Hi Margaret, On Tue, 2002-11-26 at 23:47, Margaret Wasserman wrote: > > Hi Mark, > > >2) Globals and GUPIs - you don't want to rely on the stability of your > >allocated globals for your internal connectivity, so you roll out GUPI > >address space as well. GUPIs are used for your internal communications > >ie communications that doesn't travel across links that are part of the > >public Internet. > > You'd have to add three things to this to get to where I hope that > GUPI addresses will take us: > > - GUPI addresses may also be used to communicate over > private links with other GUPI-addressed networks. > In other words, several companies may use GUPI > addresses to communicate with each other over > a shared extranet. These types of networks are > quite common in some industries for suppliers/ > customers or data center/clients. This wouldn't > and shouldn't require that multiple companies > share a GUPI prefix, just that they have routes > that point to each other.
Totally agree, this is where I think GUPIs fix well the problem with traditional site-local networks being joined physically via leased lines, or logically via VPN tunnels. I imagine that unique GUPI prefixes would be allocated / assigned / auto-generated on a per "entity" basis, with that "entity" then using the GUPI prefix on its own network infrastructure. An entity could be : 1) An individual 2) A house hold 3) an organisation there are probably other entity types as well. I've chosen the word "entity" (without much deep thought though) as it is very generic - it doesn't imply size or geographical boundary. Interconnecting entities would involve these steps (pretty much repeating what you have said above) : 1) play GUPI prefix lotto - if you loose, one of the entities will have to renumber their network 2) bring up the link(s) between entity network infrastructures, either a physical circuit or a logical VPN tunnel. Part of this step is implementing any firewalling if necessary between the entities 3) pushing each entity's GUPI /48 into the other's routing domain. > > - You may have different "levels" of GUPI addresses within > a single network... Some devices may use addresses > that are filtered at the department level, some > may be filtered at the corporate level, and > some may be filtered at the extranet level, for > example. > When you use "levels", am I right in assuming you mean creating different packet forwarding boundaries via packet filtering ACLs etc, within the same instance of a GUPI address space ? eg although marketing and finance are part of the same GUPI address space, ACLs in the network prevent marketing sending / receiving packets from finance ? > - Some companies may pay their ISPs to globally route their > GUPI addresses. I know that some people don't > want this to be possible, but I'm not sure why. > I agree that we should only advise this if we can > come up with an aggregable method for allocating > GUPI addresses. I suppose it is just that (near) globally unique site local addresses or GUPIs are not at the moment trying to solve that problem, people on the mailing list don't want financially able people to turn it into a solution to that problem, without it being designed properly. Regards, Mark. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
