[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: But are we talking IPv6 only? That's how I read the draft. (Re:Somesuggestions for draft-ietf-v6ops-cpe-simple-security-03)

To: Rémi Després <remi.despres@free.fr>
Subject: RE: But are we talking IPv6 only? That's how I read the draft. (Re:Somesuggestions for draft-ietf-v6ops-cpe-simple-security-03)
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Date: Fri, 29 Aug 2008 09:37:57 -0700
Cc: "james woodyatt" <jhw@apple.com>, "IPv6 Operations" <v6ops@ops.ietf.org>
In-reply-to: <48B81B80.9070705@free.fr>
References: <20080824204553.08131c65.ipng@69706e6720323030352d30312d31340a.nosense.org> <01cd01c90672$a57c8790$c2f0200a@cisco.com> <48B31DA3.6080001@gmail.com> <07d201c906f7$50a85e30$c2f0200a@cisco.com> <48B32B43.5010103@gmail.com> <084c01c906fe$f9bf1840$c2f0200a@cisco.com> <48B33430.40704@gmail.com> <A31EB889-2BD9-4283-A408-AB6DCC1D568A@suspicious.org> <08be01c90712$d876cd40$c2f0200a@cisco.com> <20080827194713.23271bd1.ipng@69706e6720323030352d30312d31340a.nosense.org> <CD947C45-58F7-47F1-807F-A276490B1E39@apple.com> <0e6001c908a2$b8fcf700$c2f0200a@cisco.com> <F0E4B018-AA5E-4344-A40B-3F6D974B7EA1@apple.com> <001b01c908ac$2b7d5140$c2f0200a@cisco.com> <39C363776A4E8C4A94691D2BD9D1C9A104E93359@XCH-NW-7V2.nw.nos.boeing.com> <05ad01c90922$854aa710$c2f0200a@cisco.com> <FD70B36F-FCD4-4BC4-9368-C0BEE1B162F0@apple.com> <39C363776A4E8C4A94691D2BD9D1C9A104E93603@XCH-NW-7V2.nw.nos.boein! !g.com> < 48B7E397.6050502@free.fr> <39C363776A4E8C4A94691D2BD9D1C9A104E938FA@XCH-NW-7V2.nw.nos.boe! !ing.com> <48B81B80.9070705@free.fr>

 

>-----Original Message-----
>From: Rémi Després [mailto:remi.despres@free.fr] 
>Sent: Friday, August 29, 2008 8:54 AM
>To: Templin, Fred L
>Cc: james woodyatt; IPv6 Operations
>Subject: Re: But are we talking IPv6 only? That's how I read 
>the draft. (Re:Somesuggestions for 
>draft-ietf-v6ops-cpe-simple-security-03)
>
>Templin, Fred L   (m/j/a) 8/29/08 5:03 PM:
>
>>> - ISATAP is a tool that assigns full /128 addresses to IPv6 
>hosts of 
>>> IPv4-only sites.
>>> - If my understanding of the subject is right, it is 
>therefore not a 
>>> tool to assign an IPv6 prefix to a router CPE behind which 
>>> several hosts 
>>> have teir individual IPv6 addresses. (A prefix shorter than 
>/128 would 
>>> be necesssary, typically /48 to /64).
>> 
>> Sorry, but that is too limited a view. ISATAP routers can
>> indeed be assigned prefixes via DHCPv6 IPv6 prefix delegation
>> (or manual config) and can function as IPv6 routers for
>> more-specific prefixes than just ::/0.
>> 
>> In other words, there are "traditional" ISATAP routers that
>> service default routes for forwarding to end systems outside
>> of the site and ISATAP routers that service more-specific
>> routes for forwarding to end systems within the site; even
>> if the end systems are deeply nested in "sites-within-sites".
>> 
>
>Quite interesting.
>
>Is there a document where "non traditional" ISATAP you are refering to
>is described?

"Traditional vs. non-traditional" is perhaps not such a great
terminology; better might be "explicitly-stated vs. implicitly-
permitted". But yes, there is a document that expands on what
is implicitly permitted by RFC5214.  

>It should be related to what I am currently working on, namely 
>a generic
>architecture for global address tunneling.
>- Its scope is IPv4 or IPv6 global addresses, via IPv6 or IPv4 
>realms in 
>which addressing may be global or local.
>- It will include 6to4, "traditional" ISATAP, 6rd,  and several new
>useful configurations.

ISATAP permits tying together disjoint private IPv4
addressing realms at the IPv6 level, where each disjoint
addressing realm can be thought of as a separate site. It
also allows for recursively-nested disjoint private IPv4
addressing realms tied together in an IPv6 prefix delegation
hierarchy.

So, each site has a disjoint IPv4 routing realm and IPv6
routing is used as an overlay that ties the sites together
when IPv6-in-IPv4 encapsulation via ISATAP tunneling is used.
An outward appearance of this from an IPv4 perspective may
be as recursively-nested NATs-within-NATs, so access to
global IPv4 services for nodes that are within deeply-nested
sites may be through multiple levels of NATs. If you find
that distasteful, you can always use something like dual
stack lite and have IPv4-in-IPv6-in-IPv4 - it may seem odd,
but I think you will find it works...

Fred
fred.l.templin@boeing.com 
   

>
>The plan is to have a draft for IETF 73.
>
>
>
>Rémi
>
>
>

References:
- Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: Truman Boyes <truman@suspicious.org>
- RE: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03
  - From: "Dan Wing" <dwing@cisco.com>
- But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: james woodyatt <jhw@apple.com>
- RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: "Dan Wing" <dwing@cisco.com>
- Re: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: james woodyatt <jhw@apple.com>
- RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: "Dan Wing" <dwing@cisco.com>
- RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: "Dan Wing" <dwing@cisco.com>
- Re: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: james woodyatt <jhw@apple.com>
- Re: But are we talking IPv6 only? That's how I read the draft. (Re:Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
  - From: Rémi Després <remi.despres@free.fr>

Prev by Date: Re: But are we talking IPv6 only? That's how I read the draft. (Re:Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Next by Date: RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Previous by thread: Re: But are we talking IPv6 only? That's how I read the draft. (Re:Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Next by thread: RE: But are we talking IPv6 only? That's how I read the draft. (Re: Some suggestions for draft-ietf-v6ops-cpe-simple-security-03)
Index(es):
- Date
- Thread