Alan, You raised very good points. Sorry for delay. I'll try to respond to a few old threads I had to drop for a while due to other work..
On Fri, 29 Aug 2003, Alan E. Beard wrote: > > On Thu, 28 Aug 2003, Geoff Huston wrote: > > [...] > > > The likelihood of conflict exceeds 0.5 after only 1.24 million draws. I'd > > > contend that this is definitely not "small" as described in the draft. > > > > I consider this a bug. Actually, the number of draws should be smaller, > > e.g. 1000, to avoid having local addresses misused where they should not. > > > > That way, prople wouldn't get delusions to e.g. route such addresses in > > the Internet. 1.24 million draws until a probable conflict could still > > sound attractive. > > Hmmm. Was not one of the stated benefits of unique-local the uniqueness > (or near-uniqueness) of the address allocations generated by proposed > allocation algorithm? A suggestion to _deliberately_ increase the > probability of allocation conflict strikes me as a fundamental conceptual > change to the proposal. With a change of this magnitude, it seems to me > that the resulting draft would be so greatly at variance with the > conceptual basis of the Hinden original that a new, wholly independent > proposal would be in order, leaving the unique-local draft to stand or > fall of its own merit. Right. But you have to consider the applicability of these solutions. Do they aim to provide for near-uniqueness (or uniqueness through registry registrations) for local addresses, or the features required for local addressing (e.g. be able connect to your work network from home using VPN, or merge two enterprises)? As for the first, one might worry that people figure.. "gee, these things are unique, so why not route them globally now that I have them?" If they aren't unique _enough_ for that, they might not get that kind of bad ideas. On the other hand, for the second, the near-uniqueness requirement is not so strong. There is no need for everyone in the Internet to have unique local addressing -- just those who have a common local "range" (and even then, having someone to renumber now and then if there is a clash should be OK, because that's inevitably going to happen anyway at some point). > Additionally, such a suggestion, if implemented, would effectively > prohibit one of the chief *legitimate* uses of GUPI address address > allocations: routing between private networks on private (or VPN) links > under bilateral agreements between the end networks. Private routing > arrangements are considered highly desirable to enterprise network > operators (in fact, most enterprise network managers will tell you, with > quite considerable warmth, that such arrangements are indispensible); > decreased probability of uniqueness in allocations would, IMHO, leave the > unique-local proposal fatally flawed. If we wish to discourage ubiquity > in deployment of NAT6, perhaps we should look to notions other than this. Are you inferring that enterprises would route their local address spaces through a service provider, in the cleartext, and to be reachable by anyone using that ISP? That would seem extremely dangerous to me. On the other hand, having a VPN between the enterprises, the endpoints of which use _global_ addresses should be a non-issue. [snip to the end] -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
