Re: [v6tc] Re: Tunneling and Transition Drafts
Fred Baker <fred@cisco.com> Tue, 12 April 2005 20:56 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10357; Tue, 12 Apr 2005 16:56:52 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DLSay-0007Pr-BF; Tue, 12 Apr 2005 17:06:53 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DLS8G-0004J7-TW; Tue, 12 Apr 2005 16:37:12 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DLS8G-0004Ih-5M for v6tc@megatron.ietf.org; Tue, 12 Apr 2005 16:37:12 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08095 for <v6tc@ietf.org>; Tue, 12 Apr 2005 16:37:01 -0400 (EDT)
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DLSHm-0006Tj-2p for v6tc@ietf.org; Tue, 12 Apr 2005 16:47:02 -0400
Received: from sj-core-4.cisco.com (171.68.223.138) by sj-iport-5.cisco.com with ESMTP; 12 Apr 2005 13:36:54 -0700
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id j3CKap05017665; Tue, 12 Apr 2005 13:36:52 -0700 (PDT)
Received: from [210.72.28.195] (tky-vpn-client-230-23.cisco.com [10.70.230.23]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j3CKSJTN031231; Tue, 12 Apr 2005 13:28:20 -0700
In-Reply-To: <1113337503.25395.80.camel@firenze.zurich.ibm.com>
References: <BE78FA5D.F1CA3%jordi.palet@consulintel.es> <425395F8.50501@renater.fr> <Pine.LNX.4.61.0504061057570.11494@netcore.fi> <4253EBCF.8030800@renater.fr> <20050412143053.GQ22380@login.ecs.soton.ac.uk> <23ec6165fdb2ab7b2f3946e45caef796@cisco.com> <1113337503.25395.80.camel@firenze.zurich.ibm.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Message-Id: <0df7389c7b1b0e371b1693d86bda2fef@cisco.com>
From: Fred Baker <fred@cisco.com>
Subject: Re: [v6tc] Re: Tunneling and Transition Drafts
Date: Wed, 13 Apr 2005 04:36:45 +0800
To: Jeroen Massar <jeroen@unfix.org>
X-Pgp-Agent: GPGMail 1.0.2
X-Mailer: Apple Mail (2.619.2)
IIM-SIG: v:"1.1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1113337701.984318"; x:"432200"; a:"rsa-sha1"; b:"nofws:4464"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2p" "XIweAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRUtW+c43sl9jC" "50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"CFd3Nyp0+q2B+QH2UOJj8o46gHUE2bDekvdPI4NenUjKnjbeBtbghQQO56CQPuVbWGWJz1SJ" "+iOkrkWnoOmDWBfutiSf1ON5q+M1iGZuUW3DFweeon3HGcVBZEHE3DQgWSciTAJDmc/eXEm8tOS" "PJY4++QcPsNbgJrvdR0tkrZA="; c:"From: Fred Baker <fred@cisco.com>"; c:"Subject: Re: [v6tc] Re: Tunneling and Transition Drafts"; c:"Date: Wed, 13 Apr 2005 04:36:45 +0800"
IIM-VERIFY: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 67c1ea29f88502ef6a32ccec927970f0
Cc: "'v6ops@ops.ietf.org '" <v6ops@ops.ietf.org>, v6tc@ietf.org
X-BeenThere: v6tc@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: v6tc.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/v6tc>, <mailto:v6tc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/v6tc>
List-Post: <mailto:v6tc@ietf.org>
List-Help: <mailto:v6tc-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/v6tc>, <mailto:v6tc-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0828379836=="
Sender: v6tc-bounces@ietf.org
Errors-To: v6tc-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f49c97ce49302a02285a2d36a99eef8c
Realistically, I think all of the various tunneling technologies will in fact be used. The important question is the rendezvous problem. On Apr 13, 2005, at 4:25 AM, Jeroen Massar wrote: > On Wed, 2005-04-13 at 02:44 +0800, Fred Baker wrote: > >> I'm perfectly happy to standardize on existing types of tunnels - >> IPsec, GRE, IPv4/IPv6, IPv4/IPv4, IPv6/IPv4, IPv6/IPv6, L2TP, or >> whatever. If we don't solve the rendezvous problem (and btw >> communicate to the peer what kind of tunnel a given gateway is >> willing to support) we have not *touched* the transition problem. > > L2TP seems to cover the hole quite well. Except for the fact that > there is no discovery and the datastream of L2TPv2, as LTPv3 has some > magic stuff to fix it, can easily be spoofed, just like proto-41. > IPSec can solve this, but requires