> > Andrew White wrote: > > - If a stable global prefix is available, we strongly recommend > > using that and not using site locals. > > This ignores the fact that many people will use site-locals because > addresses that are not publicly routable are a requirement, and this > regardless of the fact they have a stable global prefix or not. Besides, > stable global prefixes do not exist today for end-sites.
sites that think they have this requirement are not stating it correctly. it is easy to arrange for any address prefix to not be reachable from outside of an enclave; ambiguous addresses are not needed to achieve this. > Instead of making this recommendation, I think it would be better to > make recommendations on how to use site-locals even if a global prefix > is present. use of site-locals should be avoided if a global prefix is present. this applies to both networks and applications. this is the best recommendation we can make; it's the one that causes the fewest problems. > > - Site locals and global addresses can exist in parallel on > > the same network, but this is likely to cause address selection > > problems for applications. > > I don't like the wording of this. If, instead of "network", you used > "VLAN" or "Ethernet segment" or "subnet", I would have agreed. I agree that "network" is prone to misunderstanding here. I suggest "portion of the network". "subnet" might be okay here, though it might be too specific. > > Note: It might be possible to have site local traffic sent > > over a tunnel (eg a VPN). In such a situation, the VPN should > > be treated virtually as part of the site. Site local addresses > > must not leak outside the tunnel. > > Agreed. > > > Though there are probably better ways to do this than using > > site locals. > > This is a perfectly legitimate use. legitimate, perhaps. technically optimal is a diferent question. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
