IETF Logo Mail Archive

Re: [v6tc] Re: Tunneling and Transition Drafts

Fred Baker <fred@cisco.com> Tue, 12 April 2005 20:56 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10357; Tue, 12 Apr 2005 16:56:52 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DLSay-0007Pr-BF; Tue, 12 Apr 2005 17:06:53 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DLS8G-0004J7-TW; Tue, 12 Apr 2005 16:37:12 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DLS8G-0004Ih-5M for v6tc@megatron.ietf.org; Tue, 12 Apr 2005 16:37:12 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08095 for <v6tc@ietf.org>; Tue, 12 Apr 2005 16:37:01 -0400 (EDT)
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DLSHm-0006Tj-2p for v6tc@ietf.org; Tue, 12 Apr 2005 16:47:02 -0400
Received: from sj-core-4.cisco.com (171.68.223.138) by sj-iport-5.cisco.com with ESMTP; 12 Apr 2005 13:36:54 -0700
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id j3CKap05017665; Tue, 12 Apr 2005 13:36:52 -0700 (PDT)
Received: from [210.72.28.195] (tky-vpn-client-230-23.cisco.com [10.70.230.23]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j3CKSJTN031231; Tue, 12 Apr 2005 13:28:20 -0700
In-Reply-To: <1113337503.25395.80.camel@firenze.zurich.ibm.com>
References: <BE78FA5D.F1CA3%jordi.palet@consulintel.es> <425395F8.50501@renater.fr> <Pine.LNX.4.61.0504061057570.11494@netcore.fi> <4253EBCF.8030800@renater.fr> <20050412143053.GQ22380@login.ecs.soton.ac.uk> <23ec6165fdb2ab7b2f3946e45caef796@cisco.com> <1113337503.25395.80.camel@firenze.zurich.ibm.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Message-Id: <0df7389c7b1b0e371b1693d86bda2fef@cisco.com>
From: Fred Baker <fred@cisco.com>
Subject: Re: [v6tc] Re: Tunneling and Transition Drafts
Date: Wed, 13 Apr 2005 04:36:45 +0800
To: Jeroen Massar <jeroen@unfix.org>
X-Pgp-Agent: GPGMail 1.0.2
X-Mailer: Apple Mail (2.619.2)
IIM-SIG: v:"1.1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1113337701.984318"; x:"432200"; a:"rsa-sha1"; b:"nofws:4464"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2p" "XIweAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRUtW+c43sl9jC" "50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"CFd3Nyp0+q2B+QH2UOJj8o46gHUE2bDekvdPI4NenUjKnjbeBtbghQQO56CQPuVbWGWJz1SJ" "+iOkrkWnoOmDWBfutiSf1ON5q+M1iGZuUW3DFweeon3HGcVBZEHE3DQgWSciTAJDmc/eXEm8tOS" "PJY4++QcPsNbgJrvdR0tkrZA="; c:"From: Fred Baker <fred@cisco.com>"; c:"Subject: Re: [v6tc] Re: Tunneling and Transition Drafts"; c:"Date: Wed, 13 Apr 2005 04:36:45 +0800"
IIM-VERIFY: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 67c1ea29f88502ef6a32ccec927970f0
Cc: "'v6ops@ops.ietf.org '" <v6ops@ops.ietf.org>, v6tc@ietf.org
X-BeenThere: v6tc@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: v6tc.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/v6tc>, <mailto:v6tc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/v6tc>
List-Post: <mailto:v6tc@ietf.org>
List-Help: <mailto:v6tc-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/v6tc>, <mailto:v6tc-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0828379836=="
Sender: v6tc-bounces@ietf.org
Errors-To: v6tc-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f49c97ce49302a02285a2d36a99eef8c

Realistically, I think all of the various tunneling technologies will 
in fact be used. The important question is the rendezvous problem.

