[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 usage scenarios



Pekka,

I'm not blind- I am quite aware that the BGP4+ scenario is
not deployed. I simply wanted to make it clear that when we
designed 6to4, we did think about the need to establish some sort
of relationship between relays and their "customer" routers.
It doesn't surprise me that we've now discovered that such
a relationship is needed to reduce the spoofing risk.

Any suggestions on how to create such a relationship?

   Brian

Pekka Savola wrote:
> 
> Hello,
> 
> It seems like the 6to4 security discussion degenerated into argument on
> how it was meant to be used.
> 
> There are two basic models of connecting 6to4 routers to relays:
> 
> 1) simple static route to your relay
> 2) BGP sessions to your relay and all the other relays where you want to
> receive native IPv6 packets from
> 
> I know of _no_ deployments of 2) even though Brian insists on that being
> the only "real" 6to4 usage scenario.  Does anyone know this being used?
> 
> If not, I think we must acknowledge that 2) is not really
> right-tool-for-the-job (think of 6over4 **), and that 1) is the primary
> (only?) applicability target of 6to4.
> 
> The alternative is that we have gaping holes in Home/SOHO and partially
> maybe enterprise transition scenarios, and nothing to fill them at the
> moment.
> 
> **) 6over4 is a nice technique, and we could even use it -- but we don't
> want stuff like that.  The same IMO applies to 6to4+BGP.  There is no use
> specifying mechanisms for the audience who does not want them.
> 
> P.S. I only came to the wg after 6to4 had just gone RFC, this internal
> bickering really took me off surprise and made me both frustrated and
> angry about refusing to accept the reality.