we can keep link-local and not above. /jim > -----Original Message----- > From: Derek Fawcus [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 11, 2002 4:36 PM > To: [EMAIL PROTECTED] > Subject: Re: IPv6 Scoped Addresses and Routing Protocols > > > My view on site local addresses is a bit split. > > From a personal point of view I like them. I can use them in my home > network, together with global addresses (6to4 at the moment), and > even store them in my local DNS server. None of this causes me > any problems, it all works and means if/when an ISP in the UK is > able to supply me with real IPv6 global addresses I'll not have to > alter much. > > As things stand if someone was to query my DNS server from the > outside world (assuming the domain I'm using delegated to me), > they'd not see any SL addresses - split DNS. > > This is the simple scenario of SL enabled globally at home, and > having a couple of (site) border routers, both of which have some > global interfaces and some site interfaces. Both routers only know > about the one site - the same site. > > However as an router implementor - they're a right royal pain. > > One major issue being the possibility of having more than one site > cutting through the router. For a single CPU router this is not > too bad, for a multi CPU router it is awkward. > > Now even if we were to simplify things so that a node (router) could > not attach to more than one site at a time (i.e. the case of site > links, and non-site (global) links), things'd not stay simple > for long. > > I say this 'cause I'd anticipate that someone would want to supply > outsourced managed 'Site' networks in the same fashion as ISPs > offer managed VPNs at the moment. This would effectively collapse > things back into the situation we have at the moment with multi-site > routers. > > -- > > Overrall I guess I'd say keep them, then hope they never get deployed > at anything other than the sort of use I personally have for them. > > This basically means that they'd not be of much use for anything other > than small scale use, and (as someone else pointed out) are of no use > to large organisations with geographically diverse facilities. > > What does worry me though is if customers (ISPs) want to have the same > sort of VPN facility I've mentioned above - this seems to naturally > coincide with the v6 view of SL addresses, and raises very similar > issues to be solved. > > The real answer to the underlying problem here is a lot harder to > solve. It all seems to mainly be about security, and it would > seem that IPsec should be used to address it. However the issue > of having keys distributed, and prooving identity still needs > to be rolled out. > > DF > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- >
-------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
