Le dimanche 19 août 2007, vous avez écrit :
Many university campus networks (and large businesses that have been
around for some time, etc.) run non-RFC1918 addresses internally.
They then NAT, proxy or statefully filter traffic through their
border. If someone has a better name than "campus" for this, then
then I'm all ears - I realise it's not accurate at all.
I have had cases were proto-41 was statelessly firewalled as well (no
NAT though). One was a "campus" network, but I have also met this
problem on some commercial Wi-Fi networks.
My understanding of Windows (and to some extent some Linuxes and
BSDs) 6to4 behaviour is that when they detect an interface with a
non- RFC1918 IPv4 address, they bring up 6to4.
Yes.
And they also start sending router advertisements, regardless of
any "administered" IPv6 router on the network.
While this is fine for networks that don't filter or otherwise mess
with IP protocol 41, this causes big problems for users behind
networks that filter or NAT.
Exactly.
(...)
Has anyone given thought to a 6to4 'qualification' procedure for
auto- configured 6to4? Such a procedure could be as simple as sending
an ICMPv6 echo request to 2002:c058:6301:: (192.88.99.1) and bringing
the interface up if there is an acceptable response.
I have considered this. It does not work. You will see that, ok,
proto-41 is not statelessly firewalled. But that is not sufficient
since 6to4 is relayed asymetrically between 6to4 nodes and the native
IPv6 Internet.
For proper detection, you would need to ping a native IPv6 node, which
you know will reply through an outbound 6to4 relay that encapsulates
packets with a source address different from 192.88.99.1. If that
works, there's good chance that there is no firewalling at all (or some
kind of "cone" firewalling).