[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPv6 Home Use to stimulate deployment over IPv4-NAT

To: "'Erik Nordmark'" <Erik.Nordmark@sun.com>,"'Bound, Jim'" <Jim.Bound@hp.com>
Subject: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
From: "Jeroen Massar" <jeroen@unfix.org>
Date: Fri, 21 Feb 2003 15:20:26 +0100
Cc: "'JORDI PALET MARTINEZ'" <jordi.palet@consulintel.es>,<v6ops@ops.ietf.org>, "'Alain Durand'" <Alain.Durand@sun.com>,<alh-ietf@tndh.net>
In-reply-to: <Roam.SIMC.2.0.6.1045834931.15445.nordmark@bebop.france>
Organization: Unfix

Erik Nordmark [mailto:Erik.Nordmark@sun.com] wrote:

> > If we have tunnel brokers we don 't need teredo right?  
> That's my take
> > now.  
> 
> Agreed in principle.
> 
> Two things though:
> Firstly, for the access router to ISP tunnel config
> something simpler (like a DHCPv4 option) might make sense - depends
> on what type of authentication the ISP wants to do specifically
> for the IPv6 tunnel. If it is sufficient for the ISP to check that
> the IPv4 source is one of its customers then the TSP authentication
> features and flexibility isn't needed.
> 
> Secondly, 
> I've been told that tunnel broker can work trough NAT but the RFC
> (RFC 3053) says:
> 3. Known limitations
> 
>    This mechanism may not work if the user is using private IPv4
>    addresses behind a NAT box.
> 
> Thus I think it would be useful to have a specification on how tunnel
> broker works across a NAT.

The only thing is that the NAT box needs to know where to send incoming
proto-41 packets to.

- Some NAT boxes can be configured with a 'default'.
  Those boxes will then forward any unrelated traffic to that default
IP.
- Some others explicitly allow to NAT proto-41, or to
  match the source of the tunnelbroker and forward any traffic from that
  IP to the endpoint.
- And other NAT boxes can base the real destination based on
'established'
  rules, though this does require that the local machine keeps sending
  traffic to the tunnel broker to keep the tunnel in the NAT table.

Configuration for the local host changes only fractionally;
Eg, if we've got a tunnel from 195.64.92.136 (my machine)
to 212.19.192.219 (IPng / nlams02.sixxs.net) normally I would use:

iface ipng inet6 v4tunnel
        address 3ffe:8114:1000::27
        netmask 127
        local 195.64.92.136
        endpoint 212.19.192.219
        ttl 64

When using any of the three options from above you would need:

iface ipng inet6 v4tunnel
        address 3ffe:8114:1000::27
        netmask 127
        local 10.100.13.66
        endpoint 212.19.192.219
        ttl 64

The NAT box will rewrite the 10.100.13.66 to 195.64.92.136 and
forward the packets to the TB. On the way back from the TB to
the 10.100.13.66 address, the TB will actually only know about
195.64.92.136 and send it there, which is the NAT box which will
rewrite the destination of the packet to 10.100.13.66 and pass it
to the local host. Note that under some OS's you can avoid setting
the local endpoint.

Greets,
 Jeroen

Follow-Ups:
- RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

References:
- RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

Prev by Date: RE: Oops! Accepting Enterprise Scenarios as WG Item
Next by Date: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
Previous by thread: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
Next by thread: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
Index(es):
- Date
- Thread