[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 anycast IP as source address / PTR record

To: Antonio Querubin <tony@lava.net>
Subject: Re: 6to4 anycast IP as source address / PTR record
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Fri, 01 Feb 2008 10:49:08 +1300
Cc: Kevin Loch <kloch@kl.net>, v6ops <v6ops@ops.ietf.org>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=F7IBb+lhB8Cmgm3wr2K+poGp04UEuTp1yFvp8radUW4kVWAssKXvAz4EiTNLL+vh0sOcYlqhLtXbE5T1O/TPPF194eGpL+Nv5ojV7uZCNLnR1NsK7p8N5bop6DxxRemZ3x3pWtaKF7OR3sKHTBJcdL4j9EY6bg35QoXX5bgLdlA=
In-reply-to: <Pine.BSI.4.64.0801301944450.20995@malasada.lava.net>
Organization: University of Auckland
References: <9F195FE7-E47F-4CC3-B93E-5FA4AAF1088A@dragondata.com> <47A14CD6.2040802@kl.net> <Pine.BSI.4.64.0801301944450.20995@malasada.lava.net>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

On 2008-01-31 19:34, Antonio Querubin wrote:
> On Wed, 30 Jan 2008, Kevin Loch wrote:
> 
>> Kevin Day wrote:
>>>
>>> Quick poll:
>>>
>>> When a 6to4 relay encapsulates v6 traffic and sends it to a 6to4 host
>>> over v4, should the source address be 192.88.99.1 or the relay's v4
>>> unicast address?
>>
>> Stateful firewalls would prefer that the return traffic come from
>> 192.88.99.1 (assuming they properly handle proto 41 traffic).
> 
> The scenario is 6to4 to 6to4.  

I thought that was exactly the scenario Kevin was *not*
asking about. In that case it's obvious that each 6to4 box
will use its own IPv4 address as source (which is why it's
not mentioned in RFC 3056 - because it's obvious).

   Brian

> Both ends would ideally be encapsulating
> traffic directly to the other's IPv4 address.  Relay via 192.88.99.1
> need not be involved.  In that situation you'd probably want the 6to4
> host to use it's own IPv4 address as the source if it has to deal with a
> firewall.
> 
> 192.88.99.1 is really required when traffic is between a 6to4 host and a
> native IPv6 host as there's really no other way to reach the latter. 
> The latter will punt to it's default gateway and the packets will
> eventually egress from a 6to4 border relay on it's way to the 6to4 host.
> 
> So the 'ideal' behaviour of the encapsulator (to deal with firewalls)
> really depends on whether the source address of the IPv6 packet is
> native or a 6to4 address.  A 6to4 host talking to 6to4 can still encap
> to a relay if it wanted to but 1) it's not as efficient, and 2) probably
> more likely to run afoul of firewalls.
> 
> 
> Antonio Querubin
> whois:  AQ7-ARIN
> 
>

Follow-Ups:
- Re: 6to4 anycast IP as source address / PTR record
  - From: Antonio Querubin <tony@lava.net>

References:
- 6to4 anycast IP as source address / PTR record
  - From: Kevin Day <toasty@dragondata.com>
- Re: 6to4 anycast IP as source address / PTR record
  - From: Kevin Loch <kloch@kl.net>
- Re: 6to4 anycast IP as source address / PTR record
  - From: Antonio Querubin <tony@lava.net>

Prev by Date: Re: 6PE-Alt
Next by Date: Re: 6to4 anycast IP as source address / PTR record
Previous by thread: Re: 6to4 anycast IP as source address / PTR record
Next by thread: Re: 6to4 anycast IP as source address / PTR record
Index(es):
- Date
- Thread