guidelines for the operation of a shared IPv4/IPv6 Internet

itojun | 1 Aug 2003 01:26

Re: Automatic tunnels

>Which type of abuse are you concerned with? We can deploy native-to-6to4
>relays in several modes:
>
> - host specific=20
>	(host is multi-homed to 6to4, local routing entry to 2002::/16)
> - AS specific=20
>	(some routers act as relay, export a route to 2002::/16 in IGP)
> - Across multiple AS
>	(export a route to 2002::/16 in BGP)
>
>The first two modes don't seem particularly prone to abuse. Host
>specific relays certainly are not an issue, and the abuse to AS specific
>relay fall in the general category of "abusing peering agreements",
>which is by no means specific to 6to4. I agree that exporting a route
>through BGP is hard to control, as the route can be re-exported by
>peering ASes. But, again, this fall in the category of "peering abuses",
>which can be contained by proper peering contracts.

	we are afraid of our native-to-6to4 device being used as open relay
	of packet (bullet 3 in the above, of course).  the IPv4 source address
	will be ours, so we will get compliants from random people, because of
	malicious traffic from somewhere to 2002::/16.  running 6to4 relay
	router is like running open relay smtp server.

itojun

Christian Huitema | 1 Aug 2003 02:59

Picon

RE: Automatic tunnels

> >Which type of abuse are you concerned with? We can deploy
native-to-6to4
> >relays in several modes:
> >
> > - host specific=20
> >	(host is multi-homed to 6to4, local routing entry to 2002::/16)
> > - AS specific=20
> >	(some routers act as relay, export a route to 2002::/16 in IGP)
> > - Across multiple AS
> >	(export a route to 2002::/16 in BGP)
> >
> >The first two modes don't seem particularly prone to abuse. Host
> >specific relays certainly are not an issue, and the abuse to AS
specific
> >relay fall in the general category of "abusing peering agreements",
> >which is by no means specific to 6to4. I agree that exporting a route
> >through BGP is hard to control, as the route can be re-exported by
> >peering ASes. But, again, this fall in the category of "peering
abuses",
> >which can be contained by proper peering contracts.
> 
> 	we are afraid of our native-to-6to4 device being used as open
relay
> 	of packet (bullet 3 in the above, of course).  the IPv4 source
> address
> 	will be ours, so we will get compliants from random people,
because
> of
> 	malicious traffic from somewhere to 2002::/16.  running 6to4
relay

(Continue reading)

Bob Fink | 2 Aug 2003 06:32

draft minutes of v6ops

The draft minutes from the v6ops working group sessions at the Vienna IETF 
are available at the url below.

Note that Bob has constructed this from various sets of notes sent to him, 
as he didn't attend the meeting. So please review carefully and send us 
comments and corrections.

<http://www.6bone.net/v6ops/minutes/index.htm>

Thanks,

Bob, Pekka & Margaret

Bound, Jim | 3 Aug 2003 18:45

Picon

RE: Defintion of Automatic tunnels

100% agree with Christian I strongly suggest to the chairs and ADs work
on the specs and stop trying to tell vendors how to build or what to
provide in products we won't listen to your here simply because the
folks here do not do budgets and product decisions per se it is done
based on revenue not computer science.

Like Pekka awhile ago saying "just state no one can deploy IPv6 only
devices"  that is completely absurd no one is going to even listen to
such diatribe in the market.

also I have figured out a way to avoid nat in IM for 3GPP the question
for me is it even worth sharing that pearl here in the IETF or just take
it to 3GPP and TEMS vendors.  Hint is option I found in pdp context
packet.

/jim

> -----Original Message-----
> From: Christian Huitema [mailto:huitema@...] 
> Sent: Wednesday, July 30, 2003 1:19 PM
> To: Alain.Durand@...; Brian E Carpenter
> Cc: Erik Nordmark; v6ops@...
> Subject: RE: Defintion of Automatic tunnels
> 
> 
> > So I think it is still pertinent for the IETF to have an opinion on
> the
> > matter
> > and to recommend one approach versus the other, or maybe both if it
> can

(Continue reading)

Bound, Jim | 3 Aug 2003 18:41

Picon

RE: Defintion of Automatic tunnels

tunnel brokers and 6to4 are the most pervasive used tunnels in
deployment today across Asia, Europe, and now the U.S.  Done deal.
Tunnel broker is done deal too.  It will compete with Teredo as solution
too once proto 41 gets through cablemodem and dsl products and ISPs
provide it.  there are 100,000 users using freenet6 tunnels.

