Tony Hain [mailto:[EMAIL PROTECTED] wrote: > Jeroen Massar wrote: > > > > ... > > > > Then don't route a certain prefix. > > > > > > Using filtering on a single global prefix does not work when > > > nodes that > > > need external access are on the same segment with those > > that shouldn't > > > have it. Prefix filtering is the answer, but the prefix > to filter is > > > FEC0::/10. > > > > Any rationale why it should be fec0::/10 and not just a > > prefix picked by the administrator from the /48 they already have? > > > > Firewalling is firewalling, even if one filters fec0::/10 or > > 2001:db8::/32 it doesn't change a bit in implementation or use. > > Yes it does. Clearly all you are thinking about is the firewall end of > the issue, where it really doesn't matter. If the prefix is not > well-known, it has to be manually configured into the devices > that need > to use it. If the site changes /48's, that means touching every one of > those devices again. This is a non-starter for most system managers. > They will use FEC0 & NAT if this is the solution proposed to them.
I am not thinking about the firewalling end, I am thinking about why the heck did we change the address space to 128bits if the IP's are still not globally unique, which SL imply. Fortunatly Andrew White just pointed out these two: draft-hinden-ipv6-global-site-local-00.txt draft-white-auto-subnet-00.txt And I do see a future in these, but not in the current setup for SL. See "RE: alternatives to site-locals?" Message-Id: <[EMAIL PROTECTED]> Greets, Jeroen -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
