[Working group chair hat off]
A few comments on the Site-Local discussion that I did not see getting
discussed or proposed.
There was a reference made to networking airplanes somewhere in this
thread. If my memory is correct, the airplane industry did select an open
standard for airlines. Some planes run ISO CLNP over FDDI. They did pick
an open standard, but.....
A lot of the discussion seems to imply that site-local addresses are
created automatically (like link-local). This is, of course, not the
case. Site-local are only created if someone configures a router with a
specific site-local address on an interface and tell the router to
advertise the prefix in a routing protocol to other routers and to
advertise it to hosts on the link in RAs. Site-local addresses will only
appear in a site if an administrator decided to configure them.
It seems to me that from a reachability point of view there isn't too much
difference between using site-local addresses and having a firewall that
blocks traffic from one set of global addresses and another. Firewalls
create limited scope addresses from global addresses. If one assumes the
existence of IPv6 firewalls, then these firewalls can also enforce site
boundaries. Firewalls are essentially doing this today. Compared to what
firewalls already do today, this is trivial. If the site boundaries are
going to be defined by firewalls, then it is probably less important that
we have to define multi-site router behavior.
One of the issues that was discussed regarding the ease or difficulty of
configure site-local scope filters in routers. It seems to me that the
simple way of doing this is configure the router with the zone that each
interface is in. The router would then automatically create internal
filters that enforce the site boundaries. This seems much easier to me
than having to create filter rules based on the prefixes that are assigned
to each interface.
Another router issue that gets talked around is should packets with
site-local destination be forwarded to "default". Given that site-local
addresses are not created without being configured, one approach could be
to have a "black hole" route for FEC0::/10 preconfigured in all
routers. The router would then only forward packets with site-local to
destinations that matched more specific routes. They would never get
forwarded to the ISP via the normal default route.
From a private exchange with someone from a router vendor. They are
taking the approach of creating a "no-site" site in their product. That is
if an interface configured to be in the "no-site" site, the router will not
forward any packets with site-local addresses to/from this interface. This
might make for a simple default behavior site border router.
Bob
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
- Re: A few comments on Site-Local Useage Bob Hinden
- Re: A few comments on Site-Local Useage Pekka Savola
- Re: A few comments on Site-Local Useage Margaret Wasserman
- Re: A few comments on Site-Local Useage Pekka Savola
- Re: A few comments on Site-Local Useag... Keith Moore
- Re: A few comments on Site-Local ... Pekka Savola
- Re: A few comments on Site-Lo... Brian Haberman
- Re: A few comments on Sit... Pekka Savola
- Re: A few comments on Sit... itojun
- Re: A few comments on Sit... Brian Haberman
- RE: A few comments on Site-Local Useage Michel Py
