[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: 6to4 deployement issues - was 6to4 security questions
On Thu, 21 Nov 2002, Jeroen Massar wrote:
> > please think that to the end, it will not work without
> > re-specification _globally_.
> > We don't want to restrict 6to4 to ISPs' walled gardens.
>
> One ISP can have a trust relation with another ISP and announce
> the anycast prefix only to that other ISP so it can make use of it too.
> Source address verification should then ofcourse be extended by the
> other ISP's. This could be seen as a 'transit' type service, but then
> between the v4 and v6 world ;)
How will you send traffic from 2001:dead:beef::1 to 2002:0103:0405::1, if
2001:dead:beef::/48 is not within the trust boundary?
If the answer if "no, you can't", this seems close to my "limited
distribution of more specific routes" solution, except being more
restrictive for deployment.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords