[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 deployement issues - was 6to4 security questions

To: Alain Durand <Alain.Durand@Sun.COM>
Subject: Re: 6to4 deployement issues - was 6to4 security questions
From: Pekka Savola <pekkas@netcore.fi>
Date: Fri, 22 Nov 2002 03:50:42 +0200 (EET)
Cc: Brian E Carpenter <brian@hursley.ibm.com>, Jeroen Massar <jeroen@unfix.org>, <v6ops@ops.ietf.org>
Delivery-date: Thu, 21 Nov 2002 17:51:36 -0800
Envelope-to: v6ops-data@psg.com
In-reply-to: <3DDD8C56.4030608@sun.com>
Sender: owner-v6ops@ops.ietf.org

On Thu, 21 Nov 2002, Alain Durand wrote:
> >>RFC 3056 forbids announcing prefixes longer than 2002::/16, 
> >>and instructs ISPs to filter them, to avoid polluting the 
> >>IPv6 DFZ with IPv4 specifics.
> >>    
> >>
> >
> >Yes.
> >
> >.. which is why I proposed a model where 6to4 relays are interconnected
> >using eBGP multihop peerings, and IPv6 DFZ would be safe, and everyone
> >would be happy :-).
> >
>
> How does this help a 6to4 router to check if the packet is coming from
> a legitimate 6to4 relay?

Read the draft.

Under this assumption, (most) packets from native internet are only 
tunneled from your home relay -- some IP address you've configured, some 
security association you've done etc.

This assumes enough relays take part in this more-specifics mesh, and
outright discarding packets could not be done in the startup phase.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

References:
- Re: 6to4 deployement issues - was 6to4 security questions
  - From: Alain Durand <Alain.Durand@Sun.COM>

Prev by Date: Re: 6to4 deployement issues - was 6to4 security questions
Next by Date: Re: 6to4 security questions
Previous by thread: Re: 6to4 deployement issues - was 6to4 security questions
Next by thread: Re: 6to4 deployement issues - was 6to4 security questions
Index(es):
- Date
- Thread