On Tue, 29 Oct 2002, Brian Haberman wrote: > > Note that KAME only supports this through manual configuration (and a > > fix) -- clarified in off-the-list discussion. > > > > To be compliant with the paragraph: > > > > Routers must not forward any packets with site-local source or > > destination addresses outside of the site. > > > > Note: it does not say 'packets from the site' (implying configuration of > > the site) but 'with site-local source'. That strongly implies explicit > > configuration will not satisfy. > > I don't read it that way at all. I interpret that to mean, if the > router is configured as a site-border router it must not forward those > packets out of the site.
That kind of interpretation is easy (== activation logic in the implementation is simple) , but really, totally useless I believe. The promise of using site-locals is that they will not propagate globally. Routers must make sure they don't do that, even without being configured as site-border routers. If this wasn't true, nobody should be able to use site-locals even without relatively clean conscience, as nobody could be sure there _is_ a router that's blocking illegally-sourced site-locals from coming to my site or vice versa. The paragraph requires clarification for sure. > The behavior is as defined in Section 5 of the scoped addr arch which > is all interfaces are in the same site, unless explicitly configured > by an administrator. Scoped arch draft is irrelevant from the perspective of addrarch (independence) IMO. > > 1) node just blindly configures fec0::1 and starts sending traffic using > > it, testing how far it will go. > > > > A valid scenario here could be that site-locals would be used inside one > > link only -- no config at all in the router -- but the route must disallow > > propagation of site-locals through default route if something fails. > > That does not follow from the discussion in scoped addr arch. Of > course, this should be clarified in addr arch when we decide on the > SL content of that document. Better: _addrarch_ shouldn't say anything at all like that because we don't know how to do it (or can't write it down). > > You may ask: how is this possible? we don't have any site-border > > discovery mechanisms? > > > > I say: exactly, that's why the paragraph is so ridiculous! > > > > The only easy and compliant implementation I could think of would be > > discarding all site-locals unless some links are explicitly configured to > > be part of a site. > > From the discussion I have read, it seems that it would be more that > we are assuming that all interfaces are in the same site unless > explicitly configured. The risk of site-local leakage is _way_ too big that way. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
