Re: Distributing site-wide RFC 3484 policy

[Jun-ichiro itojun Hagino <itojun@itojun.org>]

>> 	- the entire "source address selection" stuff was a mistake.
>> 	  network has to be deployed so that any ip6_src/ip6_dst pair can go
>> 	  out of the organization somehow.
>
>That ship has sailed. Even if you could, through some kind of  
>herculian effort, make it so that only a single IPv6 address is  
>available per host rather than 1 or more for 1 or more interfaces,  
>there's going to be the issue of having both an IPv4 and an IPv6  
>address. I currently have a mail client that won't fall back to IPv4  
>if IPv6 doesn't work. That's not acceptable.

	you are talking about a separate story.  the thread is about having
	to run source-address selection between IPv6 addresses with different
	"scope" or reachability.

	and if you keep the default source address election policy table,
	it is a non-problem for me.  i see problems in the entire idea of
	"distributing policy table".

>> 	  (a) if there's some issue like uRPF in some of your ISPs, the  egress
>> 	      routers in your organization should implement source-based
>> 	      routing to workaround it.
>
>When a host has selected addresses, other boxes can't overrule that.  
>The best thing you can do is generate a quick unreachable so the host  
>can retry with a different source/dest address combination.

	normal application which makes outgoing TCP connection DOES NOT
	perform bind(2), so the application will only try all of the
	destination addresses available on the DNS, not all the src/dst pairs.

	so it would be better for us to provide connectivity to all of the
	cases in the network setup, instead of making the end node complicated
	with all of the source address selection goo.

>> 	  (b) the whole idea of ULA/ULA-x should be killed at once.
>No it shouldn't. People want it, no reasonable counter arguments have  
>been presented.

	think about it.  then why "site-local" was killed after a long long
	debate?

>> 	- alain durand said that he would prefer to have single IPv6 address
>> 	  on a node.  i would not go that far (for renumbering and multi-
>> 	  address multihoming) but i object to have addresses with different
>> 	  reachability or "scoping".
>
>You should have spoken up somewhere in the last century. This stuff  
>is a done deal today, no point in turning back halfway and turning  
>back completely is not possible at this point.

	ok, i have been using the internet since 1989 or something.  so maybe
	i'm from the stone age.

	i have NEVER deployed RFC1918 network in my home!  i paid extra JPY
	to get a small IPv4 address block instead of single IPv4 adderss,
	and i now run IPv6-only wireless segment in my home, just like we did
	for some of the past IPv6-enabled IETF meetings.

	and when i work on IPv6, i always envision to provide a better
	networking environment to everyone on the planet (6 bilion or more
	people).  i see the long-term happiness with lower admin cost than
	short-term happiness with NAT, ULA or whatever, since there are only
	a little number of people who can administer network, and we need
	to deliver the technology to those people as well.  maybe it has
	something to do with cultural background :-)

>> 	- so, there's no need for you to think about "distributing source
>> 	  address selection policy".
>
>Deciding for other people what they don't need is extremely impolite.

	is it impolite to stop people from going into a pitfall?  or do i
	keep silence and see people go into the pitfall and injured?

	we've been through all this discussion at KAME, in 1998-2000 timeframe.
	it was our failure that we did not document the discussion, but we
	normally document stuffs that we got as a "successful" outcome of the
	discussion.  they are available as RFCs or i-ds.

itojun