In your previous mail you wrote: > => be serious, autotunnels are phased out, configured tunnels and 6to4 > are mutually exclusive... mutually exclusive? I don't think so. => if you have a configured tunnel you can use native addresses so you don't need a 6to4 router. They are mutually exclusive in practice (note that 6to4 relays are a different problem, in fact the box where is the local 6to4 relay has a configured tunnel too but with a lot of address checks (FreeBSD) and extra filtering).
as was pointed out earlier as long as one uses a different IPv4 source address for the different point to multi-point tunnelling mechanisms there is no problem demultiplexing the packet to the correct tunnel interface. => a configured tunnel is identified by its IPv4 address pair so conflicts can happen only if both ends are involved in a set of mechanisms with more than one element, i.e. in practice the only special case is a configured tunnel between two 6to4 relays... Of course as this is a weak authentication based on addresses one should use usual protections like RPF based ingress filtering. Regards [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
