[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed Resolution of Issues [1-37]

To: Tim Chown <tjc@ecs.soton.ac.uk>
Subject: Re: Proposed Resolution of Issues [1-37]
From: "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
Date: Fri, 21 Oct 2005 21:47:57 +0200
Cc: v6ops@ops.ietf.org
In-reply-to: <20050902083300.GL17558@login.ecs.soton.ac.uk>
References: <4.3.2.7.2.20050901124115.04916658@strange-brew> <4.3.2.7.2.20050901124115.04916658@strange-brew>

At 09:33 2/09/2005 +0100, Tim Chown wrote:

Issue 24 - so what text will you use? :)

In the background Elwyn worked with us on this aspect. The
text to replace Ch4.4 is below. We feel that text looks more balanced now.
This replacement text will be in the NAP-02 draft.

<snip>
4.4. Privacy and Topology Hiding using IPv6

   Partial host privacy is achieved in IPv6 using pseudo-random privacy
   addresses [RFC 3041] which are generated as required, so that a
   session can use an address that is valid only for a limited time.
   Exactly as with IPv4 NAT, this only allows such a session to be
   traced back to the subnet that originates it, but not immediately to
   the actual host.

   Due to the large IPv6 address space available there is plenty of
   freedom to randomize subnet allocations. By doing this, it is
   possible to reduce the correlation between a subnet and its location.
   When doing both subnet and IID randomization [RFC 3041] a casual
   snooper won't be able to deduce much about the networks topology.
   The obtaining of a single address will tell the snooper very little
   about other addresses. This is different from IPv4 where address
   space limitations cause this to be not true. In most usage cases
   this concept should be sufficient for address privacy and topology
   hiding.

   In the case where a network administrator wishes to fully conceal the
   internal IPv6 topology, and the majority of its host computer
   addresses, a possible option is to run all internal traffic using
   Unique Local Addresses (ULA) since such packets can by definition
   never exit the site. For hosts that do in fact need to generate
   external traffic, by using multiple IPv6 addresses (ULAs and one or
   more global addresses), it will be possible to hide and mask some or
   all of the internal network. As discussed in Section 3.1, there are
   multiple parts to the IPv6 address, and different techniques to
   manage privacy for each.

   There are two possible scenarios for the extreme situation when a
   network manager also wishes to fully conceal the internal IPv6
   topology.

   o One could use explicit host routes and remove the correlation
      between location and IPv6 address. This solution does however
      show severe scalability issues.
   o The other technology to fully hide the internal topology would be
      to use a tunneling mechanism. Mobile IPv6 without route
      optimization is one example. In this example the public facing
      addresses are indirected via an edge Home Agent (HA). This
      indirection method truly masks the internal topology as all nodes
      with global access appear to share a common subnet. The downside
      of using this method is that it makes usage of middleware like a
      Home Agent (HA).

<end snip>

Brgds,
G/

References:
- Proposed Resolution of Issues [1-37]
  - From: "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
- Re: Proposed Resolution of Issues [1-37]
  - From: Tim Chown <tjc@ecs.soton.ac.uk>

Prev by Date: Re: I-D ACTION:draft-ietf-v6ops-icmpv6-filtering-bcp-00.txt
Next by Date: I-D ACTION:draft-ietf-v6ops-natpt-to-exprmntl-03.txt
Previous by thread: Re: Proposed Resolution of Issues [1-37]
Next by thread: [draft-ietf-v6ops-nap-01.txt] Proposed Resolution of Issues [1-37]
Index(es):
- Date
- Thread