[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 6to4 vs forwarding IP proto41 in NAT

To: "Alain Durand" <Alain.Durand@Sun.COM>,<v6ops@ops.ietf.org>
Subject: RE: 6to4 vs forwarding IP proto41 in NAT
From: "Christian Huitema" <huitema@windows.microsoft.com>
Date: Tue, 15 Jul 2003 08:17:33 -0700

No, it will not work. The NAT that implements 6to4 will decapsulate all packets that it receives as if they were meant for the local 6to4 router. If the packets have a "wrong" destination address, it should implement the behavior recommended in the 6to4 security recommendations, i.e. drop the packet. 

________________________________

From: owner-v6ops@ops.ietf.org on behalf of Alain Durand
Sent: Tue 7/15/2003 8:01 AM
To: v6ops@ops.ietf.org
Subject: 6to4 vs forwarding IP proto41 in NAT

A NAT box could do the following when receiving an IPv6 packet
encapsulated in IPv4 with proto 41:

If IPv6 dst does not belong to the local 6to4 /48 prefix, forward
internally,
else decapsulate.

Why will will not work?

        - Alain.

Prev by Date: Re: comment on draft-palet-v6ops-proto41-nat-00.txt discussion
Next by Date: RE: comment on draft-palet-v6ops-proto41-nat-00.txt discussion
Previous by thread: Re: 6to4 vs forwarding IP proto41 in NAT
Next by thread: RE: 6to4 vs forwarding IP proto41 in NAT
Index(es):
- Date
- Thread