Correct. My statement was for the protocol, not the forwarding. That is why I made the follow-on comment about complexity. The next-hop interface's ifindex for the global destination address would have to be checked to ensure that it has the same zone ID as the interface on which the packet was received. So, it leads to more checks during forwarding AND requires the forwarding table to potentially maintain multiple next-hops for the global addresses.
I don't think that is sufficient. If all the entries in the RIB for the prefix point outside the site then you have no choice but to drop the packet on the floor.
If the sender had used a global source the packet would have made it through.
Yes. I agree that would happen. That is why it has an operational component as well. Lets say we have something like this:
+------------ Internet -------------+
| |
office1 ------ site local / ------- office2
globalA node in office1 could communicate with a node in office2 using any combination of SLs and Globals (per the existing specs) as long as both offices were in the same site. Using your example of global dest and SL src, everything is fine until the internal link breaks. Now, the source node would get back a "scope exceeded" ICMP message when the router tries to send the packet over the Internet. So now the source picks a global src to go with the GL dest. The packet may get through unless the routers or firewalls drop it when they realize that the destination is really inside but isn't reachable. If it does get through, then the source may have sent sensitive information over the Internet without encrypting it.
What I am saying is that the routing and forwarding can be made to work, but it is kludgy and a big impact on performance.
Brian
-------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
