[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-huitema-multi6-ingress-filtering-00.txt
Hi Brian,
thanks for your comments,
see below...
El 03/11/2004, a las 10:10, Brian E Carpenter escribió:
This is useful. Just a couple of comments:
The topology features two hosts, X and Y, whose respective sites
are
both multi-homed. Host X has two global IPv6 addresses, which we
will note "A:X" and "B:X", formed by combining the prefixes
allocated
by ISP A and B to "site X" with the host identifier of X.
Similarly,
Y has two addresses "C:Y" and "D:Y".
Note that "X" in A:X and B:X need not be the same bit string-
more correctly you should perhaps refer to A:X1 and A:X2,
where X1 and X2 are two different interface identifiers for host X.
ok, i'll fix that
Same for Y of course (and in
draft-huitema-multi6-addr-selection-00.txt).
same
I don't think this changes the argument at all.
agree
Single site exit router versus DMZ:
I think there is a third case that you haven't considered, which is
a multi-site enterprise network. I have to draw it:
ISP A ---ISP B--- ISP C
\ / \ /
\ / \ /
------------ ------------
| DMZ 1 | | DMZ 2 |
------------ ------------
| |
| |
------------ IGP ------------
| sub-site 1 |-----------| sub-site 2 |
------------ ------------
In this scenario, prefix A, B or C may be in use at either
of the subsites and a packet from subsite 1 with source
prefix C may end up in DMZ 1. (Just the same if you have a
single site exit router instead of a DMZ.) In this case,
I think tunnels between the two DMZs (or exit routers)
are inevitable.
agree.
do you mind if i include this example (verbatim) in the next version of
the draft?
Thanks, marcelo
This is a real scenario.
Brian
------------------------------------------
Please note that my former email address
mbagnulo@ing.uc3m.es is no longer in use
Please send mail to:
marcelo at it dot uc3m dot es
------------------------------------------