[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
From: james woodyatt <jhw@apple.com>
Date: Wed, 27 Aug 2008 17:54:07 -0700
Cc: Dan Wing <dwing@cisco.com>
In-reply-to: <0e6001c908a2$b8fcf700$c2f0200a@cisco.com>
References: <20080824204553.08131c65.ipng@69706e6720323030352d30312d31340a.nosense.org> <48B1CCE8.1070305@gmail.com> <01af01c9065b$b4602440$c2f0200a@cisco.com> <48B23391.1090503@gmail.com> <01cd01c90672$a57c8790$c2f0200a@cisco.com> <48B31DA3.6080001@gmail.com> <07d201c906f7$50a85e30$c2f0200a@cisco.com> <48B32B43.5010103@gmail.com> <084c01c906fe$f9bf1840$c2f0200a@cisco.com> <48B33430.40704@gmail.com> <A31EB889-2BD9-4283-A408-AB6DCC1D568A@suspicious.org> <08be01c90712$d876cd40$c2f0200a@cisco.com> <20080827194713.23271bd1.ipng@69706e6720323030352d30312d31340a.nosense.org> <CD947C45-58F7-47F1-807F-A276490B1E39@apple.com> <0e6001c908a2$b8fcf700$c2f0200a@cisco.com>

On Aug 27, 2008, at 17:12, Dan Wing wrote:

[I wrote:]

On Aug 27, 2008, at 03:17, Mark Smith wrote:

* Native IPv6 CPE security, plus IPv4 security/functionality
requirements to support IPv6 transition via IPv4 tunnelling


It was my understanding that this is the proper scope, not the
alternatives you mentioned.


If the scope includes IPv6-over-IPv4 tunnels, then there are two
network topologies:

 1.  CPE gets a single IPv4 address and is an IPv4 NAPT, or
 2.  the residential user gets one IPv4 address for each
     device in their home that wants to do a IPv6-over-IPv4
     tunnel.

If (1), I don't see how unsolicited incoming packets can be
directed to the correct host behind the IPv4 NAPT.

If (2), we are outside the realm of simple residential networks --they onlyhave one IPv4 address. We can't plan for more to become common aswe approach

IPv4 exhaustion.

Is there another network topology that I am missing?

Ah. I see the confusion. In the scope of the whole draft, we aretalking about CPE that can include dual-stack transition mechanisms.In the specific scope of R23, the words "upper layer protocol" areintended to imply only IPv6 as the outer layer (which may itself betunneled in an IPv4 transition mechanism, but the filteringrecommendations in this draft are intended for use in applying filtersinside the tunnel, not to the outside).

We are not trying to make recommendations about IPv4 simple securityin this draft. This could be made more clear.



--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: "Dan Wing" <dwing@cisco.com>

References:
- Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Truman Boyes <truman@suspicious.org>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: james woodyatt <jhw@apple.com>
- RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: "Dan Wing" <dwing@cisco.com>

Prev by Date: RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Next by Date: RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Previous by thread: RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Next by thread: RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Index(es):
- Date
- Thread