On 2009-03-24 09:42, Ted Hardie wrote: > At 1:29 PM -0700 3/23/09, Fred Baker wrote: >> OK. So what you told me was, perhaps, that hairpinning is a concern. >> From my perspective, if a host B' in B's network tries to use one of >> its external addresses rather than preferring the address available >> behind the DMZ, it didn't correctly execute the algorithm in RFC 3484, >> which calls for it to prefer the address most similar to its own. > > I note that RFC 3484 refers to site-local, rather than ULAs. Is there work > done/underway to revise the algorithm to explain whether ULA maps exactly > to site-local?
ULAs are specifically defined to have global scope, since they can legitimately be used off-site for VPN routing with other consenting sites; the rule is that they must not be routed on the public Internet. So, no, they specifically do not map onto site local and it is normal that RFC3484 doesn't distinguish them from other forms of globally scoped addres. > Given that ULAs allowed for "informed consent" routing among > adult networks, it seems more like it gets treated/should be treated > exactly as other global scope addresses, with possibly impaired reachability. > But, as I said, I am not all sure I understand how to map my previous > understandings of scope onto this work. Well, what VPNs tell us is that the 'concentric circles' view of link, site and global scope is not an accurate model of the real world, and ULAs make this inconvenient truth hard to ignore. Brian _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