/jim

> -----Original Message-----
> From: Brian E Carpenter [mailto:brc@...] 
> Sent: Wednesday, July 30, 2003 9:38 AM
> To: Erik Nordmark
> Cc: Christian Huitema; v6ops@...
> Subject: Re: Defintion of Automatic tunnels
> 
> 
> Erik Nordmark wrote:
> > 
> > > This is an interesting discussion of the issues (well, it 
> was, but I 
> > > deleted it to save bits). But I'm not sure that the WG has to, or 
> > > should, make a choice. The network is already telling us 
> that both 
> > > tunnel brokers and 6to4 attract users. I guess the jury 
> is still out 
> > > on Teredo. But I don't think it's for us to make a philosophical 
> > > decision here. We will need to decide whether to adopt 
> Teredo, but 
> > > that should drop out of the scenario analysis as a pragmatic 
> > > decision.

(Continue reading)

Bound, Jim | 3 Aug 2003 18:39

Picon

RE: Defintion of Automatic tunnels

Erik,

The market will decide.  Also there is ISATAP and DSTM and being
deployed now.  I am working with networks that use them in Pilots now.
Market it not going to wait for IETF brainstorming anymore.  Vendors who
wait will loose opportunity to influence pilots that will define next
step production and be part of that revenue stream.  You need to add
DSTM and ISATAP to this fray not just Teredo.  

Also the options to tunnel on products will be done based on market
input to the product suppliers. Our job here is to define what options
we will work on in the IETF others will be worked on out of the IETF or
move to Experimental in the IETF.

/jim

> -----Original Message-----
> From: Erik Nordmark [mailto:Erik.Nordmark@...] 
> Sent: Wednesday, July 30, 2003 9:06 AM
> To: Brian E Carpenter
> Cc: Erik Nordmark; Christian Huitema; v6ops@...
> Subject: Re: Defintion of Automatic tunnels
> 
> 
> > This is an interesting discussion of the issues (well, it 
> was, but I 
> > deleted it to save bits). But I'm not sure that the WG has to, or 
> > should, make a choice. The network is already telling us that both 
> > tunnel brokers and 6to4 attract users. I guess the jury is 
> still out

(Continue reading)

Marcin Michalak | 3 Aug 2003 19:29

Picon

RE: Defintion of Automatic tunnels

On 3 Aug 2003 at 12:45, Bound, Jim wrote:

> 100% agree with Christian I strongly suggest to the chairs and ADs work
> on the specs and stop trying to tell vendors how to build or what to
> provide in products we won't listen to your here simply because the
> folks here do not do budgets and product decisions per se it is done
> based on revenue not computer science.
> 
> Like Pekka awhile ago saying "just state no one can deploy IPv6 only
> devices"  that is completely absurd no one is going to even listen to
> such diatribe in the market.
> 
> also I have figured out a way to avoid nat in IM for 3GPP the question
> for me is it even worth sharing that pearl here in the IETF or just take
> it to 3GPP and TEMS vendors.  Hint is option I found in pdp context
> packet.
> 
> /jim
Hello,
Whatever you decide, please let know the solution? I'd be interested 
in getting to know it, probably others as well.
 Enjoy the Sunday, or what's left of it,
  Marcin
----------------------------------------------------------
Marcin Michalak		Research Engineer
Mobile: +41 79 330 83 51	Telscom AG

JORDI PALET MARTINEZ | 3 Aug 2003 20:41

Picon

draft-palet-v6ops-proto41-nat-01.txt

Hi all,

The revision of the document indicated in the subject, has been published a few days ago, as indicated below.

I will be happy to get new comments from the WG.

Regards,
Jordi

A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title		: Forwarding Protocol 41 in NAT Boxes
	Author(s)	: J. Palet et al.
	Filename	: draft-palet-v6ops-proto41-nat-01.txt
	Pages		: 12
	Date		: 2003-7-31
	
Some NAT boxes/routers allow the establishment of IPv6 tunnels from 
systems in the private LAN (using private IPv4 addresses) to routers 
or tunnel servers in the public Internet. 
As far as we know this is not a common way of use IPv6 tunnels; the 
usual way is to finish the tunnel directly in a device with an IPv4 
public address. 
This behavior provides a big opportunity to rapidly deploy a huge 
number of IPv6 nodes and networks, without the need of new transition 
mechanism. This option is very important to facilitate the IPv6 
deployment. 
This document describes this behavior and provides hints that should 
be applied in the NAT boxes and tunnel brokers to facilitate it.

(Continue reading)

Randy Bush | 4 Aug 2003 22:37

RE: Defintion of Automatic tunnels

> tunnel brokers and 6to4 are the most pervasive used tunnels in
> deployment today across Asia, Europe, and now the U.S.

all 12 of them

Pekka Savola | 5 Aug 2003 15:09

Picon

Re: Automatic tunnels

On Fri, 1 Aug 2003 itojun@... wrote:
[...]
> 	we are afraid of our native-to-6to4 device being used as open relay
> 	of packet (bullet 3 in the above, of course).  the IPv4 source address
> 	will be ours, so we will get compliants from random people, because of
> 	malicious traffic from somewhere to 2002::/16.  running 6to4 relay
> 	router is like running open relay smtp server.

