> > when a site renumbers the routers are going to have to be updated > > anyway. of course we need a solution for this problem. but > > having site locals won't change the need to reconfigure > > routers when renumbering. > > You haven't contested my point that the security based on site-locals > will not be comprised when a site renumbers, whereas security based on > the filtering of a global prefix is vulnerable to mishap during > renumbering. So I take it you agree that site-locals do offer an > advantage here?
no, I really don't think so. the notion of a "site" being a useful security boundary is mostly an illusion anyway - it's far too coarse-grained. and if people actually try to use this in nontrivial networks it seems likely that they'll continually have to be juggling router configuration to manage connectivity between different portions (potential "site" boundaries) within their enterprise network. > > the same kind of defense in depth is possible (and quite reasonable) > > with prefix filtering - and it's more flexible since it > > doesn't require the same prefix length to be filtered at each router. > > I don't understand this. In your proposal, every site will be filtering > a different global prefix. Routers in the internet backbone will not be > filtering any global prefix. Where is the comparable defense in the > depth? the defense in depth is within the enterprise. every router within the site will admit traffic only from/to those prefixes that make sense for that particular part of the network. if the traffic passes through multiple routers then each router is a separate barrier. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
