[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-huitema-multi6-ingress-filtering-00.txt
- To: Multi6 <multi6@ops.ietf.org>
- Subject: Re: I-D ACTION:draft-huitema-multi6-ingress-filtering-00.txt
- From: Brian E Carpenter <brc@zurich.ibm.com>
- Date: Wed, 03 Nov 2004 10:10:01 +0100
- In-reply-to: <200410191147.HAA14229@ietf.org>
- Organization: IBM
- References: <200410191147.HAA14229@ietf.org>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
This is useful. Just a couple of comments:
The topology features two hosts, X and Y, whose respective sites are
both multi-homed. Host X has two global IPv6 addresses, which we
will note "A:X" and "B:X", formed by combining the prefixes allocated
by ISP A and B to "site X" with the host identifier of X. Similarly,
Y has two addresses "C:Y" and "D:Y".
Note that "X" in A:X and B:X need not be the same bit string-
more correctly you should perhaps refer to A:X1 and A:X2,
where X1 and X2 are two different interface identifiers for host X.
Same for Y of course (and in draft-huitema-multi6-addr-selection-00.txt).
I don't think this changes the argument at all.
Single site exit router versus DMZ:
I think there is a third case that you haven't considered, which is
a multi-site enterprise network. I have to draw it:
ISP A ---ISP B--- ISP C
\ / \ /
\ / \ /
------------ ------------
| DMZ 1 | | DMZ 2 |
------------ ------------
| |
| |
------------ IGP ------------
| sub-site 1 |-----------| sub-site 2 |
------------ ------------
In this scenario, prefix A, B or C may be in use at either
of the subsites and a packet from subsite 1 with source
prefix C may end up in DMZ 1. (Just the same if you have a
single site exit router instead of a DMZ.) In this case,
I think tunnels between the two DMZs (or exit routers)
are inevitable.
This is a real scenario.
Brian