[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Going forward with zero-config tunneling requirement

Tim Chown wrote:

But the 3gpp (and probably? enterprise) zct solution would be simpler for
not needing to support NAT traversal or proto 41 issues?

Yes, but the requirements should include measurable criteria for simplicity, which is hard to do.
One would also need to keep in mind that some devices probably need to
implement both the 3GPP-specific tunneling and the generic tunneling, and what would the resulting complexity be if those solutions are different compared to if it is the same solution.
Finally, simplicity in operations is probably a lot more important than simplicity in implementation in hosts and routers.

It seems the 3gpp community would also like a simple solution available quickly (i.e. yesterday :) and thus pontificating over a more complex solution would probably only lead to the 3gpp people developing the simple
solution anyway, outside the IETF process?

I think there are folks that just want the IETF to bless whatever they've already decided to build and ship; that clearly would satisfy the timeliness requirement.
But that might very well be the wrong thing to do for the Internet and IPv6 as a whole.

I think NAT traversal is adding complexity.  If there was a simple, standards
based way to do NAT traversal now, then emerging IPv6 tunnel brokers would

Whoa - "standards based"? We are talking about developing standards so we can require that the standards already exist can we?

be using it.   While TSP is nice, when it comes to implementing a tunnel
broker, this is the trickiest aspect to its design (dynamic IPv4 being another
tricky - though less so - aspect).

NAT traversal is easy for pt-pt - watch the almost RFC for IPsec (which I use today). But in v6ops we seem to conflate NAT traversal with the short-cut paths of Teredo. The short-cut paths is hard (what the the IP over large clouds IETF WGs a while back). Combining short-cuts with NATs doesn't make short-cuts easier.

I appreciate minimising the number of solutions is desirable, is there any
deployment problem having both zct and zct++ solutions?

Depends a lot of the details. For instance:
Can the hosts automatically detect which one to use?
Does the infrastructure need to support both? Can this be done without duplication i.e. reusing the same boxes?
Can the training of the operational staff be reused?

Ideally you'd want what I recently experienced upgrading from standard IPsec tunneling to IPsec-over-NAT tunneling: just get a new software version and it just works (and same thing applied to the other end of the tunnel); had to use snoop/tcpdump to indeed verify that it does something new :-)

But I fear that the complexity of short-cuts makes it hard to accomplish this; pt-pt tunnels would be easy I think.
So can we defer the requirement for short-cuts to zct version 3?
Do vanilla pt-pt in version 1, NAT traversal in version 2, and short-cuts in 3?

 Erik