Hi Mark,
2) Globals and GUPIs - you don't want to rely on the stability of your
allocated globals for your internal connectivity, so you roll out GUPI
address space as well. GUPIs are used for your internal communications
ie communications that doesn't travel across links that are part of the
public Internet.
You'd have to add three things to this to get to where I hope that
GUPI addresses will take us:
- GUPI addresses may also be used to communicate over
private links with other GUPI-addressed networks.
In other words, several companies may use GUPI
addresses to communicate with each other over
a shared extranet. These types of networks are
quite common in some industries for suppliers/
customers or data center/clients. This wouldn't
and shouldn't require that multiple companies
share a GUPI prefix, just that they have routes
that point to each other.
- You may have different "levels" of GUPI addresses within
a single network... Some devices may use addresses
that are filtered at the department level, some
may be filtered at the corporate level, and
some may be filtered at the extranet level, for
example.
- Some companies may pay their ISPs to globally route their
GUPI addresses. I know that some people don't
want this to be possible, but I'm not sure why.
I agree that we should only advise this if we can
come up with an aggregable method for allocating
GUPI addresses.
In the network, GUPI addresses would be treated _exactly_ like global
addresses. And, just like global addresses (which they are), some of
them will be filtered at firewalls in various places.
We will need to do some work to document how other types of leaking
(DNS and routing protocol leaking, in particular) should also be
blocked at the same point as the traffic. However, this is pretty
commonly done for VPNs in IPv4, so there are some known solutions (route
filtering and split DNS).
There will continue to be application-level and mobility issues with
these addresses, or any type of private or filtered addresses. The
problems are reduced by the fact that the addresses are not ambiguous,
but the problems are not all eliminated.
However, it seems that people _will_ use filtering to create private
networks. The best we can do is try to provide a solution that
mitigates the damage.
Margaret
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
