Comments on lap-ipv6. You seem to make an assumption that it would be ok for routers on the path to just add headers to IPv6 datagrams (like routing header). That is not so. This is a fundamental problem with the proposal.
Security for VPN solution you present is weak. There was no text (I think) discussing the possibility that some outsider would forge packets with some VPN header and VPN ID from the Internet, and those would be delivered to the VPN network. The problem is that unless ISP polices this with filters everywhere, when the PE device has no way of knowing whether the packets with the correct VPN ID happened to come from the Internet or some legal VPN site. (Of course, VPN without encryption against the ISP is IMO nonsense anyway but that's what the "competing" MPLS/BGP VPN solution has too.) In 3.1.3, a new feature of IPv6 would be access provider's possibility to ping the subscriber's interface. I fail to see how this could not be done today. On Mon, 14 Oct 2002, Chen, Weijing wrote: > We would like to bring the attention to this ID announcement. This draft > saw the same "connection-oriented" problem laid out by > http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-cl-tunneling-vpn-00.txt > . However, the proposal lay out by > http://www.ietf.org/internet-drafts/draft-allen-lap-ipv6-00.txt dealt more > than PPVPN. It dealt with broadband Internet access too. We would like to > seek the interest of ipng group, ppvpn group, and other interesting party to > advance this work. Thanks. > > > > -- > Weijing Chen > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 14, 2002 6:25 AM > Cc: [EMAIL PROTECTED] > Subject: I-D ACTION:draft-allen-lap-ipv6-00.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : IPv6 for Large Access Providers > Author(s) : K. Allen, W. Chen > Filename : draft-allen-lap-ipv6-00.txt > Pages : 12 > Date : 2002-10-11 > > This document discusses how Large Access Providers (LAP) could use > IPv6 to solve current technical challenges. In particular, IPv6�s > large address space and optional header mechanism can be used to > provide scalable and manageable broadband Internet access and > Virtual Private Network (VPN) services. A new optional header to > support forwarding-plane based VPNs is proposed. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-allen-lap-ipv6-00.txt > > To remove yourself from the IETF Announcement list, send a message to > ietf-announce-request with the word unsubscribe in the body of the message. > > Internet-Drafts are also available by anonymous FTP. Login with the username > "anonymous" and a password of your e-mail address. After logging in, > type "cd internet-drafts" and then > "get draft-allen-lap-ipv6-00.txt". > > A list of Internet-Drafts directories can be found in > http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > Internet-Drafts can also be obtained by e-mail. > > Send a message to: > [EMAIL PROTECTED] > In the body type: > "FILE /internet-drafts/draft-allen-lap-ipv6-00.txt". > > NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
