Hi,
On Mon, June 7, 2010 09:41, Brian E Carpenter wrote:
> This is another approach to stateless tunnels across subscriber NATs.
There is of course the big question of how to discover a SAMPLE server. I
doubt they would get any use if the user needed to enter anything in
his/her configuration.
Anycast: runs the risk of landing you in the network of the wrong provider.
Guessing: ...usually goes wrong.
Multicast: not supported by many/most CPEs.
DNS based: kinda like Anycast... no matter how much magic you add.
Maybe a centralized registry?
Also I would change the address format:
0 64 80 96 112
+-------------+-------------+-------+------+------+------+
| PSAMPLE | V4ADDR | PN |FILL |
+-------------+-------------+-------+------+------+------+
This way the host can set a /96 route to take a shortcut to any other
SAMPLE host inside its own network instead of sending the traffic via its
ISP. But it should be mentioned that under no circumstances host are
allowed to shortcut to hosts with a similar prefix shorter than /96 - they
cannot assume a compatible NAT.
Also it would help to establish the exact handshake to arrive at the
host-ID. My guess would be:
Client(C), Server(S)
C->S Router Solicitation with unspecified source, all-routers (ff02::2)
destination
S->C Router Advertisement with fe80::1 source, final host address
(PSAMPLE:0000:V4ADDR:PN) as destination, PSAMPLE/64 as prefix, should be
M=1?
Now the host can set its host ID, randomize FILL and can do the handshake
again if it thinks it is necessary.
Whether the host-ID of the router should be ::1 or derived from an
existing MAC is also debatable.
Also I do not believe that V4ADDR and PN should be obfuscated - it does
not solve any problem (attackers can simply reverse it) and introduces a
few (the address is not easy to spot for support staff and it risks
miscalculation by some implementers).
Question: does it really make sense to set bits 6/7 of the host-ID to 0? I
do not see much sense in serving the blind assumption of MAC-like behavior
on a MAC-less interface. If so: is it safe to assume that no ISP will have
an IPv4 prefix shorter than /8?
Konrad
_______________________________________________
Softwires mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/softwires
