Re: 6to4 security questions

[Brian E Carpenter <brian@hursley.ibm.com>]

Pekka Savola wrote:
> 
> On Thu, 21 Nov 2002, Brian E Carpenter wrote:
> > > On Thu, 21 Nov 2002, Brian E Carpenter wrote:
> > > > Actually, what is wrong with the model in bullet 2.2 of section 5.2
> > > > of RFC 3056, i.e. require a BGP4+ peer relationship between a 6to4
> > > > router and the 6to4 relay routers it deals with? (OK, I can see some
> > > > reachability issues but 6to4 is not supposed to be the universal answer.)
> > >
> > > That, in itself, helps little.  Relay routers must also be connected using
> > > BGP4+ and advertising more specific routes.
> >
> > No, the model is that they will advertise 2002::/16, but only inside a limited set
> > of AS's. That is mentioned in RFC 3056 - you use BGP policy to scope
> > which relay serves which part of the native IPv6 network.
> 
> A very and heavy and unreliable (the unpredictable return routing) model.
> I don't believe there are any of these deployed.
> 
> > That in itself doesn't protect against spoofing however;
> 
> Indeed.
> 
> > for that you need
> > peering between the 6to4 router and a set of trustworthy relays.
> 
> You're creating a separate, rather small 6to4 internets using this model,
> unless the relay routers will relay more specific routes between them.
> 
> I can't regard that as an acceptable deployment scenario: this seems like
> creating semi-global addresses, and isolate yourself from the rest.

There are some balkanization  risks in the RFC 3056 BGP-based model.

There are spoofing/DDOS risks in the host-based anycast 6to4 model
that has been implemented but never fully specified.

Take your pick.

   Brian