Jeroen Massar wrote: > > > ... > > > Then don't route a certain prefix. > > > > Using filtering on a single global prefix does not work when > > nodes that > > need external access are on the same segment with those > that shouldn't > > have it. Prefix filtering is the answer, but the prefix to filter is > > FEC0::/10. > > Any rationale why it should be fec0::/10 and not just a > prefix picked by the administrator from the /48 they already have? > > Firewalling is firewalling, even if one filters fec0::/10 or > 2001:db8::/32 it doesn't change a bit in implementation or use.
Yes it does. Clearly all you are thinking about is the firewall end of the issue, where it really doesn't matter. If the prefix is not well-known, it has to be manually configured into the devices that need to use it. If the site changes /48's, that means touching every one of those devices again. This is a non-starter for most system managers. They will use FEC0 & NAT if this is the solution proposed to them. Tony -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
