Excellent scenario, and a simple solution: The administrator needs to define 2 address scopes.
The control device has an address in scope 1. The host has addresses in both scopes 1 and 2, as well as a global unicast address. The DFZ host has an address of scope 2, and a global unicast address. All requirements met. Regards, -- Nir Arad ----- Original Message ----- From: "Michel Py" <[EMAIL PROTECTED]> To: "Nir Arad" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 6:29 PM Subject: RE: Geoff Huston's draft and the intended use of the hinden/templin address space > >>> Nir Arad wrote: > >>> I would like to point out again, that as per my suggestion, nodes > >>> MUST NOT send, receive or forward traffic in which the source and > >>> destination addresses are not of the same scope. > > >> Michel Py wrote: > >> That would some problems but appears to be unworkable to me. It's > >> not flexible enough. > > > Could you please give a scenario that breaks it? > > > <-------------------- Global Addresses ----------------><- Local addr -> > +-----+ > | ISP | : > +--+--+ : > ! : > +--+---------+ +----------+ +----------+ +----------+ > | Router A : +--|< Firewall+--+--|< Firewall+--+--+ Router B +----+ > +------------+ +----------+ | +----------+ | +----------+ | > : | | | > : +---+--+ +--+---+ +----+----+ > : | DFZ | | Host | | Control | > : | Host | +------+ | Device | > : +------+ +---------+ > ---Site -->:<-------------------------- Site --------------------------> > : > > - Router A is the SBR. > - DFZ hosts need to be able to talk to hosts between the internal > firewall and router B, but not to the control devices. > - DFZ hosts need to be able to talk to the outside. > - Hosts between the internal firewall and router B need to be able to > talk to everybody. > - Control devices are accessible only from hosts between the internal > firewall and router B. > > Michel. > > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
