On Tue, 29 Oct 2002, Margaret Wasserman wrote: > At 04:57 PM 10/29/02, Hesham Soliman (EAB) wrote: > > > > or to put it another way, why do you have so much faith in > > > filters of SL addresses and so little faith in filters of prefixes? > > > > > > >=> Because they're not configured, they're hardcoded. > > No, they aren't. > > You can't hardcode site-local address filtering in every router, > or you won't be able to communicate inside a site. > > So the router will need to be configured, somehow, to block > site-local addresses from being forwarded from one interface > to another. And that configuration isn't any more inviolate > than a traditional forwarding filter.
To (try to) clarify: the SL filters can be defined by hardcoding them (basically just two trivial access-lists for example), but they cannot be _enabled_ except manually or by some rather complex logic. .. thus making the argument about the ease of use pretty much irrelevant IMO .. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
