ISATAP Issues - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

ISATAP Issues

Description:

embedded V4ADDR in reverse routing lookup for v6_src ... NEWER ANSWER: make it work the same as RFC 2462, section 5.5.4 Address Lifetime Expiry ... – PowerPoint PPT presentation

Number of Views:200
Avg rating:3.0/5.0
Slides: 10
Provided by: fredte
Category:

less

Transcript and Presenter's Notes

Title: ISATAP Issues


1
ISATAP Issues
  • Fred L. Templin SRI International
  • IETF 52 NGTRANS Meeting
  • Salt Lake City, Utah
  • Dec 13, 2001

2
ISATAP Status
  • draft-ietf-ngtrans-isatap-02.txt published
  • ISATAP Issues message posted to mailing list
  • Linux ISATAP implementation announced. HOWTO at
  • v6web.litech.org/isatap/
  • Experimentation encouraged!
  • (Thanks Nathan Lutchansky and Yoshifuji Hideaki!)

3
IPv4 anycast vs. DNS w/multiple RRs Author
prefers anycast
  • IPv4 anycast is a configuration option NOT a
    feature of IPv4 addressing i.e. ANY
    topologically-correct IPv4 prefix can be used for
    IPv4 anycast use within the site
  • allocate IANA prefix/use existing IANA prefix for
    easy configuration (vote?)
  • Site administrators can override with DNS entry
    (single RR) static config if desired

4
IPv4 Anycast vs. DNS
  • v4anycast allows hosts to operate exactly as RFC
    2461, section 6.3
  • Default router lists constructed
  • Redirects other ND features work as per 2461
  • v4anycast provides easy security check (i.e. only
    accept RAs from v4anycast)

5
Router solicitation w/Anycast
  • ISATAP host sends RS with
  • v6_srcFE8005EFEV4ADDR_HOST
  • v6_dstFF022
  • v4_srcV4ADDR_HOST
  • v4_dstV4ANYCAST
  • ISATAP Router sends RA with
  • v6_srcFE8005EFEV4ADDR_RTR
  • v6_dstFE8005EFEV4ADDR_HOST
  • v4_srcV4ADDR_ISATAP (note corrected per F.
    Dupont)
  • v4_dstV4ADDR_HOST

6
Router solicitation interval
  • RFC 2461, section 6.3.7 gives list of acceptable
    reasons for hosts to re-issue RSs. One says
  • - the host re-attaches to a link after being
    detached for SOME TIME
  • Authors recommendation for ISATAP
  • Host deems itself to be detached from the ISATAP
    interface immediately after receiving solicited
    RA (i.e. expects to NOT receive unsolicited RAs)
  • Host sets SOME TIME Router Lifetime/2, for
    some Router Lifetime in default router list.
  • Is RFC 2461 language needed? Suggestion, A link
    should NOT deem itself to be detached
    arbitrarily only if it KNOWS it cannot receive
    unsolicited RAs

7
Security
  • Source address spoofing for ISATAP peers
  • If v4_src ! embedded V4ADDR in v6_src
  • Source address spoofing for forwarded messages
  • If v4_src ! embedded V4ADDR in reverse routing
    lookup for v6_src
  • Reverse routing lookup trust based on
    v4_srcv4anycast in RAs

8
Open Issues Since London
  • When to deprecate ISATAP address?
  • Old answer when native IPv6 Rtadvs heard
  • New answer when native Rtadvs heard AND ISATAP
    interface usage drops below some threshold
  • NEWER ANSWER make it work the same as RFC 2462,
    section 5.5.4 Address Lifetime Expiry
  • Will ISATAP addresses be preferred over native
    IPv6 addresses by longest prefix-match?
  • No destination ordering will fix this (already
    addressed in source/destination selection draft)

9
Open Issues Since London
  • NAT Clarifications
  • Will ISATAP work on the private network side of a
    NAT?
  • Yes!
  • Will ISATAP work across NAT?
  • NO - NON-GOAL!
  • Other NGTRANS works address NAT traversal
  • ISATAP is complementary to these
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ISATAP Issues" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!