authentication and external setup > again. > > L2TP covers imho 90% of the cases. But... if you don't have a PPP > infra it will be (harder) to setup. And it doesn't allow for quick > mobility like in AYIYA or proto41+heartbeat. Thus when switching IP > addresses (walking to another floor with your wireless) the tunnel > needs to notice (L2TP StopCCN) that it is failing and renegotiate, > which takes a few secs, not more, but might give a different IP etc as > it will do RA's again or DHCPv6, which might take a bit longer and > most likely will break your SSH session if you like this. But we are > not standardizing Mobile IP here ;) > > It might be, according to some that L2TP+PPP is heavy code, including > definitions about 2k lines of code for a minimal implementation that > works. Overhead of a L2TP tunnel including PPP is minimal. At least it > won't be noticed much when you are streaming video's over your neato > G3's or whatever cellphone. > > Btw, anonymous tunnels in L2TP can be solved by not letting the server > request authentication and letting it reject auth attempts from the > client. Though I have not been able to verify how many servers support > this. > > TSP or a similar protocol is IMHO a must, because L2TP simply can't be > deployed everywhere and better, not everybody wants it: > Market::Decide() TSP is handy in all cases, it can also have a > template pointing to a L2TP server etc. Next to that there is a client > available for all platforms. > > As for the point made in the minutes that there is only one > implementation, AICCU will support TSP too as an option in the near > future. > >> And what I would like to see happen is for someone, somewhere - and >> note that I am very willing to do this in v6ops if people want and >> also willing to send it to v6tc or wherever else - to solve that >> rendezvous problem. As a result, I would like to see the various >> competing transition strategies all rendered OBE and get everyone to >> converge on a single transition approach. > > I've finally submitted my "_service" draft to the secretariat, it > should appear shortly in dnsop. I'll forward it to v6ops + v6tc when > it is there. > > In "short": > > Anycast prefix 1.2.3.0/24, on which on 1.2.3.53 there is a DNS server > listening. This is a (caching) recursive server which can be used for > looking up anything (www.google.com www.ietf.org etc). It is also > authoritive for the "_service." domain, in which we stick SRV records. > Usually _service is a DNAME to _service.example.net. Which fulfills > the searchpath, if the user does not have this special DNS server > configured, but does have it's ISP's domain in the searchpath, then > the resolver will come to _service.example.net because of the > searchpath. > > Thus, client gets turned on, it gets connectivity, it needs to lookup > something, resolver is default configured to 1.2.3.53, resolving thus > works. The prefix is anycasted by it's or another ISP, who can filter > on wish etc. If user needs a service, eg SMTP, it resolves the SMTP > SRV records, which can specify load balancing and other stuff. Same > for POP3, IMAP, or lookup eg help.www._service which returns a TXT > record to the URL of the servicedesk of the ISP you are using. > > For the v6ops/v6tc case a client can first try l2tp.ipv6._service if > that exists, use it, then try tsp.ipv6._service, if that exists, use > that one. Discovery solved in the most generic way. It does indeed > take a couple of resolves, but hey people want it automatically. As > for the ones screaming "but I don't want a default thing" then > configure the client you are using for doing this. > > Of course a similar prefix for IPv6 so that this also solves dns > configuration. Another good thing is that, assuming you have > connectivity you will always have the closest dns server, also ISP's > can then nicely block all the RFC1918 registrations in those, but that > is most likely just a good hope from me, most don't even filter... > > Greets, > Jeroen >
