[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opportunistic Tunneling

To: Pekka Savola <pekkas@netcore.fi>, JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
Subject: Re: Opportunistic Tunneling
From: Marc Blanchet <Marc.Blanchet@viagenie.qc.ca>
Date: Mon, 23 Feb 2004 21:09:42 -0500
Cc: v6ops@ops.ietf.org
In-reply-to: <Pine.LNX.4.44.0402231115500.25163-100000@netcore.fi>
References: <Pine.LNX.4.44.0402231115500.25163-100000@netcore.fi>


-- Monday, February 23, 2004 11:19:16 +0200 Pekka Savola
<pekkas@netcore.fi> wrote/a ecrit:

> On Fri, 20 Feb 2004, JORDI PALET MARTINEZ wrote:
>> > Responding a to few points you raised..
>> > 
>> > On Tue, 17 Feb 2004, JORDI PALET MARTINEZ wrote:
>> > > I believe proto-41 is also one of the proposals on the table for
>> > > both unmanaged and 3GPP.
>> > > 
>> > > For example, TSP can make use of it. We also have a Tunnel Broker
>> > > implementation that does.
>> > 
>> > Note that while proto-41 forwarding is probably useful in e.g. 
>> > unmanaged scope in general, it is not really applicable to this 
>> > specific topic, "opportunistic tunneling", where the tunneling is 
>> > autoomatic, and requires no supporting ISPs.  E.g., tunnel brokers are 
>> > out of scope for this topic.
>> > 
>> > Ignoring proto-41 however...
>> 
>> It will depend on what we consider "opportunistic". For me is clear
>> that we can have tunnel brokers that work like 6to4, i.e., no user
>> registration. Then you use proto-41 (or other means) ... also TSP
>> here can play the game, if no user authentication is required.
> 
> I guess this could be possible in theory.  User authentication will 
> probably always be there, though.  The user and the ISP have to set up 
> some kind of authentication to ensure that nobody else can hijack the 
> tunnel, at least -- not considering the non-technical requirements, 
> such as the economic (non-incentive) for deploying such an anonymous 
> tunnel service, which would probably lead to a lot of trouble in the 
> long run (abuse reports from your netblock, increased traffic ~= 
> bigger payments to your transit operators, etc.).

in TSP anonymous mode, one can filter TSP requests to his own autonomous
system. This is really just a management function, not related to the TSP
protocol itself. 

in TSP authentication mode, then the AAA database is used.

> 
> So, this approach would seem to have both technical and non-technical
> constraints why its feasibility is a bit questionable.

TSP is deployed live in many organisations at this point. 

Marc.

> 
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> 
> 



------------------------------------------
Marc Blanchet
Hexago
tel: +1-418-266-5533x225
------------------------------------------
http://www.freenet6.net: IPv6 connectivity
------------------------------------------

References:
- Re: Opportunistic Tunneling
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: Opportunistic Tunneling
Next by Date: Re: draft-palet-v6ops-ipv6security-00
Previous by thread: RE: Opportunistic Tunneling
Next by thread: Re: Opportunistic Tunneling
Index(es):
- Date
- Thread