[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
[Sorry for the delay in responding, I'm still catching up after
vacation...]
On Jul 16, 2007, at 3:36 AM, Brian E Carpenter wrote:
The alternative approach is that the necessary policy and preference
table is automatically distributed to all hosts in the site from
a central point; that would of course require overhead in every host
(but RFC 3484 already assumes such overhead).
Unfortunately, distributing policy is NOT the same as having an
effective policy. In an enterprise of any significant size, the
number of hosts that is not completely under the control of the local
administration can be quite large. Those host may or may not comply
with the policy as distributed, either due to non-implementation of
the policy mechanisms, incorrect implementation, or outright
malfeasance.
Yes, I realize that this is analogous to the architecture argument
about firewalls vs the end-to-end principle that we've debated for
about 20 years now and still do not have consensus on. No, I don't
mean to reopen that. I will point out that the practical necessity
for firewalls does exist, and therefore the facilities exist in reality.
Similarly pragmatic thinking suggests that enterprise administrators
will take whatever steps necessary to ensure that they have a proxy
solution. Given that, it would be greatly preferable in my mind if
we architected the solution rather than letting it evolve.
Tony
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg