[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
> On Aug 27, 2008, at 03:17, Mark Smith wrote:
> > * Native IPv6 CPE security, plus IPv4 security/functionality
> > requirements to support IPv6 transition via IPv4 tunnelling
>
> It was my understanding that this is the proper scope, not the
> alternatives you mentioned.
If the scope includes IPv6-over-IPv4 tunnels, then there are two
network topologies:
1. CPE gets a single IPv4 address and is an IPv4 NAPT, or
2. the residential user gets one IPv4 address for each
device in their home that wants to do a IPv6-over-IPv4
tunnel.
If (1), I don't see how unsolicited incoming packets can be
directed to the correct host behind the IPv4 NAPT.
If (2), we are outside the realm of simple residential networks -- they only
have one IPv4 address. We can't plan for more to become common as we approach
IPv4 exhaustion.
Is there another network topology that I am missing?
-d