On Mon, Jun 27, 2005 at 03:27:41PM -0400, Michael Richardson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > >>>>> "Marc" == Marc Singer <[EMAIL PROTECTED]> writes: > Marc> How does listening to BGP help you? If you have to push data > through > Marc> the tunnel, doesn't HE have to perform the routing for you? > > >> BGP tells me what data should go through the tunnel to HE. > >> That also means that you won't send data to HE that they can't deliver. > >> > >> I also have tunnels to some other sites (that I manage), which also do > >> IPv6, and also have tunnels to HE, so I let BGP pick the right route. > > Marc> Let me understand this correctly: this strategy works *because* you > Marc> use 6to4 addresses on your workstations. I suppose it would also > work > Marc> if you used the /64 address block allocated by HE (or some other > Marc> delegated tunnel broker network), but that would mean packets would > Marc> return through the tunnel instead of through the IPv4 network. > > Yes, that's right. > If you can't get native IPv6, 6to4 is better than tunnels.
According to my ISP, the stall for IPv6 in the US is ARIN. They are asking something like US$20G for an allocation--per year. The ISP owner tells me that there just isn't sufficient demand for this to make financial sense. Most (all?) other countries have their own allocation policies which are not as onerous. BTW, it works fine. Much thanks. It looks like this method should work OK without source address selection as long as I code some ip6tables rules to make it all safe. Cheers. > > - -- > ] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls > [ > ] mcr @ xelerance.com Now doing IPsec training, see |net > architect[ > ] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device > driver[ > ] I'm a dad: http://www.sandelman.ca/lrmr/ > [ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (GNU/Linux) > Comment: Finger me for keys > > iQCVAwUBQsBTLIqHRg3pndX9AQGyAQP+NqCX8nOOJFtROBOXyFcXRv9X88EQ9Xqp > bdxAN+wGZ+eq2zJFczGr6JAc4aRZhk/k2vwqj2rYQKZXuwD0xZ8nnxIVP8aOlu8X > xTPQ3yXYAHIxfmR4a0AJ0XabmdpB6SJF/eRzmzkdszZNNBcAJz89WotdRPgCLRs2 > 4xt6xTYLMeU= > =PWoI > -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
