[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Home Use to stimulate deployment over IPv4-NAT

To: "Bound, Jim" <Jim.Bound@hp.com>
Subject: Re: IPv6 Home Use to stimulate deployment over IPv4-NAT
From: Alain Durand <Alain.Durand@Sun.COM>
Date: Fri, 14 Feb 2003 16:47:59 -0800
Cc: alh-ietf@tndh.net, v6ops@ops.ietf.org
References: <9C422444DE99BC46B3AD3C6EAFC9711B03240EE4@tayexc13.americas.cpqcorp.net>
User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.0.1) Gecko/20020920Netscape/7.0

Jim,

I like your idea. A lot.
the issue I have with solution like teredo is that they are
initiated by the end nodes. The implications are:
1- all end node needs to understand this protocol
2- it becomes difficult for the acess router/firewall
to enfore any kind of policy on what traffic is acceptable
A knob that says 'enable IPv6' is just not enough.
We need solutions that enable the user to express easily the same
security policy in v4 and v6.

Those are the reasons why I think that 'IPv6 connectivity' is
a functionality that has to be provided by an access router
and not by the end hosts.
.
The nice thing about this is that it would work
the same way in case of simple NAT (the exit router
is given a public IPv4 address) and double NAT
(the exit router is given a private address)
but tunneling over UDP.

v4 Internet
|
|
|

CPE <--- v4 external address can be either
v4 acces router global or private (double NAT)
v4 NAT
v6 access router
(Tunnel Broker client)
|
|
------------------------------------------ Home lan
| |
Host1 Host2
Even better, this could be implemented on a different
box than the actual v4 exit router!
The connection scenario would then be the following:

v4 Internet
|
|
|

CPE
v4 acces router
v4 NAT
|
|
------------------------------------------ Home lan
| | |
v6 access Host1 Host2
router
(Tunnel Broker client)

That way folks who do not want to (or can not)replace their CPE
just have to add another box in the home network to provide
v6 connectivity to the entire home lan.

Now, as it has been pointed out, this is a typical case
where the access router is a client to a tunnel broker.
The question is what can we do to simplify the tunnel
set-up from the router to the tunnel broker.
If we decide to go that route, a tunnel set up protocol
like the one Marc Blanchet was suggesting now become
a interesting solution

The configuration of the v6 access router would require:
- providing the IPv4 address (or name) of the IPS Tunnel Broker
- providing the credentials negatiated out of band with the ISP (e.g. username/passwd)
- specifying the encapsulation mode: IPv6/IPv4 or IPv6/UDP/IPv4 or IPv6/PPP/IPv4
- specifying the IPv6 security policy

Yes, there is manual configuration involved, but I think it is minimal
and not too different to what home users do today to configure their
DSL router.

- Alain.

Follow-Ups:
- RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
  - From: "Jeroen Massar" <jeroen@unfix.org>
- Re: IPv6 Home Use to stimulate deployment over IPv4-NAT
  - From: "Antonio F. Gómez Skarmeta" <skarmeta@dif.um.es>

References:
- RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
  - From: "Bound, Jim" <Jim.Bound@hp.com>

Prev by Date: Re: 3GPP analysis
Next by Date: Re: IPv6 Home Use to stimulate deployment over IPv4-NAT
Previous by thread: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
Next by thread: Re: IPv6 Home Use to stimulate deployment over IPv4-NAT
Index(es):
- Date
- Thread