Rich,
Richard Draves wrote:
Some read it (many):
"if I configure a site here, I must also block site-locals
from spreading
out or false site-locals coming in"
Some others read it:
"if I use site-locals here, my upstream router will block
the site-local
addresses from spreading out and prevent anyone from spoofing
site-locals
to my site"
The latter is how I read it must be implemented -- and
reading Microsoft's implementation and the reason they're
using SL *strongly* suggests they
also have read it that way. There are very probably many others.
No, I think you're the only person reading it the latter way.
My expectation is that routers will need to be configured to understand
site boundaries. A conservative position is that routers by default
should regard their interfaces as belonging to different sites, unless
they are configured to be in the same site. Or perhaps other aspects of
the router's configuration (eg the network prefixes assigned to
different interfaces, or the routing protocols in use) could be used to
default the site configuration.
I would be a little concerned with allowing a border configuration
to be controlled by a routing protocol. A routing flap could do
all sorts of nasty things in that situation.
My take is that the two possible router configs for site locals is
1. All interfaces are in the same site
2. All interfaces are in unique sites
Margaret's proposal that the default behavior is a node's
interfaces are in 1 site results in case 1. For a router, a
safer config may be 2. That would strictly limit the outward
flow of site local addresses.
Brian
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
