[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Distributing site-wide RFC 3484 policy

To: v6ops@ops.ietf.org
Subject: Re: Distributing site-wide RFC 3484 policy
From: Arifumi Matsumoto <arifumi@nttv6.net>
Date: Wed, 25 Jul 2007 07:43:28 +0900
In-reply-to: <20070724221842.3D5C0233CB@coconut.itojun.org>
References: <46A6474E.3080302@gmail.com> <20070724221842.3D5C0233CB@coconut.itojun.org>
User-agent: Thunderbird 2.0.0.5 (Windows/20070716)

Jun-ichiro itojun Hagino wrote:

      with "global unicast" basically i assume "global reachability".

I think we discovered during the original ULA discussion
that global scope and global uniqueness do not imply
global reachability. We have no way to express VPN style
reachability using scopes.


	as i mentioned previously, VPN is about how to
	- encrypt/authenticate communication with your laptop and your
	  organization (like IBM)
	- and pretend that you are inside your organization network

	there's no real point in using, or requiring, ULA for this.
	you can just use IBM PI or PA for the IPv4/v6 address inside the
	IPsec tunnel.  i wonder what Apple corporate VPN is using - i guess
	it would be within 17.0.0.0/8.

Please think about a case like you wanna use the Internet at home and atthe same time the enterprise network via VPN connection.The address you get from the latter network is IPv6 global address butits scope is limited to the enterprise network.

Follow-Ups:
- Re: Distributing site-wide RFC 3484 policy
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)

References:
- Re: Distributing site-wide RFC 3484 policy
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: Distributing site-wide RFC 3484 policy
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)

Prev by Date: Re: Distributing site-wide RFC 3484 policy
Next by Date: Re: Distributing site-wide RFC 3484 policy
Previous by thread: Re: Distributing site-wide RFC 3484 policy
Next by thread: Re: Distributing site-wide RFC 3484 policy
Index(es):
- Date
- Thread