On Wed, 27 Aug 2003 12:50:01 +1000
Andrew White <[EMAIL PROTECTED]> wrote:
> I agree with Brian - the security issues are not the driving force in local
> addressing.
>
> The requirements I want are simple:
>
> * I want to be able to create prefixes ex-nihilo (from nothing), without
> involving the user, the internet, or anything other than my router or
> collection of routers.
>
> * I want an acceptable level of uniqueness from these prefixes, so that I
> can connect (physically or via VPN) on such network to another without
> worrying about address collision.
>
> * I want "internal" applications to be able to keep communicating with each
> other regardless of the presense or absence of connections to the global
> internet or to other clusters of self-configuring routers.
>
> The 'filtering' requirement is not driven by security, but by a realisation
> that any self-created prefix is not going to fit within the aggregable PA
> architecture of the current internet. Thus, to protect the routing tables
> we need to filter the self-created space.
>
>
> Given these requirements, even the Hinden / Carpenter draft doesn't
> completely fulfil them, since it requires manual configuration of the prefix
> (via an algorithm, but it's still 'manual') and a mechanism to propagate
> that prefix within the local network. So far the best solution I've seen is
> to take a /12 prefix (I've been using fef0::/12, but fdf:://12 would work as
> well), append a MAC or EUI-48 (to /60) and still have four bits left over if
> you need to subdivide further (eg to generate prefixes for interfaces
> without an EUI-48 or MAC).
>
> The only drawback here is that each router generates a prefix that is only
> aggregable at the /60 (per-router) level and the /12 (universal) level, but
> since this is designed for self-contained ad-hoc networks with at the
Why are you assuming an "ad-hoc network with at the extreme a couple of hundred nodes"
?
I consider your requirements to be equally applicable to an architected enterprise (or
other large) network supporting 1000s, 100 000s or even millions of nodes, which is
likely to contain a larger number of routes such that route aggregation is attractive
for network stability reasons, or even necessary to cope with equipment limitations.
Only being able to aggregate within the network at between /60 - /64 really limits the
usefulness of aggregation.
I do like the idea of autoconfiguration, but in larger networks, it can start to work
against you - your network can start doing things behind your back that make it
terrible to diagnose faults.
<snip>
Regards,
Mark.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
