[CUWiN-Dev] IPv6 -- TAKE II: NEED ANSWER BY TUESDAY NOON...

David Young dyoung at pobox.com
Wed Apr 27 02:15:46 CDT 2005 

On Mon, Apr 25, 2005 at 08:14:55AM -0500, Quantum Scientific wrote:
> On Monday 25 April 2005 4:55, David Young wrote:
> > An IPv4/IPv6 host that is stuck behind a NAT firewall
> > can make IPv6 connections using "Teredo."  Some of these protocols are
> > showing up in mainstream operating systems: I believe Windows XP already
> > has both 6to4 and Teredo capabilities, and Mac OS X has 6to4.
> 
> Many tunnel brokers do not support Teredo (I use Hurricane Electric), and 
> those that do will require you to use the /64 IP block they assign (so they 
> can route).  And being an M$ concoction, support for Teredo in Linux and BSD 
> is 'eccentric' (Miredo), and even under their sanctioned config, performance 
> isn't good.  However some NAT gateways do actually pass protocols 41, 43, 44, 
> 50, 51 transparently, making IPV6 available inside.  The only way to confirm 
> is with experimentation, as info is spotty and of varying vintage.

I had a look at Miredo a couple weeks ago.  I didn't notice the
eccentricity, but I can believe that the performance isn't good, since it
uses a tap(4)/tun(4)-type interface to the kernel.  I would like to see
a teredo(4) cloning interface for Teredo, by analogy to stf(4) for 6to4.

> Another alternative is if your server can be placed in the NATting gateway's 
> DMZ (bridged), to be fully visible to the outside.  This is what I do.  I 
> suspect most gateways will be DSL or cable, and many allow the user to set 
> themselves in the DMZ, by web interface.  Or if a fiber PoP, it should have 
> IPV6 native.

Setting up the DMZ is a lot to ask a user to do.  I'm all about saving the
user the trouble.  What's worse is that the way some of those DMZs work,
it's the user (not the gateway) that has to tell the rooftop router what
routable IP belongs to it. :-(

> Maybe I don't understand the technical issues, but I'm surprised there's a 
> problem with IP address conflicts.  Seems like as long as there's a gateway 
> for a cloud (doesn't there -have- to be, for backhaul?), it will allocate IPs 
> for the nodes, and the nodes will allocate IPs for their local LANs.  Even 
> when a node is some hops from the gateway, its DHCP request should be passed 
> along to/from the gateway.  If multiple gateways, the closest one would 
> allocate, and the gateways would dispense different blocks in the same class 
> C (or B?).

It's not so simple.  There might not be any gateway at all.  That is
one of the "use-cases," you could say: you've built this network out
in the wilderness.  There is no Internet for miles around.  It's still
gotta work.

I also found out the hard way that there are several practical problems
with running DHCP relays and servers on the same box.  Never again will
I try that.

Dave

-- 
David Young             OJC Technologies
dyoung at ojctech.com      Urbana, IL * (217) 278-3933

More information about the CU-Wireless-Dev mailing list