Re: New "IP Version 6 Addressing Architecture" draft

Fri, 21 Jul 2000 20:29:20 -0700 


>>        and it was from outside, the kernel does not drop it for the sake of
>>        SIIT (too-clever SIIT enabled client may try to drop it because of
>>        IPv4 rules)
>       Not too-clever.

        i don't see any of your wording on RFC2765.  i took your email as a
        suggestion to RFC2765, am I right?
        your suggestion does not protect nodes that are outside of SIIT cloud
        (which is more common setup today).  how do you intend to secure
        those nodes?  i think you are making separate discussion thread here.

>       SIIT should drop packets whose source address is
>       ::ffff:a.b.c.d/(96+n) (assuming figure in my previous mail).

        you mean the SIIT box ([SIIT] in the following figure) should drop
        the packet, when the packet tryes to go into the SIIT cloud?

                                    drop it
                     ___________    <-----    ___________
                    /           \            /           \
      [IPv6 Host]--< Dual network>--[SIIT]--< IPv4 network>--[IPv4 Host]
                    \___________/     |      \___________/
                             (pool of IPv4 addresses)

>       Nodes in SIIT cloud should drop packets whose source 
>       address is ::ffff:127.0.0.0/104 and ::ffff:a.b.c.d/(96+n) from 
>       outside.

        i don't think this is workable, as this requires every nodes in
        SIIT cloud to know about the IPv4 address pool configured to the
        SIIT cloud.

        From seeing RFC2765 section 5, I think that the nodes in SIIT
        cloud is unaware of the existence of SIIT box (or it does not know
        if it is inside SIIT cloud or not).

>       Nodes not in SIIT cloud should drop ::ffff:0:0/96 from outside.
>       Anyway, issues seems to be administrative problem.

        i think, for an end node in SIIT cloud, it is impossible to
        determine if the traffic is from the outside, or from inside.

itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------

Reply via email to