"Fred L. Templin" wrote:
>
> Brian,
>
> Brian E Carpenter wrote:
> > Pekka Savola wrote:
> >
> >>On Thu, 23 Jan 2003, Brian E Carpenter wrote:
> >>
> >>>>Substantial:
> >>>>
> >>>> This document proposes an approach to allocating IPv6 Site-Local
> >>>> address so they are globally unique and routable only inside of a
> >>>> site.
> >>>>
> >>>>==> it would be good to go a bit more in depth to how this is actually a
> >>>>problem. For some it surely isn't; if they don't need to prepare for
> >>>>site-mergers, for example.
> >>>
> >>>Can you define the class of sites that absolutely, definitely,
> >>>until the end of time, are guaranteed not to merge?
> >>
> >>Well, it depends on quite a bit about which is the usage model for
> >>site-locals. For example, home nets probably don't merge if we would
> >>mandate that site-locals should not cross home-to-office VPN's.
> >
> >
> > Let me be provocative. With proper e2e security, VPNs will become historic.
> > And one of the benefits of IPv6 is supposd to be proper e2e security,
> > as a result of having proper e2e addressing.
> >
> >
> >>But of course, there can be not absolute guarantee.
> >
> >
> > Yes. Scenario: Mum and Dad share a LAN. One day they discover
> > that young Johnny has set up his own LAN in his bedroom.
> > They connect them together, and both of them have
> > printers on FEC0::0002.
>
> Forgetting for the moment that the LANs in your example are
> probably "flat" topologies and could instead be using link-local
> addresses, how do you propose to prevent such duplicate assignments
> when disconnected/intermittently connected sites merge? Use global
> addresses always? If so, how can the global allocations be procured
> and/or maintained when the sites rarely (if ever) connect to the
> global Internet?
Certainly I'm assuming that Mum and Dad and Johnny have more than
one LAN segment so that link-local is insufficient.
The answer to your question is that I don't know, but I really can't
see a solution that doesn't involve GU prefixes.
Brian
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
