Pekka Savola wrote:
>
> On Wed, 12 Dec 2001, Brian E Carpenter wrote:
> > > The sentence refers to:
> > >
> > > whether the encapsulating IPv4 address is consistent with the encapsulated
> > > 2002:: address.
> > >
> > > 1) You cannot receive IPv6 packets from *relay* which have 2002::/16
> > > prefix. If you do, someone is using 6to4 improperly. We agree on this.
> >
> > Actually, the relay (according to RFC 3056) is a 6to4 router that also has a
> > native IPv6 interface. It certainly can source 2002: packets from its own
> > site, as well as native source addresses from the native interface.
> > You can apply the consistency check, but not to relayed packets with
> > a native source address.
>
> I meant relay as a box that has relay functinality. Local packets are of
> course fine, and the consistancy check applies there so that is no
> problem.
>
> But the sentence IMO basically says:
>
> "there are packets [referring to 2002 prefix] coming from relay which
> must not be checked".
Oh, I see your problem now. But the [...] is not implied by the text
as I read it. However, since I wrote it too, maybe other people see
that implication, which wasn't intended.
Brian
>
> By referring to 2002, the consistancy check might not be performed for
> _2002_ addresses (which it should not receive except for the local ones
> where the check would apply), thus relays becoming a source for
> inconsistant 2002 packets.
>
> > > 2) How do you check that 3ffe:ffff::1 is consistant with an IPv4 address?
> > >
> > > You cannot check *consistancy* unless the addresses are of form
> > > 2002:<anything at all> and <IPv4 anything at all>. Only 2002 and IPv4 can
> > > be compared.
> >
> > Yes. 3056 says nothing different. I see no error in the 3056 text.
>
> Ok, I guess this is one of those way of thinking issues; whether the
> 'consistancy check' is basically:
>
> 1)
>
> consistancy_check(ipv6, ipv4) {
> if (bits 16-47 of ipv6 equal ipv4)
> return true
> else
> return false
> }
>
> or:
>
> 2)
>
> consistancy_check(ipv6, ipv4) {
> if prefix of ipv6 is 2002 {
> if (bits 16-47 of ipv6 equal ipv4)
> return true
> else
> return false
> }
> else
> return true // because consistancy is not defined for non-2002
> }
>
> That is, what's the defined consistancy between native ipv6 and ipv4
> addresses.
>
> Thus skipping the consistancy check becomes a bit of a blur.
>
> --
> Pekka Savola "Tell me of difficulties surmounted,
> Netcore Oy not those you stumble over and fall"
> Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
>
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
