[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 6to4 anycast IP as source address / PTR record
On Wed, 30 Jan 2008, Kevin Loch wrote:
Kevin Day wrote:
Quick poll:
When a 6to4 relay encapsulates v6 traffic and sends it to a 6to4 host over
v4, should the source address be 192.88.99.1 or the relay's v4 unicast
address?
Stateful firewalls would prefer that the return traffic come from
192.88.99.1 (assuming they properly handle proto 41 traffic).
The scenario is 6to4 to 6to4. Both ends would ideally be encapsulating
traffic directly to the other's IPv4 address. Relay via 192.88.99.1 need
not be involved. In that situation you'd probably want the 6to4 host to
use it's own IPv4 address as the source if it has to deal with a firewall.
192.88.99.1 is really required when traffic is between a 6to4 host and a
native IPv6 host as there's really no other way to reach the latter. The
latter will punt to it's default gateway and the packets will eventually
egress from a 6to4 border relay on it's way to the 6to4 host.
So the 'ideal' behaviour of the encapsulator (to deal with firewalls)
really depends on whether the source address of the IPv6 packet is native
or a 6to4 address. A 6to4 host talking to 6to4 can still encap to a relay
if it wanted to but 1) it's not as efficient, and 2) probably more likely
to run afoul of firewalls.
Antonio Querubin
whois: AQ7-ARIN