[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: An alternative to 6to4 and teredo

To: Christian Huitema <huitema@windows.microsoft.com>, Erik Nordmark <Erik.Nordmark@sun.com>, Pekka Savola <pekkas@netcore.fi>
Subject: RE: An alternative to 6to4 and teredo
From: Marc Blanchet <Marc.Blanchet@viagenie.qc.ca>
Date: Sun, 19 Jan 2003 22:26:15 -0500
Cc: Joshua Graessley <jgraessley@apple.com>, v6ops@ops.ietf.org
In-reply-to: <DAC3FCB50E31C54987CD10797DA511BA1D2B03@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
References: <DAC3FCB50E31C54987CD10797DA511BA1D2B03@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>


-- dimanche, janvier 19, 2003 13:14:51 -0800 Christian Huitema
<huitema@windows.microsoft.com> wrote/a écrit:

>>> That's not all.  6to4/Teredo offer an automatic configuration using
>>> anycast addresses.  Much easier than trying to figure out the closest
>>> tunnel broker, configuring to use that etc.
>> 
>> If somebody wants to provide a good tunnel broker service they can
>> automate this without any changes in the clients. Just have multiple
>> tunnel servers at different places in the topology and have the tunnel
>> broker meaure or estimate the location of the client before handing it
>> off to a tunnel server.
> 
> Even if you solved the set up issue, there would still be the matter of
> cost. Tunnel brokers are only "cost neutral" if they are provided by the
> user's ISP. On the other hand, if the tunnel broker has to be accessed
> over the Internet, then there is a direct bandwidth cost: the tunnel
> broker essentially becomes a secondary ISP. The cost may not be quite as
> large as the primary ISP, as there is less equipment involved, but it is
> of the same order of magnitude -- maybe 1/4th of the price of a regular
> subscription. You are unlikely to finance that kind of of cost with
> advertisements alone.  
> Rather than opposing tunnel brokers and automatic solutions, we should
> consider them complementary. Something like, use autoconfiguration by
> default, switch to a provisioned tunnel if one is available. In the case
> of 6to4, this essentially boils down to replacing the default "anycast"
> route by the specific address of a configured (or brokered) relay. 

>In the
> case of Teredo, this requires provisioning a "configured" mode.  
> I actually debated this "configured Teredo" option with Keith Moore last
> year. You have to solve a basic security issue: a configured option
> requires some way to assert and prove the client's identity, so the
> client can retain a stable IPv6 address even if the NAT mappings happen

tsp with NAT traversal (udp encap similar to teredo) have an authentication
framework for users, so 
proving the identity of the user is already there.

Marc.

> to change. At the time, we could not agree on a simple security
> procedure, but since draft 08, Teredo's initialization process actually
> includes a sign on procedure. It would be fairly easy to program clients
> to go to a Teredo server and receive either a Teredo prefix of a stable
> prefix; in the latter case, the client would simply switch to tunnel
> mode. This would allow both the "free server" model of the current
> design, and a "configured server" model when the local ISP is willing to
> support it.  
> -- Christian Huitema
> 



------------------------------------------
Marc Blanchet
Viagénie
tel: +1-418-656-9254x225

------------------------------------------
http://www.freenet6.net: IPv6 connectivity
------------------------------------------
http://www.normos.org: IETF(RFC,draft),
  IANA,W3C,... standards.
------------------------------------------

References:
- RE: An alternative to 6to4 and teredo
  - From: "Christian Huitema" <huitema@windows.microsoft.com>

Prev by Date: Re: An alternative to 6to4 and teredo
Next by Date: Re: An alternative to 6to4 and teredo
Previous by thread: RE: An alternative to 6to4 and teredo
Next by thread: Re: An alternative to 6to4 and teredo
Index(es):
- Date
- Thread