On Fri, Apr 04, 2003 at 06:16:45PM +1000, Andrew White wrote: > Let's ask a different question. Would the following be acceptable:
I like the direction Andrew is taking, but how about an alternative set of rules which will cope with multiple scopes a bit better. The precise meaning of 'scope' has to be clarified of course, but I imagine it can be derived from the top few bits easily enough. * A node sending a packet MUST use an source address in the same scope as the destination address (except for Neighbour Discovery purposes) * A router MUST NOT forward a packet with different source address and destination address scopes, and MUST NOT forward a packet to an address of different scope than the packets source/destination address scope. * A router MUST NOT advertise a prefix or a route to a prefix on an interface which does not have an address with the same scope as that prefix. These rules implicitly prevent site-scope packets and routes from leaking beyond the site. Note, for example, that since the site-edge routers won't have SL addresses on their outside interface, they won't leak SL traffic, and since core routers won't have GUPI addresses, they won't transmit SL traffic anyway. If it is necessary to connect a site across the Internet, this can be done by VPNing / tunnelling. -----Nick -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