_______________________________________________ v6tc mailing list v6tc@ietf.org https://www1.ietf.org/mailman/listinfo/v6tc
- [v6tc] Re: Tunneling and Transition Drafts (fwd) Pekka Savola
- Re: l2tp support on OS's Re: [v6tc] Re: Tunneling… JORDI PALET MARTINEZ
- [v6tc] Re: Tunneling and Transition Drafts JORDI PALET MARTINEZ
- [v6tc] Re: Tunneling and Transition Drafts Fred Baker
- Re: [v6tc] Re: Tunneling and Transition Drafts Jerome Durand
- Re: [v6tc] Re: Tunneling and Transition Drafts Pekka Savola
- Re: [v6tc] Re: Tunneling and Transition Drafts Soininen Jonne (Nokia-NET/Helsinki)
- Re: [v6tc] Re: Tunneling and Transition Drafts Jerome Durand
- RE: [v6tc] Re: Tunneling and Transition Drafts Bound, Jim
- RE: [v6tc] Re: Tunneling and Transition Drafts Bound, Jim
- Re: [v6tc] Re: Tunneling and Transition Drafts Thomas Narten
- Re: Fwd: [v6tc] Re: Tunneling and Transition Draf… Thomas Narten
- Re: [v6tc] Re: Tunneling and Transition Drafts JORDI PALET MARTINEZ
- Fwd: [v6tc] Re: Tunneling and Transition Drafts Fred Baker
- Re: [v6tc] Re: Tunneling and Transition Drafts Fred Baker
- RE: [v6tc] Re: Tunneling and Transition Drafts Soohong Daniel Park
- Re: [v6tc] Re: Tunneling and Transition Drafts Radhakrishnan Suryanarayanan
- Re: [v6tc] Re: Tunneling and Transition Drafts Jerome Durand
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts Pekka Savola
- Re: [v6tc] Re: Tunneling and Transition Drafts JORDI PALET MARTINEZ
- Re: [v6tc] Re: Tunneling and Transition Drafts Thomas Narten
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts JORDI PALET MARTINEZ
- Re: [v6tc] Re: Tunneling and Transition Drafts Pekka Savola
- Re: [v6tc] Re: Tunneling and Transition Drafts JORDI PALET MARTINEZ
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts Vladimir Kotal
- Re: [v6tc] Re: Tunneling and Transition Drafts Jerome Durand
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts JORDI PALET MARTINEZ
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts JORDI PALET MARTINEZ
- Re: [v6tc] Re: Tunneling and Transition Drafts W. Mark Townsley
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts W. Mark Townsley
- Re: [v6tc] Re: Tunneling and Transition Drafts Francis Dupont
- Re: [v6tc] Re: Tunneling and Transition Drafts Francis Dupont
- Re: [v6tc] Re: Tunneling and Transition Drafts Francis Dupont
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- [v6tc] Let the market decide or not: L2TP and/or … Alain Durand
- Re: [v6tc] Re: Tunneling and Transition Drafts W. Mark Townsley
- Re: [v6tc] Let the market decide or not: L2TP and… JORDI PALET MARTINEZ
- Re: [v6tc] Re: Tunneling and Transition Drafts JORDI PALET MARTINEZ
- Re: [v6tc] Let the market decide or not: L2TP and… W. Mark Townsley
- l2tp support on OS's Re: [v6tc] Re: Tunneling and… Jeroen Massar
- Re: [v6tc] Let the market decide or not: L2TP and… Alain Durand
- Re: [v6tc] Let the market decide or not: L2TP and… Pekka Savola
- Re: [v6tc] Let the market decide or not: L2TP and… Francis Dupont
- Re: l2tp support on OS's Re: [v6tc] Re: Tunneling… JORDI PALET MARTINEZ
- Re: l2tp support on OS's Re: [v6tc] Re: Tunneling… Jeroen Massar
- Re: l2tp support on OS's Re: [v6tc] Re: Tunneling… W. Mark Townsley
- Re: l2tp support on OS's Re: [v6tc] Re: Tunneling… Francis Dupont
- Re: [v6tc] Let the market decide or not: L2TP and… Jerome Durand
- Re: [v6tc] Let the market decide or not: L2TP and… Jerome Durand
- Re: [v6tc] Re: Tunneling and Transition Drafts Tim Chown
- Re: [v6tc] Let the market decide or not: L2TP and… Pekka Savola
- Re: [v6tc] Re: Tunneling and Transition Drafts Fred Baker
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts Fred Baker
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts Jeroen Massar
- Re: [v6tc] Re: Tunneling and Transition Drafts Tim Chown
- Re: [v6tc] Re: Tunneling and Transition Drafts Fred Baker
- Re: [v6tc] Re: Tunneling and Transition Drafts Ronald.vanderPol
- Re: [v6tc] Re: Tunneling and Transition Drafts Ronald.vanderPol