Remi, >> ... >> issues I have with host tunneling: >> - how to communicate with native IPv6 nodes on the same network? > > The 6a44-S decapsulates IPv6 packets coming from a 6a44 host and, if not > destined to another 6a44 host of its network, forwards them in IPv6, in this > case on the same network.
I was thinking of another native IPv6 node in the same home. as 6a44 doesn't enable IPv6 support in the home network I don't see how this would work. >> - how to communicate to another 6a44 host on a different link in the same >> home? > > 6a44 is only for hosts on a LAN behind a NAT44 attached to a 6a44-capable ISP > network. > If the LAN has several bridged links, it does apply. > Links that are behind extra NATs in the site are out of scope. > > As I said to Olivier Vautrin in a previous mail on this thread, these extra > NATs should be configured so that hosts behind them never receive 6a44 > IPv6-Address-Indication messages. (e;g. with the 6a44 well-known port bound > to an unassigned internal address. > This point isn't in the draft yet but, if co-authors agree, should be in the > next version. I was thinking of the case of a routed home. no additional NATS. I don't see how the mechanism would work across routers. since you don't get a prefix for the site. the homegate/homenet WG proposal was rejected by the IESG, but it would have been useful to have the home network architecture document as background for this discussion... >> - do you need non-congruent topology multi-homing policy? >> http://tools.ietf.org/html/draft-troan-multihoming-without-nat66-01 >> how do you distribute that policy when you don't have a on-link router? > > Not sure to understand the question. > The answer should be NO: 6a44 only needs classical topologies. if a 6a44 node is multi-homed to 3 networks, the 6a44 network the IPV4 network and possibly a native IPv6 network (e.g. ULA in the home), would you need to distribute SAS/NH/DNS policy? >> - a general unease that now every host is supposed to have a "VPN" >> connection? >> how do I configure my own firewall and other network border policy? > > If the NAT binds the 6a44 well-known port to an unassigned internal address, > no host will be able to receive a 6a44 IPv6 address. > Besides, a firewall could filter all packets having this port, source or > destination. that doesn't give me ability to filter on IPv6 applications on the network border... not specific to 6a44, this is just an artifact of host tunneling. >> how much would a new CPE cost the customer? 80USD? that's only 5 pints of >> beer (if bought in Norway.) >> I really liked the dongle idea by the way. perhaps with a L2TP LAC. > > The dongle idea of 6rd-UDP, if without a stateful NAT66 in the dongle, needs > an assigned /16 to the function. (The /64 subnet prefix has to contain the > site IPv4 address plus the port of the tunnel). > This is in general not realistic. my suggestion is to use L2TP, which has none of those particular shortcomings. > Now, if there is a NAT66 in the dongle, it can work with a 6a44 external > address. > > > I hope it helps to understand that 6a44 isn't just one more design for the > pleasure to make one, but a pragmatic solution to a real problem, specified > after an in depth study. is the in-depth study available? cheers, Ole _______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
