - Full Deployment. The Proof-of-concept phase is complete, IPv6, using configured tunnels and local IPv6 routing, has been running for the last few years. The Trial phase is starting now, it will start with 6to4 and transition to using native IPv6 routing after the harder issues of DNS, applications and management tools are figured out (and thus we get more "buy-in"). The Pilot phase will appear much like the Trial phase, but with two key distinctions, it will be on a larger scale and owned by the IT department (not owned by a joint effort of engineering and an advanced development group from IT). Full Deployment is the true, ubiquitous, deployment of IPv6 on our enterprise and edge networks.

-Jason




Tim