On Tue, 23 Apr 2002, JINMEI Tatuya / [ISO-2022-JP] 神明達哉 wrote: > > For regular packet forwarding, the second bullet in 9. basically seems to > > say: "if you cross the zone boundary, the packet is discarded". > > This is oversimplification. The second ballet says "a packet must not > cross the zone boundary of the source address's zone".
Ok. > > This should be, IMO, honoured with routing header too. > > As for the source address, that's correct (or at least what the draft > intended to say). Routers N hops away may have difficulties in determining this with a certainty. > > In particular, one > > should not be able (IMO) to control how routing should go inside a site, > > using site-internal addresses (as these addresses aren't reachable to the > > source, and may have a different level of security etc.). If the > > destination site does not have global addresses in use there, he probably > > don't want site-local's being used either. > > Sorry, I don't understand the statement above. Could you be more > specific please? AFAICS, the following is allowed: Assume sites A and B. src=globalA dst=globalB routing header=sitelocalB, global2B segments left=2 So source A is able to control how globalB inserts a packet from a global source to site _B_'s internal, site-local routing system. You could of course also, after using the routing system, revert the destination back to some global one. My point here was: anyone from site A should not be able tell how site B should route packets using _site-local_ addresses? > > Site-locals are potentially fishier as they can't be as trivially > > restricted to a link. > > > I'd like to see a "roadmap" of what kind of forwarding is possible with > > routing header, and what is not. I couldn't make a clear mental image > > based on the text. > > I'm not sure what "roadmap" exactly means, but the restriction that > Rich mentioned will be clearer about the rule... I'd like to know what people vision RH + scoping would be useful for. Then it might be easier to decide whether a simpler approach would be appropriate. > > That is, can you use RH to forward packets out of the incoming link with > > e.g. link-local addresses? (As in the previous paragraph in the text.) > > That depends on the precise configuration, as I said above. I'm not sure if that's obvious from the text. > p.s. to make my position clear, I'm not a fan of the current rule. > Formerly I proposed a stricter rule that required all destinations in > a routing header were in the same scope type for deterministic > behavior. I tend to agree. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
