[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Distributing site-wide RFC 3484 policy

To: brian.e.carpenter@gmail.com
Subject: Re: Distributing site-wide RFC 3484 policy
From: itojun@itojun.org (Jun-ichiro itojun Hagino)
Date: Wed, 25 Jul 2007 07:18:42 +0900 (JST)
Cc: v6ops@ops.ietf.org
In-reply-to: Your message of "Tue, 24 Jul 2007 20:39:10 +0200" <46A6474E.3080302@gmail.com>
References: <46A6474E.3080302@gmail.com>

> >       with "global unicast" basically i assume "global reachability".
> 
> I think we discovered during the original ULA discussion
> that global scope and global uniqueness do not imply
> global reachability. We have no way to express VPN style
> reachability using scopes.

	as i mentioned previously, VPN is about how to
	- encrypt/authenticate communication with your laptop and your
	  organization (like IBM)
	- and pretend that you are inside your organization network

	there's no real point in using, or requiring, ULA for this.
	you can just use IBM PI or PA for the IPv4/v6 address inside the
	IPsec tunnel.  i wonder what Apple corporate VPN is using - i guess
	it would be within 17.0.0.0/8.

itojun

Follow-Ups:
- Re: Distributing site-wide RFC 3484 policy
  - From: james woodyatt <jhw@apple.com>
- Re: Distributing site-wide RFC 3484 policy
  - From: Arifumi Matsumoto <arifumi@nttv6.net>

References:
- Re: Distributing site-wide RFC 3484 policy
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

Prev by Date: Re: CPE equipments and stateful filters
Next by Date: Re: Distributing site-wide RFC 3484 policy
Previous by thread: Re: Distributing site-wide RFC 3484 policy
Next by thread: Re: Distributing site-wide RFC 3484 policy
Index(es):
- Date
- Thread