Margaret,
> - How will these addresses be allocated and/or generated? Charlie Perkins has proposed a perfectly good way. > - Will enterprises end up paying their ISPs to route these > addresses globally? They will try if there is a chance it works. > - If so, we need an aggregable way to allocate/generate > these addresses, so that they won't cause > explosive growth of the IPv6 core routing tables. Not good enough. This would simply trigger people that want private addresses to use 2002:0A00::/24 instead of site-locals and problems will remain. The lack of global routability of site-local addresses is a feature, not a bug. > - If not, then we can probably just allocate these > addresses sequentially and/or randomly. Sequentially guarantees uniqueness. > For the home environment, it would be nice to be able > to ship nodes that are configured, by default, only to > be accessible locally -- i.e. storage devices or home > security systems (I'm actually not that worried that > hackers will use my printer :-)). That's what link-locals are for. If you want to have several subnets in your home (why?), it requires multiple hubs or a switch with VLAN capabilities. It also requires routing between subnets, which implies that this $100 Linksys actually is a L3 switch; sometime maybe but not tomorrow morning. This kind of setup is unlikely to be configured by unsophisticated users, and at that point configuring manually a site-local and RAs would be a no-brainer. > Since these devices will be installed and used by > fairly unsophisticated users (like me :-)) who do > not want to set-up firewalls, ACLs and split DNS > to protect their resources, it would be good if > there were a way for these addresses to recognize > certain prefixes as inherently "local", and only > accept traffic from nodes with addresses within > those prefixes. - Single-subnet, use link-local. - Multiple subnets, this requires some configuration in terms of VLANs anyway and if you can configure VLANs you don't have a problem going to Charlie's server to get your site-local prefix. - Site-locals to VPN to the office: Either the office will provide you with some SLs part of their block, or they will want to know what your prefix is (for ACLs), which in both cases turns out that you have to configure SLs manually. I can't find a reason why you would want site-locals to be automatically configured, and this point has been made before here. Michel. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
