On Wed, 2002-10-30 at 08:29, Richard Draves wrote: > > > There is, however, a potential risk to using > > > site-local addresses > > > for long-lived connections. Those connections may > > > fail when a site > > > becomes partitioned, even if global connectivity is > > > still available > > > between the partitions. > > > > => FWIW, I think that one can see this as an advantage. > > An admin might not want these connections to survive > > when going through the Internet (outside the site). > > When the site was partitioned, an admin could have forgotten > > about these connections (?) and using site-local helped made > > this obvious. As opposed to having (potentially) sensitive > > data going over the public net. > > Yes of course that's an advantage. I can't imagine anyone (from > enterprise network administrator to home user) wanting intra-site > communication to suddenly be routed outside the site. >
Surely there would be a both a sink route in your border routers for your own /48 global address ranges, and source address access list facing the Internet, preventing this from happening. This is common security practice. > Rich > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
