On 2007-07-25 00:53, Jun-ichiro itojun Hagino wrote:
Please think about a case like you wanna use the Internet at home and at the same time the enterprise network via VPN connection. The address you get from the latter network is IPv6 global address but its scope is limited to the enterprise network.as i mentioned previously, VPN is about how to - encrypt/authenticate communication with your laptop and your organization (like IBM) - and pretend that you are inside your organization network there's no real point in using, or requiring, ULA for this. you can just use IBM PI or PA for the IPv4/v6 address inside the IPsec tunnel. i wonder what Apple corporate VPN is using - i guess it would be within 17.0.0.0/8.so do you mean that your enterprise does not have external connectivity? how do you use Google from your enterprise, for instance?
Today, I fear it is often NATted. Obviously that is not the future.
I expect to see many enterprises use ULA for internal traffic
and PA or PI for Google. But I was actually thinking about VPNs between
business partners, which create "fingers" of reachability for small
subsets of address space that are shared by pairs of enterprises.
This can get very complex when many companies have mutual business
relationships. I can't even think how to draw it in ASCII art.
Brian