.. which is one reason why we force our 6to4 relay to use 192.88.99.1 as
the source address when it encapsulates packets in proto-41 

That way, "our" IPv4 address cannot be traced to be the source of the 
abuse.  It cuts both ways, of course .. and might be prone to even 
increase the amount of anonymous abuse later on..

--

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Group

gmane.ietf.v6ops.

Project Web Page

guidelines for the operation of a shared IPv4/IPv6 Internet

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 13

Articles in period: 124

August 2003

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

new draft: draft-ietf-v6ops-ula-usage-recommendations (18 May 2013)
I-D Action: draft-ietf-v6ops-64share-06.txt (17 May 2013)
Tracking of Operational IPv6 Issues (17 May 2013)
OSX 10.8 failures with Cisco Anyconnect VPN client (17 May 2013)
draft-ietf-v6ops-rfc3316bis WGLC (12 May 2013)
WGLC status (12 May 2013)
Comcast Launches IPv6 for Business Customers (8 May 2013)
Regarding draft-ietf-v6ops-64share WGLC (6 May 2013)
Fwd: New Version Notification for draft-ietf-v6ops-rfc3316bis-02.txt (6 May 2013)
I-D Action: draft-ietf-v6ops-mobile-device-profile-03.txt (30 Apr 2013)
draft-ietf-v6ops-64share WGLC (28 Apr 2013)
Biggest Fake Conference in Computer Science (27 Apr 2013)
464xlat (26 Apr 2013)
Review of draft-ietf-v6ops-mobile-device-profile-01 (19 Apr 2013)
combination of NAT64/DNS64 and NAT44 (17 Apr 2013)
draft-ietf-v6ops-64share (16 Apr 2013)
IT'S MOSTLY A SOLVED PROBLEM - Fw: Interest in DHCPv6 Route/DefRouter/ (14 Apr 2013)
questions regarding rfc6204bis (draft-liu-v6ops-ula-usage-analysis) (13 Apr 2013)
IPV6 Operational and Implementation guide? (11 Apr 2013)
draft-ietf-v6ops-64share-03 (5 Apr 2013)
I-D Action: draft-ietf-v6ops-64share-04.txt (6 Apr 2013)

Archives

32	May 2013
85	April 2013
762	March 2013
402	February 2013
161	January 2013
54	December 2012
166	November 2012
218	October 2012
342	September 2012
453	August 2012
231	July 2012
116	June 2012
433	May 2012
249	April 2012
368	March 2012
264	February 2012
137	January 2012
266	December 2011
569	November 2011
386	October 2011
96	September 2011
375	August 2011
500	July 2011
207	June 2011
444	May 2011
547	April 2011
312	March 2011
604	February 2011
279	January 2011
580	December 2010
327	November 2010
421	October 2010
208	September 2010
175	August 2010
80	July 2010
34	June 2010
9	May 2010
223	April 2010
278	March 2010
63	February 2010
135	January 2010
24	December 2009
44	November 2009
47	October 2009
41	September 2009
91	August 2009
163	July 2009
28	June 2009
55	May 2009
57	April 2009
216	March 2009
27	February 2009
27	January 2009
36	December 2008
114	November 2008
68	October 2008
58	September 2008
134	August 2008
489	July 2008
91	June 2008
61	May 2008
284	April 2008
130	March 2008
141	February 2008
186	January 2008
127	December 2007
128	November 2007
138	October 2007
79	September 2007
70	August 2007
237	July 2007
32	June 2007
76	May 2007
145	April 2007
163	March 2007
29	February 2007
27	January 2007
33	December 2006
43	November 2006
37	October 2006
20	September 2006
30	August 2006
123	July 2006
78	June 2006
83	May 2006
53	April 2006
80	March 2006
34	February 2006
48	January 2006
25	December 2005
51	November 2005
65	October 2005
42	September 2005
159	August 2005
48	July 2005
29	June 2005
45	May 2005
100	April 2005
74	March 2005
30	February 2005
68	January 2005
44	December 2004
308	November 2004
131	October 2004
108	September 2004
236	August 2004
172	July 2004
177	June 2004
187	May 2004
179	April 2004
283	March 2004
135	February 2004
40	January 2004
32	December 2003
409	November 2003
194	October 2003
167	September 2003
124	August 2003
237	July 2003
53	June 2003
91	May 2003
24	April 2003
199	March 2003
154	February 2003
128	January 2003
139	December 2002
288	November 2002
123	October 2002
480	September 2002
4	August 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template