Re: Distributing site-wide RFC 3484 policy

[itojun@itojun.org (Jun-ichiro itojun Hagino)]

> >> - demands for controlling prefixes exists in some cases
> > 
> > 	this has to be done sorely with routing table using ip6_dst, nothing
> > 	else.  if you use ip6_src for controlling routing, you will go into
> > 	paradise of "policy routing" that is, basicaly, a pitfall towards hell.
> 
> I think you've already mentioned the benefit of policy routing, haven't 
> you ? As far as the source address is used for some reasons, such as
> routing and access control, I believe there should be demand for control
> the source address to be chosen.

	just as a last resort, when things like uRPF gets in your way.

	i guess i do not need to talk about what "policy routing" is, but
	here goes.

	without policy routing, the routing table would be a mapping between
	2^128 ip6_dst to 2^128 gateways or neighbors.

	with policy routing, the mapping would be from (2^128 ip6_dst) x
	(2^128 ip6_src) to 2^128 gateways or neighbors.  normally people
	describe it by having 2 mapping tables, and you can get conflicting
	results due to those 2 tables.  it is a never-ending maze.

> > 	maybe, but what would you need more than "IPv6 then IPv4"?
> 
> At least, I know there is a motivation for smooth transition
> to IPv6, such as,
> IPv4 only
>   -> IPv4 and IPv6 with lower preference
>    -> IPv4 and IPv6 with higher preference
>     -> IPv6 only.

	you are assuming that you are watching everything over from the sky,
	high above, like god.  that is not how we made largely-distributed
	system, the Internet, work.

> Another case may be a network administrator knows that the
> quality of IPv6 connectivity is clearly worse than that of
> IPv4 because of tunneling or something.

	you just have to switch to better IPv6 provider.

itojun