Re: Distributing site-wide RFC 3484 policy

[Arifumi Matsumoto <arifumi@nttv6.net>]

Jun-ichiro itojun Hagino wrote:
> > > 	so do you mean that your enterprise does not have external connectivity?
> > External connectivity isn't necessarily available for VPN users,
> > because VPN connection is usually for retrieving resources in
> > enterprise network like e-mail and web pages.
> > Even if it's available, you may not love to use degraded-quality
> > connectivity instead of not degraded one.
>
> 	but the above problem is not specific to VPN, right?
> 	- you have some connectivity from your laptop - either directly from
> 	  your laptop or via some router(s)
> 	- some connectivity is restricted compared to another, in some way
> 	  such as (a) bandwidth (b) price (c) NATed (d) slow (e) inefficient
> 	  path due to tunnelling (f) limited reachability (g) you name it.
>
> 	it really is a policy routing problem.  you have to solve it WITHOUT
> 	global knowledge.  the way you (and probably other guys) are proposing
> 	with "distribution of policy table" is, using god's point-of-view.

When you have two connectivity that have different reachability, address 
selection and routing have to be appropriately controlled to avoid 
connection failure.

When you have two connectivity that have different characterisitic, such 
as bandwidth, price, delay and you name it, isn't it clear that people 
want to use their two connectivity as they wanted to. Of course they 
don't have global knowledge, at least they have knowledge of their own 
network.