[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]

To: Rob Austein <sra@isc.org>
Subject: Re: 6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]
From: Brian E Carpenter <brc@zurich.ibm.com>
Date: Sun, 14 Mar 2004 17:13:26 +0100
Cc: v6ops@ops.ietf.org
Organization: IBM
References: <Roam.SIMC.2.0.6.1079132485.7485.nordmark@bebop.france> <Pine.LNX.4.44.0403130759510.20089-100000@netcore.fi> <20040313073945.4F79E18E0@thrintun.hactrn.net>

Rob Austein wrote:
> 
> At Sat, 13 Mar 2004 08:08:51 +0200 (EET), Pekka Savola wrote:
> >
> > The chief advantage of 6to4 is its simplicity (a minimal -- but
> > insecure -- implementation can be about 5-10 lines of code!), and the
> > ability to provide a /48 prefix, instead of being run individually on
> > each system.  This could be useful especially in the cases where the
> > (NAT) gateways would implement some form of IPv6 support.  As Teredo
> > cannot support more than one address, it would not be applicable in
> > this scope.
> 
> The 6to4 edge routers I've been using for the last two or three years
> do this.  I for one would be unhappy to lose this capability.
> 
> > The disadvantage is that it's an additional mechanism, and not
> > applicable except in the space where NAT is often being used; also,
> > the security properties are worse with 6to4 than Teredo (due to its
> > simplicity).
> 
> With all due respect, the second clause of that sentence is a cheap
> shot.  6to4 can be implemented well or poorly and can be used well or
> poorly.  Packet filtering works just fine on an edge router if one
> bothers to turn it on.  I do not believe that giving 6to4's job to
> Terado would really solve any security problems; at best it would
> transform them, and in some cases it would probably make them worse by
> replacing a simple solution with a more complex one.
> 
> > Depending on how strongly people feel about the necessity of this
> > optimization and providing an easy means for (NAT) gateway vendors to
> > add basic IPv6 support, 6to4 could be retained, or we could try to
> > figure out whether Teredo spec needs to be re-evaluated for the case
> > when there is no NAT traversal at all.
> 
> Terado is excessively complex for the case of a user who wants IPv6
> capability from an IPv4-only ISP and has the ability to replace the
> NAT box.  Yes, Terado could probably be used in this case instead of
> 6to4; pigs also fly just fine, given sufficient thrust [RFC1925], but
> that doesn't make either of these a good idea.
> 
> Please retain 6to4.

Not surprisingly, I agree :-)

But in any case, I think it is out of the IETF's hands at this point.
6to4 will die when it no longer serves any purpose.

   Brian

Follow-Ups:
- Re: 6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]
  - From: Pekka Savola <pekkas@netcore.fi>

References:
- Re: Tunneling scenarios and mechanisms evaluation
  - From: Erik Nordmark <Erik.Nordmark@sun.com>
- 6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: 6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]
  - From: Rob Austein <sra@isc.org>

Prev by Date: RE: tunnel broker deployment [RE: Tunneling scenarios and mechanisms evaluation]
Next by Date: Re: 6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]
Previous by thread: Re: 6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]
Next by thread: Re: 6to4 being replaced by Teredo only? [Re: Tunneling scenarios and mechanisms evaluation]
Index(es):
- Date
- Thread