[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISATAP links connect router interfaces (was: RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt)

To: "Bound, Jim" <Jim.Bound@hp.com>
Subject: ISATAP links connect *router* interfaces (was: RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt)
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Date: Mon, 9 Apr 2007 09:36:04 -0700
Cc: <v6ops@ops.ietf.org>
In-reply-to: <816DD9299957E547B5D758D7F977D6DC01B6192A@tayexc14.americas.cpqcorp.net>
References: <816DD9299957E547B5D758D7F977D6DC01B2D6EA@tayexc14.americas.cpqcorp.net> <2C9EA52903BE104EB172E2DB1FD48D9D0248D095@xmb-ams-331.emea.cisco.com> <816DD9299957E547B5D758D7F977D6DC01B2DA1B@tayexc14.americas.cpqcorp.net> <39C363776A4E8C4A94691D2BD9D1C9A101774890@XCH-NW-7V2.nw.nos.boeing.com> <816DD9299957E547B5D758D7F977D6DC01B6192A@tayexc14.americas.cpqcorp.net>

Hi Jim,

Thanks for your comments, and just one thing to follow
up on for now under a new subject heading: 
 
> Anytime a node tunnels packets to support a virtualized state such as
> ISATAP does to support neighbor discovery has notes that should be
> stated.  That is what I mean by health warnings.  For example nodes
> should not be using this mechanism to subvert the addressing 
> policy and
> use of IPv6 communications without be authorized, etc.

I think there has been for a long time a fundamental
misunderstanding of the ISATAP domain of applicability.
In particular, the ISATAP virtual link connects *router*
interfaces; not host interfaces. As such, packets are not
delivered to/from host interfaces attached to the ISATAP
virtual link; they are forwarded *through* router
interfaces attached to the link.

Therefore, IPv6 packets sent by hosts only traverse
the ISATAP virtual link by being forwarded via a router.
And, since encryption/authentication is required for the
IPv6 packets that are forwarded by a router across the
ISATAP virual link, there is nothing that could happen on
the ISATAP virtual link itself that would compromise IPv6
security.

Fred
fred.l.templin@boeing.com

Follow-Ups:
- Re: ISATAP links connect *router* interfaces
  - From: Brian E Carpenter <brc@zurich.ibm.com>

References:
- RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt
  - From: "Bound, Jim" <Jim.Bound@hp.com>
- RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt
  - From: "Gunter Van de Velde \(gvandeve\)" <gvandeve@cisco.com>
- RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt
  - From: "Bound, Jim" <Jim.Bound@hp.com>
- RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt
  - From: "Bound, Jim" <Jim.Bound@hp.com>

Prev by Date: RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt
Next by Date: IPv6-PMP?
Previous by thread: RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt
Next by thread: Re: ISATAP links connect *router* interfaces
Index(es):
- Date
- Thread

ISATAP links connect *router* interfaces (was: RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt)

ISATAP links connect router interfaces (was: RE: I-D ACTION:draft-ietf-v6ops-addcon-03.txt)