> Jim Bound wrote: > and this is my biggest fear for the Internet with IPv6. These > site-locals could undo all we did with IPv6 to restore end-to-end > architecture for the Internet. > Trying to limit them with words or BCPs whatever will NOT prevent > the potential tragedy to our beloved Internet
I share your concern, I just don't think that there are good reasons to develop IPv6 NAT. Besides, there are plenty of other things that break end-to-end and will continue to break it: Load balancers, cache engines, etc. A word about "warm an fuzzy": "warm and fuzzy" is a requirement. There will be IPv6 firewalls, I actually think there will not be any serious IPv6 setup without a firewall. What is a firewall? It's a big, bulky, very expensive rack-mounted device with the word "firewall" screened in big letters on the front. What does it do? It makes senior management feel secure. A firewall does not protect a network more than a private IP does. It can be bypassed as I explained before. I regret to report that the very existence of firewalls and load balancers is not something you and I will change. I would apply the same reasoning to site-local addresses. Michel. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
