[6bone] RFC2772 rewrite

Nicolas DEFFAYET nicolas.deffayet@ndsoftware.net
13 Nov 2002 22:53:19 +0100


On Wed, 2002-11-13 at 21:03, Robert Kiessling wrote:

> You and others operate pTLAs and provide many valuable services to the
> community. However, it's operated as a spare-time activity without,
> for example, guaranteed response times.
> 
> This leads to serious operational impact on the whole IPv6 world. I
> just want to recall the AS1654 incidence, where a hobby pTLA brought
> down significant parts of the global IPv6 network and we were lucky
> enough that the IPv4 upstream was available to turn off the tunnel
> endpoint.

The AS1654 incidence is not a 6bone specific problem.
A production network can have the same (or similar) problem.

Don't forget, BGP is not a secure protocol.

> As a result the IPv6 network quality is considerably worse than IPv4,
> and understandably people are reluctant to trust important services to
> IPv6.
> 
> I see only two solutions:
> 
> 1. Isolate 6bone and similarly operated one-host-wildly-tunneled sTLAs
> from a production-quality IPv6 core, and widely implement filtering.
> 
> 2. Assure that pTLAs provide a minimum of service.

I support your second solution.

Best Regards,

Nicolas DEFFAYET, NDSoftware
NOC Website: http://noc.ndsoftwarenet.com/
FNIX6: http://www.fnix6.net/