On Wed, 2004-05-05 at 07:41, Pekka Savola wrote: > On Tue, 4 May 2004, Christian Huitema wrote: > > > How widely is IP proto 41 forwarding deployed? If it is not much, > > > I suppose that forcing an extra layer of encapsulation would > > > not be that terrible... and also would allow for more than one > > > tunnel to go through the NAT box. > > > So, I do not think that detecting NAT proto 41 forwarding is > > > an important requirement. > > > > You have to be concerned with the case when there are two hosts doing > > this behind the same NAT. At most one of them will get proto 41 > > connectivity. If one got it and a second tries, the first one will loose > > it. The support issues are going to be interesting. > > This is a good point to keep in mind, seems to clear call for using > UDP encapsulation in all the NAT traversal cases by default. The > implementations might have a manual means to force using proto-41, but > even that might be far-fetched. I suggest that a TB (or any other method for that matter) should support both proto-41 and udp as an encaps method. Technically speaking it shouldn't be much of a difference, either the IPv6 packets come inside proto-41 or inside udp packets. What actually where the reasons for not using UDP at the time and going for a seperate protocol that became proto-41? The same goes for TCP btw, but TCP has inherent latency issues as I have tested out with tinc (http://tinc.nl.linux.org) but one is able to setup something like: IPv6 over tinc in TCP over http(s)tunnel and thus repeat after me "which firewall?" ;) Using UDP is much smoother and doesn't seem to differ from proto-41 usage and the main advantage is that it does cross a NAT. As long as source/dest port pairs differ it should not be a problem to have multiple hosts behind a single NAT and one TB on the outside either. This is a setup which we are testing in .it btw... Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part