On Apr 13, 2005, at 4:25 AM, Jeroen Massar wrote:

> On Wed, 2005-04-13 at 02:44 +0800, Fred Baker wrote:
>
>> I'm perfectly happy to standardize on existing types of tunnels - 
>> IPsec, GRE, IPv4/IPv6, IPv4/IPv4, IPv6/IPv4, IPv6/IPv6, L2TP, or 
>> whatever. If we don't solve the rendezvous problem (and btw 
>> communicate to the peer what kind of tunnel a given gateway is 
>> willing to support) we have not *touched* the transition problem.
>
> L2TP seems to cover the hole quite well. Except for the fact that 
> there is no discovery and the datastream of L2TPv2, as LTPv3 has some 
> magic stuff to fix it, can easily be spoofed, just like proto-41. 
> IPSec can solve this, but requires authentication and external setup 
> again.
>
> L2TP covers imho 90% of the cases. But... if you don't have a PPP 
> infra it will be (harder) to setup. And it doesn't allow for quick 
> mobility like in AYIYA or proto41+heartbeat. Thus when switching IP 
> addresses (walking to another floor with your wireless) the tunnel 
> needs to notice (L2TP StopCCN) that it is failing and renegotiate, 
> which takes a few secs, not more, but might give a different IP etc as 
> it will do RA's again or DHCPv6, which might take a bit longer and 
> most likely will break your SSH session if you like this. But we are 
> not standardizing Mobile IP here ;)
>
> It might be, according to some that L2TP+PPP is heavy code, including 
> definitions about 2k lines of code for a minimal implementation that 
> works. Overhead of a L2TP tunnel including PPP is minimal. At least it 
> won't be noticed much when you are streaming video's over your neato 
> G3's or whatever cellphone.
>
> Btw, anonymous tunnels in L2TP can be solved by not letting the server 
> request authentication and letting it reject auth attempts from the 
> client. Though I have not been able to verify how many servers support 
> this.
>
> TSP or a similar protocol is IMHO a must, because L2TP simply can't be 
> deployed everywhere and better, not everybody wants it: 
> Market::Decide() TSP is handy in all cases, it can also have a 
> template pointing to a L2TP server etc. Next to that there is a client 
> available for all platforms.
>
> As for the point made in the minutes that there is only one 
> implementation, AICCU will support TSP too as an option in the near 
> future.
>
>> And what I would like to see happen is for someone, somewhere - and 
>> note that I am very willing to do this in v6ops if people want and 
>> also willing to send it to v6tc or wherever else - to solve that 
>> rendezvous problem. As a result, I would like to see the various 
>> competing transition strategies all rendered OBE and get everyone to 
>> converge on a single transition approach.
>
> I've finally submitted my "_service" draft to the secretariat, it 
> should appear shortly in dnsop. I'll forward it to v6ops + v6tc when 
> it is there.
>
> In "short":
>
> Anycast prefix 1.2.3.0/24, on which on 1.2.3.53 there is a DNS server 
> listening. This is a (caching) recursive server which can be used for 
> looking up anything (www.google.com www.ietf.org etc). It is also 
> authoritive for the "_service." domain, in which we stick SRV records. 
> Usually _service is a DNAME to _service.example.net. Which fulfills 
> the searchpath, if the user does not have this special DNS server 
> configured, but does have it's ISP's domain in the searchpath, then 
> the resolver will come to _service.example.net because of the 
> searchpath.
>
> Thus, client gets turned on, it gets connectivity, it needs to lookup 
> something, resolver is default configured to 1.2.3.53, resolving thus 
> works. The prefix is anycasted by it's or another ISP, who can filter 
> on wish etc. If user needs a service, eg SMTP, it resolves the SMTP 
> SRV records, which can specify load balancing and other stuff. Same 
> for POP3, IMAP, or lookup eg help.www._service which returns a TXT 
> record to the URL of the servicedesk of the ISP you are using.
>
> For the v6ops/v6tc case a client can first try l2tp.ipv6._service if 
> that exists, use it, then try tsp.ipv6._service, if that exists, use 
> that one. Discovery solved in the most generic way. It does indeed 
> take a couple of resolves, but hey people want it automatically. As 
> for the ones screaming "but I don't want a default thing" then 
> configure the client you are using for doing this.
>
> Of course a similar prefix for IPv6 so that this also solves dns 
> configuration. Another good thing is that, assuming you have 
> connectivity you will always have the closest dns server, also ISP's 
> can then nicely block all the RFC1918 registrations in those, but that 
> is most likely just a good hope from me, most don't even filter...
>
> Greets,
>  Jeroen
>

_______________________________________________
v6tc mailing list
v6tc@ietf.org
https://www1.ietf.org/mailman/listinfo/v6tc

v2.23.0 | Report a Bug | By Email