[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 6to4 security questions
On Thu, 21 Nov 2002, Brian E Carpenter wrote:
> Actually, what is wrong with the model in bullet 2.2 of section 5.2
> of RFC 3056, i.e. require a BGP4+ peer relationship between a 6to4
> router and the 6to4 relay routers it deals with? (OK, I can see some
> reachability issues but 6to4 is not supposed to be the universal answer.)
That, in itself, helps little. Relay routers must also be connected using
BGP4+ and advertising more specific routes.
> As I said a moment ago, 6to4 wasn't designed for end hosts. I've
> always felt the BGP4+ scenario was the best one.
Well, the reasons 6to4 is used are usualy either/and:
1) ease of taking into use
2) takes dynamic v4 address into account
For SOHO/home use, both conditions are usually fulfilled. Also, for
bigger enterprise networks, which are usually able to run BGP etc., are
only concerned about _at most_ 1).
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords