My view on site local addresses is a bit split. >From a personal point of view I like them. I can use them in my home network, together with global addresses (6to4 at the moment), and even store them in my local DNS server. None of this causes me any problems, it all works and means if/when an ISP in the UK is able to supply me with real IPv6 global addresses I'll not have to alter much.
As things stand if someone was to query my DNS server from the outside world (assuming the domain I'm using delegated to me), they'd not see any SL addresses - split DNS. This is the simple scenario of SL enabled globally at home, and having a couple of (site) border routers, both of which have some global interfaces and some site interfaces. Both routers only know about the one site - the same site. However as an router implementor - they're a right royal pain. One major issue being the possibility of having more than one site cutting through the router. For a single CPU router this is not too bad, for a multi CPU router it is awkward. Now even if we were to simplify things so that a node (router) could not attach to more than one site at a time (i.e. the case of site links, and non-site (global) links), things'd not stay simple for long. I say this 'cause I'd anticipate that someone would want to supply outsourced managed 'Site' networks in the same fashion as ISPs offer managed VPNs at the moment. This would effectively collapse things back into the situation we have at the moment with multi-site routers. -- Overrall I guess I'd say keep them, then hope they never get deployed at anything other than the sort of use I personally have for them. This basically means that they'd not be of much use for anything other than small scale use, and (as someone else pointed out) are of no use to large organisations with geographically diverse facilities. What does worry me though is if customers (ISPs) want to have the same sort of VPN facility I've mentioned above - this seems to naturally coincide with the v6 view of SL addresses, and raises very similar issues to be solved. The real answer to the underlying problem here is a lot harder to solve. It all seems to mainly be about security, and it would seem that IPsec should be used to address it. However the issue of having keys distributed, and prooving identity still needs to be rolled out. DF -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
