[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Distributing site-wide RFC 3484 policy
Jun-ichiro itojun Hagino wrote:
I understood your opinion in one sense, but there might have been
problematic cases with reality.
some part are same as Brian, and we has been tried to write in the
Problem statement
- Currently we already have coexistence of VPN access and Global
Internet Access in a site
as i respnoded to Brian this is a non-issue.
I replied about this point in another email.
- demands for controlling prefixes exists in some cases
this has to be done sorely with routing table using ip6_dst, nothing
else. if you use ip6_src for controlling routing, you will go into
paradise of "policy routing" that is, basicaly, a pitfall towards hell.
I think you've already mentioned the benefit of policy routing, haven't
you ? As far as the source address is used for some reasons, such as
routing and access control, I believe there should be demand for control
the source address to be chosen.
- demands for controlling v4-v6 preference
maybe, but what would you need more than "IPv6 then IPv4"?
At least, I know there is a motivation for smooth transition
to IPv6, such as,
IPv4 only
-> IPv4 and IPv6 with lower preference
-> IPv4 and IPv6 with higher preference
-> IPv6 only.
Another case may be a network administrator knows that the
quality of IPv6 connectivity is clearly worse than that of
IPv4 because of tunneling or something.