6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]

[Pekka Savola <pekkas@netcore.fi>]

On Fri, 12 Mar 2004, Erik Nordmark wrote:
> > > 5)
> > > what about the others, like 6to4? Do we still need this despite the 
> > > issues with the relays?
> > 
> > Unfortunately, I think yes -- in the unmanaged case where there is no 
> > ISP support ...
> 
> ...and there is no IPv4 NAT.
> 
> I wonder if we can simplify things by using Teredo in the case when there is
> no ISP support whether or not there is a NAT.
>
> If that makes sense we would have to worry as much about how 6to4
> and Teredo boxes talk to each other, but only about Teredo and
> native talk to each other.

Yes -- I think 6to4 is an optimization for the unmanaged case when 
there happens to be no NAT.

The chief advantage of 6to4 is its simplicity (a minimal -- but
insecure -- implementation can be about 5-10 lines of code!), and the
ability to provide a /48 prefix, instead of being run individually on
each system.  This could be useful especially in the cases where the 
(NAT) gateways would implement some form of IPv6 support.  As Teredo 
cannot support more than one address, it would not be applicable in 
this scope.

The disadvantage is that it's an additional mechanism, and not
applicable except in the space where NAT is often being used; also,
the security properties are worse with 6to4 than Teredo (due to its
simplicity).

Depending on how strongly people feel about the necessity of this
optimization and providing an easy means for (NAT) gateway vendors to
add basic IPv6 support, 6to4 could be retained, or we could try to
figure out whether Teredo spec needs to be re-evaluated for the case
when there is no NAT traversal at all.

Thoughts?

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings