IETF Logo Mail Archive

RE: But are we talking IPv6 only? That's how I read the draft. (Re:Somesuggestions for draft-ietf-v6ops-cpe-simple-security-03)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 29 August 2008 16:46 UTC

Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 35D573A68BC for <ietfarch-v6ops-archive@core3.amsl.com>; Fri, 29 Aug 2008 09:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.067
X-Spam-Level:
X-Spam-Status: No, score=-3.067 tagged_above=-999 required=5 tests=[AWL=1.128, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lE4ZOxwriLIS for <ietfarch-v6ops-archive@core3.amsl.com>; Fri, 29 Aug 2008 09:46:31 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E621A3A68A8 for <v6ops-archive@lists.ietf.org>; Fri, 29 Aug 2008 09:46:30 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1KZ6zD-0006QH-Ky for v6ops-data@psg.com; Fri, 29 Aug 2008 16:38:11 +0000
Received: from [130.76.64.48] (helo=slb-smtpout-01.boeing.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Fred.L.Templin@boeing.com>) id 1KZ6z9-0006Pa-RS for v6ops@ops.ietf.org; Fri, 29 Aug 2008 16:38:09 +0000
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id m7TGc4Xc021773 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 29 Aug 2008 09:38:04 -0700 (PDT)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id m7TGc3SI014767; Fri, 29 Aug 2008 11:38:03 -0500 (CDT)
Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by stl-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id m7TGbqhU014515; Fri, 29 Aug 2008 11:38:03 -0500 (CDT)
Received: from XCH-NW-7V2.nw.nos.boeing.com ([130.247.54.35]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 29 Aug 2008 09:37:58 -0700
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: But are we talking IPv6 only? That's how I read the draft. (Re:Somesuggestions for draft-ietf-v6ops-cpe-simple-security-03)
Date: Fri, 29 Aug 2008 09:37:57 -0700
Message-ID: <39C363776A4E8C4A94691D2BD9D1C9A104E939E7@XCH-NW-7V2.nw.nos.boeing.com>
In-Reply-To: <48B81B80.9070705@free.fr>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: But are we talking IPv6 only? That's how I read the draft. (Re:Somesuggestions for draft-ietf-v6ops-cpe-simple-security-03)
Thread-Index: AckJ75NAUK4SZE5hSgaCW9P/bwavTgAAhAig
References: <20080824204553.08131c65.ipng@69706e6720323030352d30312d31340a.nosense.org> <01cd01c90672$a57c8790$c2f0200a@cisco.com> <48B31DA3.6080001@gmail.com> <07d201c906f7$50a85e30$c2f0200a@cisco.com> <48B32B43.5010103@gmail.com> <084c01c906fe$f9bf1840$c2f0200a@cisco.com> <48B33430.40704@gmail.com> <A31EB889-2BD9-4283-A408-AB6DCC1D568A@suspicious.org> <08be01c90712$d876cd40$c2f0200a@cisco.com> <20080827194713.23271bd1.ipng@69706e6720323030352d30312d31340a.nosense.org> <CD947C45-58F7-47F1-807F-A276490B1E39@apple.com> <0e6001c908a2$b8fcf700$c2f0200a@cisco.com> <F0E4B018-AA5E-4344-A40B-3F6D974B7EA1@apple.com> <001b01c908ac$2b7d5140$c2f0200a@cisco.com> <39C363776A4E8C4A94691D2BD9D1C9A104E93359@XCH-NW-7V2.nw.nos.boeing.com> <05ad01c90922$854aa710$c2f0200a@cisco.com> <FD70B36F-FCD4-4BC4-9368-C0BEE1B162F0@apple.com> <39C363776A4E8C4A94691D2BD9D1C9A104E93603@XCH-NW-7V2.nw.nos.boein! !g.com> < 48B7E397.6050502@free.fr> <39C363776A4E8C4A94691D2BD9D1C9A104E938FA@XCH-NW-7V2.nw.nos.boe! !ing.com> <48B81B80.9070705@free.fr>
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Rémi Després <remi.despres@free.fr>
Cc: james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
X-OriginalArrivalTime: 29 Aug 2008 16:37:58.0397 (UTC) FILETIME=[9852CAD0:01C909F5]
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>

 

>-----Original Message-----
>From: Rémi Després [mailto:remi.despres@free.fr] 
>Sent: Friday, August 29, 2008 8:54 AM
>To: Templin, Fred L
>Cc: james woodyatt; IPv6 Operations
>Subject: Re: But are we talking IPv6 only? That's how I read 
>the draft. (Re:Somesuggestions for 
>draft-ietf-v6ops-cpe-simple-security-03)
>
>Templin, Fred L   (m/j/a) 8/29/08 5:03 PM:
>
>>> - ISATAP is a tool that assigns full /128 addresses to IPv6 
>hosts of 
>>> IPv4-only sites.
>>> - If my understanding of the subject is right, it is 
>therefore not a 
>>> tool to assign an IPv6 prefix to a router CPE behind which 
>>> several hosts 
>>> have teir individual IPv6 addresses. (A prefix shorter than 
>/128 would 
>>> be necesssary, typically /48 to /64).
>> 
>> Sorry, but that is too limited a view. ISATAP routers can
>> indeed be assigned prefixes via DHCPv6 IPv6 prefix delegation
>> (or manual config) and can function as IPv6 routers for
>> more-specific prefixes than just ::/0.
>> 
>> In other words, there are "traditional" ISATAP routers that
>> service default routes for forwarding to end systems outside
>> of the site and ISATAP routers that service more-specific
>> routes for forwarding to end systems within the site; even
>> if the end systems are deeply nested in "sites-within-sites".
>> 
>
>Quite interesting.
>
>Is there a document where "non traditional" ISATAP you are refering to
>is described?

"Traditional vs. non-traditional" is perhaps not such a great
terminology; better might be "explicitly-stated vs. implicitly-
permitted". But yes, there is a document that expands on what
is implicitly permitted by RFC5214.  

>It should be related to what I am currently working on, namely 
>a generic
>architecture for global address tunneling.
>- Its scope is IPv4 or IPv6 global addresses, via IPv6 or IPv4 
>realms in 
>which addressing may be global or local.
>- It will include 6to4, "traditional" ISATAP, 6rd,  and several new
>useful configurations.

ISATAP permits tying together disjoint private IPv4
addressing realms at the IPv6 level, where each disjoint
addressing realm can be thought of as a separate site. It
also allows for recursively-nested disjoint private IPv4
addressing realms tied together in an IPv6 prefix delegation
hierarchy.

So, each site has a disjoint IPv4 routing realm and IPv6
routing is used as an overlay that ties the sites together
when IPv6-in-IPv4 encapsulation via ISATAP tunneling is used.
An outward appearance of this from an IPv4 perspective may
be as recursively-nested NATs-within-NATs, so access to
global IPv4 services for nodes that are within deeply-nested
sites may be through multiple levels of NATs. If you find
that distasteful, you can always use something like dual
stack lite and have IPv4-in-IPv6-in-IPv4 - it may seem odd,
but I think you will find it works...

Fred
fred.l.templin@boeing.com 
   

>
>The plan is to have a draft for IETF 73.
>
>
>
>Rémi
>
>
>

v2.23.0 | Report a Bug | By Email