[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
>My confusion -- which persists even after reading your email -- is
>what this home network (with a dual-stack CPE) looks like: which
>device(s) terminate IPv6-over-IPv4 tunnels (the CPE itself? Or a
>host behind the CPE?), which devices get IPv4 addresses (only the
>CPE itself, or also devices behind the CPE?), and so on.
In the case of unsolicited incoming IPv6-in-IPv4 packets,
if the CPE is a 6to4 or ISATAP router, the CPE terminates
the tunnel. (If the site behind the CPE uses ISATAP, the
packets are then admitted into a *different* tunnel that
spans the site behind the CPE.)
If the CPE is *not* configured as either a 6to4 or ISATAP
router, a Teredo tunnel could still be used to direct
encapsulated packets through an open port in the CPE
and to the final destination within the site. (That is,
if the port is being kept open through keepalives sent
by the final destination.)
I haven't read the draft, but I'm pretty sure this stuff
is well known within the v6ops community; does the draft
fail to mention and/or misrepresent any of the above?
Fred
fred.l.templin@boeing.com