[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
Alain,
I am on the exact same page as you today.
I also believe this is imperative for IPv6 deployment.
Thanks
/jim
> -----Original Message-----
> From: Alain Durand [mailto:Alain.Durand@Sun.COM]
> Sent: Friday, February 14, 2003 7:48 PM
> To: Bound, Jim
> Cc: alh-ietf@tndh.net; v6ops@ops.ietf.org
> Subject: Re: IPv6 Home Use to stimulate deployment over IPv4-NAT
>
>
> Jim,
>
> I like your idea. A lot.
> the issue I have with solution like teredo is that they are
> initiated by the end nodes. The implications are:
> 1- all end node needs to understand this protocol
> 2- it becomes difficult for the acess router/firewall
> to enfore any kind of policy on what traffic is acceptable
> A knob that says 'enable IPv6' is just not enough.
> We need solutions that enable the user to express easily the same
> security policy in v4 and v6.
>
> Those are the reasons why I think that 'IPv6 connectivity' is
> a functionality that has to be provided by an access router
> and not by the end hosts.
> .
> The nice thing about this is that it would work
> the same way in case of simple NAT (the exit router
> is given a public IPv4 address) and double NAT
> (the exit router is given a private address)
> but tunneling over UDP.
>
> v4 Internet
> |
> |
> |
>
> CPE <--- v4 external address
> can be either
> v4 acces router global or private
> (double NAT)
> v4 NAT
> v6 access router
> (Tunnel Broker client)
> |
> |
> ------------------------------------------ Home lan
> | |
> Host1 Host2
>
> Even better, this could be implemented on a different
> box than the actual v4 exit router!
> The connection scenario would then be the following:
>
> v4 Internet
> |
> |
> |
>
> CPE
> v4 acces router
> v4 NAT
> |
> |
> ------------------------------------------ Home lan
> | | |
> v6 access Host1 Host2
> router
> (Tunnel Broker client)
>
>
> That way folks who do not want to (or can not)replace their
> CPE just have to add another box in the home network to
> provide v6 connectivity to the entire home lan.
>
> Now, as it has been pointed out, this is a typical case
> where the access router is a client to a tunnel broker.
> The question is what can we do to simplify the tunnel
> set-up from the router to the tunnel broker.
> If we decide to go that route, a tunnel set up protocol
> like the one Marc Blanchet was suggesting now become
> a interesting solution
>
> The configuration of the v6 access router would require:
> - providing the IPv4 address (or name) of the IPS Tunnel Broker
> - providing the credentials negatiated out of band with the ISP (e.g.
> username/passwd)
> - specifying the encapsulation mode: IPv6/IPv4 or IPv6/UDP/IPv4 or
> IPv6/PPP/IPv4
> - specifying the IPv6 security policy
>
> Yes, there is manual configuration involved, but I think it
> is minimal and not too different to what home users do today
> to configure their DSL router.
>
> - Alain.
>
>
>
>
>
>