[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More comments on draft-palet-v6ops-proto41-nat-00.txt

To: v6ops@ops.ietf.org
Subject: More comments on draft-palet-v6ops-proto41-nat-00.txt
From: Carlos Friacas <cfriacas@fccn.pt>
Date: Mon, 14 Jul 2003 11:09:53 +0100 (WEST)
In-reply-to: <008d01c348ba$86072d00$210d640a@unfix.org>

Hello All,

I have some questions:


[1, Introduction]

+ "routers or tunnel servers" ~= "tunnel brokers" ?

  "(...) with a manual configuration at the IPv6 router tunnel-end."
  It isnt feasible for a service you intend to sell. using manual
  configurations on routers simply isnt scalable.

+ reference to [3]

  I still dont understand why a project focused on
  Internet Exchanges (IXPs/NAPs/...) may have anything to do with NAT
  boxes and tunnels. End-users shouldnt be a topic. People managing
  networks, BGP and AS numbers should.

+ "big opportunity to rapidly deploy a huge number of nodes and networks"

  You mean, nodes of tunnel brokers?
  networks? ...using a router as a NAT client? it may seem as a good "hack
  idea" to use a laptop for this.
  a theoretical question -- does the community want rapid deployment? with
  high RTTs and high chance of self-denial-of-service ?
  ...or is it a way to kill IPv6 faster?

+ last paragraph

  You are listing the need to:
  - change tunnel brokers
  - change something in some operating systems (which ones?)
  Wouldnt be easier to v6-ize the NAT boxes? (dont know if it would be a
  good idea, as we dont need NAT boxes in the native IPv6 world...)


[4, Applicability]

+ "The most usual scope of application of this technology seems to be
   SOHO and home environments, but is not limited to these."
  Do you mind to specify more environments? I think it would be important
  to specify, if they exist.


[5, NAT design considerations]

+ "New firmware/software versions of the NAT implementations should
   ensure the support of protocol-41 forwarding."

  I would add: ", and the means for its administrator to turn it on and
  off".
  As an example, we wouldnt want anyone using a connection to a tunnel
  broker if native IPv6 is available on the wire/air.
  Mandatory support for protocol-41 forwarding seems unnappropriate, as
  tunnels usage will fade away (as a method of getting IPv6 connectivity).


[7, Security]

+ (more)

  The mechanism of forwarding protocol 41 might be considered a serious
  security issue in some organizations. Those wanting to restrict access
  to some applications/networks for instance. They can/do provide IPv4
  and native IPv6, but with a well-defined set of filtering rules. Using
  (standardizing) a mecanism that permits clients to override the set of
  rules seems dangerous. If vendors start(or continue) to permit
  forwarding of protocol 41 in their factory defaults (expressely or
  somewhat hidden) ops people can have a new plague to toy around, when
  native (and filtered) IPv6 is in place.



Regards,

./Carlos                                                "Networking is fun!"
--------------         [http://www.ip6.fccn.pt]           http://www.fccn.pt
<cfriacas@fccn.pt>, CMF8-RIPE, CF596-ARIN, Wide Area Network Workgroup
F.C.C.N. - Fundacao para a Computacao Cientifica Nacional fax:+351 218472167
                [ See me @ h323:videoconf05.fccn.pt]
  "Internet is just routes (125953/461), naming (millions) and... people!"

Follow-Ups:
- Re: More comments on draft-palet-v6ops-proto41-nat-00.txt
  - From: "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es>

References:
- RE: comments on draft-palet-v6ops-proto41-nat-00.txt
  - From: "Jeroen Massar" <jeroen@unfix.org>

Prev by Date: RE: comments on draft-lind-v6ops-isp-scenarios-00.txt
Next by Date: Re: comments on roy-v6ops-v6onbydefault-01
Previous by thread: RE: comments on draft-palet-v6ops-proto41-nat-00.txt
Next by thread: Re: More comments on draft-palet-v6ops-proto41-nat-00.txt
Index(es):
- Date
- Thread