[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Site local

To: "J. Noel Chiappa" <jnc@ginger.lcs.mit.edu>
Subject: Re: Site local
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 24 Nov 2002 12:54:47 +0100 (CET)
Cc: <multi6@ops.ietf.org>
In-reply-to: <200211240456.XAA09819@ginger.lcs.mit.edu>

On Sat, 23 Nov 2002, J. Noel Chiappa wrote:

>     > there is an interesting development in the IPv6 working group: they
>     > reached consensus it is a good idea to look at globally unique,
>     > non-routable (although this part was immediately challenged) address
>     > space

> Hoo, boy, is this a dangerous move in policy terms. You can bet people that
> get those addresses will set up a hue and cry about "why can't they be
> routable globally"?

I'm afraid you are a bit late in offering odds, as this happened within
seconds.  :-)

>     > If large enterprises can use this type of address space for all their
>     > internal stuff, renumbering becomes much easier as there are no
>     > security issues

> I don't know about that - don't you still need globally routable addresses for
> all machines that want to talk to the rest of the Internet - which I would
> think would be most of them (or is everyone's desktop machine getting to the
> Web through an intermediary)?

I would propose using the site local addresses for everything that is
strictly internal, and using globally routable addresses for everything
else. That way, a site wouldn't have to give its own globally routable
addresses better access than any other globally routable addresses, so
renumbering globally routable addresses no longer has any security
impact.

(This could of course also be done with current site local addresses but
this becomes a big mess when different sites connect together.)

>     > In my opinion, this along with host-multihoming solutions should be
>     > enough to lower the need for multihoming by injecting a globally
>     > visible /48 into the routing table a good deal.

> Well, there's another possibility. This fits nicely with 16+16 type
> multihoming (where the inner address is your globally unique "host
> identifier", and the outer address is currently the place to send you
> packets); the inner address could be from this space.

Yes. However, it is important to differentiate between addresses that
are unroutable by design and addresses that are unroutable because of
limitations in the routing system, as this limitation may be lifted at a
later date using exact this type of mechanism. Another question is
whether we need these addresses to have some kind of structure. If we
do, we have to speak up now.

Follow-Ups:
- Re: Site local
  - From: Brian E Carpenter <brian@hursley.ibm.com>

References:
- Re: Site local
  - From: "J. Noel Chiappa" <jnc@ginger.lcs.mit.edu>

Prev by Date: Consensus check
Next by Date: Re: Consensus check
Previous by thread: Re: Site local
Next by thread: Re: Site local
Index(es):
- Date
- Thread