[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Distributing site-wide RFC 3484 policy



> >       with "global unicast" basically i assume "global reachability".
> 
> I think we discovered during the original ULA discussion
> that global scope and global uniqueness do not imply
> global reachability. We have no way to express VPN style
> reachability using scopes.

	as i mentioned previously, VPN is about how to
	- encrypt/authenticate communication with your laptop and your
	  organization (like IBM)
	- and pretend that you are inside your organization network

	there's no real point in using, or requiring, ULA for this.
	you can just use IBM PI or PA for the IPv4/v6 address inside the
	IPsec tunnel.  i wonder what Apple corporate VPN is using - i guess
	it would be within 17.0.0.0/8.

itojun