Re: Site local

[Brian E Carpenter <brian@hursley.ibm.com>]

Iljitsch van Beijnum wrote:
> 
> On Sat, 23 Nov 2002, J. Noel Chiappa wrote:
> 
> >     > there is an interesting development in the IPv6 working group: they
> >     > reached consensus it is a good idea to look at globally unique,
> >     > non-routable (although this part was immediately challenged) address
> >     > space
> 
> > Hoo, boy, is this a dangerous move in policy terms. You can bet people that
> > get those addresses will set up a hue and cry about "why can't they be
> > routable globally"?
> 
> I'm afraid you are a bit late in offering odds, as this happened within
> seconds.  :-)

You're getting way ahead of the facts here. There's no assurance
that the IPv6 WG will reach consensus on this, no assurance that
the IESG will agree, and no assurance that the IANA will assign
whatever address space is proposed in the end.

> 
> >     > If large enterprises can use this type of address space for all their
> >     > internal stuff, renumbering becomes much easier as there are no
> >     > security issues
> 
> > I don't know about that - don't you still need globally routable addresses for
> > all machines that want to talk to the rest of the Internet - which I would
> > think would be most of them (or is everyone's desktop machine getting to the
> > Web through an intermediary)?

With new application-level mechanisms such as Web Services coming along,
IPv6 with globally routable addresses is just what we need to get away
from the broken firewall/proxy model of security. So I agree with Noel.
We need globals more than ever.

The idea of globally unique locals came up in IPv6 for a different reason-
to allow intermittently connected networks to have stable internal
connectivity *and* to establish VPNs or to merge with other similar
networks. Bogus security arguments were not used.

   Brian