[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 6to4 anycast IP as source address / PTR record
On 2008-01-31 19:34, Antonio Querubin wrote:
> On Wed, 30 Jan 2008, Kevin Loch wrote:
>
>> Kevin Day wrote:
>>>
>>> Quick poll:
>>>
>>> When a 6to4 relay encapsulates v6 traffic and sends it to a 6to4 host
>>> over v4, should the source address be 192.88.99.1 or the relay's v4
>>> unicast address?
>>
>> Stateful firewalls would prefer that the return traffic come from
>> 192.88.99.1 (assuming they properly handle proto 41 traffic).
>
> The scenario is 6to4 to 6to4.
I thought that was exactly the scenario Kevin was *not*
asking about. In that case it's obvious that each 6to4 box
will use its own IPv4 address as source (which is why it's
not mentioned in RFC 3056 - because it's obvious).
Brian
> Both ends would ideally be encapsulating
> traffic directly to the other's IPv4 address. Relay via 192.88.99.1
> need not be involved. In that situation you'd probably want the 6to4
> host to use it's own IPv4 address as the source if it has to deal with a
> firewall.
>
> 192.88.99.1 is really required when traffic is between a 6to4 host and a
> native IPv6 host as there's really no other way to reach the latter.
> The latter will punt to it's default gateway and the packets will
> eventually egress from a 6to4 border relay on it's way to the 6to4 host.
>
> So the 'ideal' behaviour of the encapsulator (to deal with firewalls)
> really depends on whether the source address of the IPv6 packet is
> native or a 6to4 address. A 6to4 host talking to 6to4 can still encap
> to a relay if it wanted to but 1) it's not as efficient, and 2) probably
> more likely to run afoul of firewalls.
>
>
> Antonio Querubin
> whois: AQ7-ARIN
>
>