[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 6to4 deployement issues - was 6to4 security questions



Alain.Durand@Sun.COM [mailto:Alain.Durand@Sun.COM] wrote:

> You understand that the model you suggest will:
> - not scale because it basically requires advertizing /32 in IPv4 BGP 
> tables...

For what do you want to advertise a /32 ?
The anycast address is local, so that doesn't cause any problems and is
already being deployed, except for the fact that they serve globally.

One will have to 'replicate' all IPv4 routes into the IPv6 routing
table,
which is as I mentioned in the other mails one of the disadvantages.

Fortunatly I expect, though ofcourse that has to be seen and time would
tell, that not many ISP's will setup a 6to4 router, especially if it
goes on like current events.

Note also that links that have native capability won't have to be
announced.

But this is indeed a serious disadvantage.

> - will not enable an automatic deployment model a la Microsoft
>    where any host in the Internet can automatically be turned into a 
> 6to4 router.

No, it will as long as the upstream ISP works along, if they don't
one indeed can't use it. One could see this is an adminstrative policy
where an ISP doens't allow certain traffic etc. Unfortunatly this blocks
the spreading and use of IPv6 by using 6to4, but abuse-solutions usually
inhibits use of good technologies.

ISP's who really want to do IPv6 will need to have a upstream IPv6
connection.
Otherwise the 6to4 traffic would travel over several third party
networks anyways.
And seeing the current deployment of 6to4 relays that doesn't seem very
good.

I personally don't see another way to solve the problem at hand, being
the abuse.
This trick does have a couple of advantages but ofcourse those come
along with
disadvantages.

I also think that people who really want to use IPv6 can have the
incentive to
sign up at the various tunnelbrokering systems.
6to4 in this way though would be really nice for what Joshua described,
just plug it
in, no RA response, then try and reach a 6to4 router. At least when it's
'hosted' by
the ISP itself (or a neighbouring one) it will quite close.

Tunnelbrokering systems can ofcourse also be deployed this way. Freenet6
for example
can do it all automatically with their so called 'anonymous' tunnels and
a handy
tool which the user installs.

If anyone has a good idea yell it out, ofcourse this is just one of my
mind rumblings.

Greets,
 Jeroen