[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPv6 Home Use to stimulate deployment over IPv4-NAT

To: "'Paul Timmins'" <paul@timmins.net>
Subject: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
From: "Jeroen Massar" <jeroen@unfix.org>
Date: Fri, 21 Feb 2003 17:20:05 +0100
Cc: <v6ops@ops.ietf.org>
In-reply-to: <1045842993.859.7.camel@pikachu>
Organization: Unfix

Paul Timmins [mailto:paul@timmins.net] wrote:

> On Fri, 2003-02-21 at 10:29, Erik Nordmark wrote:
> > That's nice for those that have control of the NAT box.
> > The Telco that provides me service at home provides me with 
> a NAT box
> > that they control - and they are uninterested in doing 
> anything special.
> > I can't bypass/replace the NAT box because it speaks some 
> odd and probably
> > proprietary stuff on the other side (it's an ISDN line).
> > 
> > So I prefer solutions that don't have to rely on configuration in
> > the NAT box yet are simpler than Teredo.
> 
> I agree here as well. I've seen -alot- of firewalls that either block,
> or don't statefully forward proto-41. Even if they did, that 
> limits IPv6
> to one end user behind the NAT. If I was using this at a Mariott for
> example, they NAT the users of their in room ethernet. I'd be
> disappointed if someone else was using v6 tunneling in the hotel,
> because it means I couldn't (Assuming they forward proto-41 to begin
> with).

IMHO we should differentiate between places where the Network
Administrator
allows such activities and places where those activities are not
allowed. If the NetAdmin doesn't want to cooperate you got a big
problem which can only be solved by playing naughty sly old fox.

A rule of thumb is that as long as you are not in control of the
local infrastructure you are not the network administrator and
should abide by the policies which are laid upon you how freakish
they might be. You are a guest of the network...

Yes, I know that sounds bad and yes it will stop 'deployment' but
if you want IPv6 at that place you might better start talking to
the people administrating that network and educate them so next
time you are there they might have it for you as a bonus.

You should note that you are opening up the local network for a
firewall bypass. And that is not always a wanted situation.
You can protect yourself, but are you also protecting other people
eg if you announce a /64 with RA and then nicely route over the tunnel ?

Clued people can always make a hole in the network if they want
it or not, but non-clued people will just break things as they
are unaware of the implications that arise from it.

Also checking the subject, we where talking about "IPv6 Home Use",
in that case you usually are the 'owner' of the IPv4 endpoint...

Though for both problems a ssh/pptp and other tunneling solutions
could work out just as well, see the other message to Erik.

Greets,
 Jeroen

References:
- RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
  - From: Paul Timmins <paul@timmins.net>

Prev by Date: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
Next by Date: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
Previous by thread: RE: IPv6 Home Use to stimulate deployment over IPv4-NAT
Next by thread: Re: IPv6 Home Use to stimulate deployment over IPv4-NAT
Index(es):
- Date
- Thread