[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enhanced SIIT

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: Enhanced SIIT
From: "Todd T. Fries" <todd@fries.net>
Date: Thu, 18 Oct 2007 06:49:16 -0500
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, IPv6 Operations <v6ops@ops.ietf.org>, Jari Arkko <jari.arkko@piuha.net>
In-reply-to: <207A918F-91F0-4B3B-971B-47BFDAC95746@muada.com>
References: <42AD25EF-5818-41F4-AB1D-C0D41B60ACCA@muada.com> <47167542.1020309@gmail.com> <207A918F-91F0-4B3B-971B-47BFDAC95746@muada.com>
Reply-to: todd@fries.net
User-agent: Mutt/1.5.12-2006-07-14

'not too big a deal to modify a v4 host'

uh. what corner of academia are you smoking?

The bar to change IPv4 hosts to talk IPv6 is exactly the same as updating
the IPv4 protocol to talk some fancy backwards objectionable protocol
``enhancement'' that hides IPv6 under the hood.

If you're a v4 host wanting to talk to v6 land, visit:

	http://freedaemonconsulting.com.ipv4.sixxs.org/

If you're a v6 host wanting to talk to v4 land, visit:

	http://google.com.ipv6.sixxs.org/

Proxies are indeed a valid transition mechanism, they are in place and
working, today.

What you propose adds more bandaids to IPv4 and further muddies and confuses
the waters.

Do you not realize why IPv4 mapped addresses were a bad idea?

    http://ipv6samurais.com/ipv6samurais/openbsd-audit/draft-cmetz-v6ops-v4mapped-api-harmful-01.txt
    http://ipv6samurais.com/ipv6samurais/openbsd-audit/draft-itojun-v6ops-v4mapped-harmful-02.txt

I beg you to consider that your proposal is no different in that regard
with regards to security, but in addition, it is worse, as it changes the
IPv4 stack itself.

Ugh.
-- 
Todd Fries .. todd@fries.net

 _____________________________________________
|                                             \  1.636.410.0632 (voice)
| Free Daemon Consulting                      \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| "..in support of free software solutions."  \          250797 (FWD)
|                                             \
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                                 
              37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
                        http://todd.fries.net/pgp.txt

Penned by Iljitsch van Beijnum on 20071018 10:04.54, we have:
| On 17-okt-2007, at 22:49, Brian E Carpenter wrote:
| 
| >In my opinion we have to be very systematic about this. The only way
| >that we can avoid the intrinsic problems of stateless translation
| >seems to be to have awareness at the IPv6 end that translation is
| >happening.
| 
| Note that my draft goes in the opposite direction and imposes new  
| requirements on the IPv4 side rather than the IPv6 side. I do agree  
| that having an unmodified IPv4 host talk to an unmodified IPv6 host  
| is problematic if you want to avoid NAT.
| 
| Being able to talk to unmodified IPv4 hosts is attractive in the  
| short term because there are so many of them. But being able to keep  
| IPv6 clean is attractive in the long term.
| 
| The effort to update either would be approximately the same, in my  
| opinion, because all current OSes support both IP versions. The big  
| difference would be in the appliances such as firewalls and load  
| balancers.
| 
| The way I see it, the large value isn't in making a random IPv6 host  
| talk to a random IPv4 host. Rather, it's allowing a random IPv6 host  
| to talk to the infrastructures of large content networks that exist  
| in IPv4 which seem to be having a hard time moving to IPv6.
| 
| As far as having the IPv6 host know about the translation: a very  
| simple way to do this is with proxies. Today, applications need to  
| know about proxies but I don't think it would be too hard to make the  
| OS support this. I.e., when an IPv6-only host wants to set up a TCP  
| session towards an IPv4-only host, the stack intercepts the request,  
| connects to a proxy and asks the proxy to set up a session towards  
| the IPv4 address in question. When the connection is there, the TCP  
| session is given to the application.

Follow-Ups:
- Re: Enhanced SIIT
  - From: Antonio Querubin <tony@lava.net>
- Re: Enhanced SIIT
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Enhanced SIIT
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Enhanced SIIT
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: Enhanced SIIT
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: Enhanced SIIT
Next by Date: Re: Enhanced SIIT
Previous by thread: Re: Enhanced SIIT
Next by thread: Re: Enhanced SIIT
Index(es):
- Date
- Thread