ietf
[Top] [All Lists]

RE: [BEHAVE] Lack of need for 66nat : Long term impactto applicationdevelopers

2008-12-02 10:23:11
Christian Huitema wrote:
I'm not sure I believe in the need for topology hiding.  But if I
did,
on v6 I'd just allocate a separate subnet or group of subnets for
external access.  If really necessary, have such hosts set up IP over
IP or L2TP tunnels to a concentrator; that will make this external
access net look flat.

That idea has been advanced quite a few times, but there is not a whole
lot of code written or products deployed. There are a few interesting
issues, e.g. the cost of tunneling versus in terms of overhead or
management, or the deployment of adequate source address selection
policies.

This approach is discussed in 4864 using mIPv6 as the automated tunneling
mechanism to the home agent at the network border. The entire point of
topology hiding is to make all end systems look like they exist at the
network border, and a mIPv6 home agent makes all associated end systems look
like they are hosted from it, and as long as route optimization is blocked
at the firewall the remote system will never see that tunneling is happening
within the corporate network. There is shipping code for home agents and
some for mIPv6 clients. If we could just get a major vendor to ship their
implementation.....


Actually, rather than tunneling, have we seriously consider flat host
based routing in a corporate network? A combination of DHT and caching
technologies ought to make that quite scalable.

4864 does suggest host routes as an alternative, but the 66nat fanatics
refuse to read that section.


Tony






_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf