Alain Durand wrote:
Jim,
I like your idea. A lot.
the issue I have with solution like teredo is that they are
initiated by the end nodes. The implications are:
1- all end node needs to understand this protocol
2- it becomes difficult for the acess router/firewall
to enfore any kind of policy on what traffic is acceptable
A knob that says 'enable IPv6' is just not enough.
We need solutions that enable the user to express easily the same
security policy in v4 and v6.
I will also like this idea.
Those are the reasons why I think that 'IPv6 connectivity' is a functionality that has to be provided by an access router and not by the end hosts. . Now, as it has been pointed out, this is a typical case where the access router is a client to a tunnel broker. The question is what can we do to simplify the tunnel set-up from the router to the tunnel broker. If we decide to go that route, a tunnel set up protocol like the one Marc Blanchet was suggesting now become a interesting solution