[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 6to4 and 'campus' networks

To: "Nathan Ward" <v6ops@daork.net>, "v6ops WG" <v6ops@ops.ietf.org>
Subject: RE: 6to4 and 'campus' networks
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Date: Mon, 20 Aug 2007 08:25:38 -0700
In-reply-to: <0DE4BD1E-F9CE-4337-A977-568061A057A6@daork.net>
References: <0DE4BD1E-F9CE-4337-A977-568061A057A6@daork.net>

> Many university campus networks (and large businesses that have been  
> around for some time, etc.) run non-RFC1918 addresses internally.  
> They then NAT, proxy or statefully filter traffic through their  
> border. If someone has a better name than "campus" for this, then  
> then I'm all ears - I realise it's not accurate at all.

I think the term "enterprise" has also been used?

Fred
fred.l.templin@boeing.com

> My understanding of Windows (and to some extent some Linuxes and  
> BSDs) 6to4 behaviour is that when they detect an interface 
> with a non- 
> RFC1918 IPv4 address, they bring up 6to4.
> 
> While this is fine for networks that don't filter or otherwise mess  
> with IP protocol 41, this causes big problems for users behind  
> networks that filter or NAT.
> 
> When I recently turned on AAAA records on a fairly decently sized  
> traffic website of mine, the most comments about reachability came  
> from people on 'campus' style networks, as described above. AAAA  
> records are now turned off for that site, for obvious reasons. These  
> were all non-technical users with Vista on their machines.
> 
> Has anyone given thought to a 6to4 'qualification' procedure 
> for auto- 
> configured 6to4? Such a procedure could be as simple as sending an  
> ICMPv6 echo request to 2002:c058:6301:: (192.88.99.1) and bringing  
> the interface up if there is an acceptable response.
> 
> 
> 
> Note that I accept that in an ideal world, administrators of 
> networks  
> like this would block traffic to 192.88.99.1, and return an ICMP  
> unreachable message of some flavour, so that when we try and 
> reach an  
> IPv6 connected host, we instantly realise 6to4 is unusable 
> (and maybe  
> even fall back to Teredo or something, instead of IPv4). In the real  
> world however, expecting all the administrators of these types of  
> networks to make changes like this is fairly unreasonable, and as I  
> mention, it's a fairly big problem for anyone wanting to roll out  
> AAAA records to production stuff, right now.
> 
> --
> Nathan Ward
> 
>

References:
- 6to4 and 'campus' networks
  - From: Nathan Ward <v6ops@daork.net>

Prev by Date: Rethinking autoconfig
Next by Date: Re: Any work on 4to6?
Previous by thread: Re: 6to4 and 'campus' networks
Next by thread: Rethinking autoconfig
Index(es):
- Date
- Thread