RE: NAT != SL (Was: RE: CONSENSUS CALL: Deprecating Site-Local Addressing)

[Richard Carlson]

I agree with Christian on this point.  Communications should only be 
allowed between nodes when the src & dst address scope match.  Doing 
otherwise makes it hard/impossible for bi-directional flows to operate 
without a lot of special knowledge.

Rich

At 10:45 AM 4/3/03 -0800, Christian Huitema wrote:
If we are serious about NAT != SL, then we should enforce it. Clearly,
we cannot send the protocol police and whack every market driven
designer of a NAT, but we can perform "collective enforcement", i.e.
design our specification in such a way that misusing site local in a NAT
configuration is guaranteed to break every application, and thus that
any attempt to deploy an IPv6 NAT using site local will be a deployment
nightmare.
Suppose for example that we change our spec to forbid any communication
between addresses of different scopes. This can be enforced by senders
(refuse to send a packet if dest scope != source scope), routers or
firewalls (drop packet if srce and dest scope don't match), and
receivers (drop incoming packet if srce and dest scope don't match). You
don't need to enforce it in every host and every router to be effective:
just enforce in in a significant fraction of the hosts makes sure that
any attempt to use the forbidden pattern will be very unreliable.
This simple suggestion will in fact prevent using SL in the NAT
scenario, as at some point the scenario relies on communication between
an SL addressed source (e.g. a client) and a globally addressed
destination (e.g. a web site).
I think that we should enforce this requirement whether we maintain site
local or find a replacement for disconnected sites.
-- Christian Huitema

--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
------------------------------------

Richard A. Carlson                              e-mail: [EMAIL PROTECTED]
Network Research Section                        phone:  (630) 252-7289
Argonne National Laboratory                     fax:    (630) 252-4021
9700 Cass Ave. S.
Argonne,  IL 60439
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------