[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-daniel-dhc-ipv6in4-opt-03.txt

To: "Karen E. Nielsen (AH/TED)" <karen.e.nielsen@ericsson.com>
Subject: RE: draft-daniel-dhc-ipv6in4-opt-03.txt
From: Pekka Savola <pekkas@netcore.fi>
Date: Mon, 14 Jun 2004 14:02:45 +0300 (EEST)
Cc: juha.wiljakka@nokia.com, <peter.grubmair@siemens.com>, <v6ops@ops.ietf.org>
In-reply-to: <C26BB8276599A44B85D52F9CE41035E1050B94B6@esealnt944.al.sw.ericsson.se>

On Fri, 11 Jun 2004, Karen E. Nielsen (AH/TED) wrote:
> In this particular context I would assume that Juha was explicitly
> referring to 3GPP usage - Could you be so kind
> as to back you statement up with some hard facts that explains why
> Isatap deployment is so very problematic in 3GPP environments - ? 

I've tried to explain these multiple times without all that much
success.  I think the worst problem is that everyone in the 3GPP
operator's network would be considered "on-link" with yourself is the
biggest problem.  I.e., direct tunneling between the 3GPP nodes.

The analogy of this approach would be connecting all the 3GPP users in
the operator's network in a single Ethernet LAN segment, and expecting
them to behave themselves with regard to each other (in particular,
note that Neighbor Discovery and many, many other protocols consider
such an environment "semi-trusted", e.g., by the use of link-local
messages and verifying that Hop Limit stays at 255).  This approach
gives me creeps.  Hence, I'd strongly prefer approaches where there
would be sufficient "insulation" from everyone else, e.g., by the use
of configured, bidirectional tunnels.

> While draft-daniel-dhc-ipv6in4-opt-03.txt seems to be everything
> we're looking for in DHCP environments and *could* be used in the
> 3GPP environment also, it may not be the obvious choice there as
> addresses are allocated by means of PDP context activation
> mechanisms and not by means of DHCP.

Yes, I don't think draft-daniel-dhc-ipv6in4-opt-03.txt is optimal in
3GPP.  You could do the discovery using DNS or a number of other
means.  Configuring the tunnel endpoint at the server's end is a
challenge not addressed in dhc-ipv6in4-opt either.  There are number
of possibilities to do that, though -- one is a pseudo-interface like
ISATAP's, the other is creating tunnels dynamically based on the
packets you receive, the one another looking up auth/identification
data from (3GPP or other) databases.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- RE: draft-daniel-dhc-ipv6in4-opt-03.txt
  - From: "Karen E. Nielsen (AH/TED)" <karen.e.nielsen@ericsson.com>

Prev by Date: Re: draft-palet-v6ops-tun-auto-disc-01.txt
Next by Date: Re: IESG evaluation of draft-ietf-v6ops-mech-v2-02.txt
Previous by thread: RE: draft-daniel-dhc-ipv6in4-opt-03.txt
Next by thread: ICANN Board to implement IPv6 in root servers
Index(es):
- Date
- Thread