[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: An alternative to 6to4 and teredo

To: "'Erik Nordmark'" <Erik.Nordmark@sun.com>,"'Keith Moore'" <moore@cs.utk.edu>
Subject: RE: An alternative to 6to4 and teredo
From: "Jeroen Massar" <jeroen@unfix.org>
Date: Mon, 20 Jan 2003 03:02:00 +0100
Cc: "'Brian E Carpenter'" <brian@hursley.ibm.com>,<jgraessley@apple.com>, <v6ops@ops.ietf.org>
In-reply-to: <Roam.SIMC.2.0.6.1043013140.21778.nordmark@bebop.france>
Organization: Unfix

Erik Nordmark wrote:

> > OTOH, I think tunnel broker is a good way to provide default route
for a 6to4
> > site.
> 
> That would make the site be multi-addressed with a 6to4 prefix
> plus a prefix that was assigned by the tunnel broker.
> 
> That raises questions of what source address filtering might 
> be appropriate
> at the tunnel server - should they accept any source address?
> That would seem counter to the arguments about 6to4 relays introducing
> new ways to spoof source addresses - the tunnel server would
> in essence to the same.
> 
> Unless there was a way to register an alternate source address prefix
> with the tunnel broker as part of configuring the tunnel broker ...

I tend to simply block out anything not assigned to that tunnel.
If a packet has a return path, the packet should use that as an
outgoing path too. This has to do with source spoofing and with
the fact that one otherwise would be giving a transit service
to that tunnel user. As most tunnelbroker services are free,
those ISP certainly aren't doing free transit for somebody else ;)
Also debugging problems becomes quite a mess.

Greets,
 Jeroen

References:
- Re: An alternative to 6to4 and teredo
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

Prev by Date: RE: An alternative to 6to4 and teredo
Next by Date: Re: An alternative to 6to4 and teredo
Previous by thread: Re: An alternative to 6to4 and teredo
Next by thread: Re: An alternative to 6to4 and teredo
Index(es):
- Date
- Thread