[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Distributing site-wide RFC 3484 policy



On 26-jul-2007, at 16:17, Jun-ichiro itojun Hagino wrote:

	what i've said is, it MAY NOT best to use ADDR-A to go out from
	ISP-A!

Well, then make a policy entry that tells the host what is the best
combination.

	but again, you have no idea what is *the best* combination.

Not in all cases, but someimes, I do.

	you are, again, missing my point.  i have been against of the idea of
	- having addresses with different reachability, including site-local
	  and ULA (which is zombie of site-local)
	- having to control selection of those addresses in the end node,
	  i.e. source address selection policy table
	- and to make it worse, the need of deploying policy table into the
	  organization nodes
	got an idea?

Hm, could it be that the problem you foresee is where www.example.com has both global::/128 and ula::/128 where people from outside are supposed to connect to the global address and people from the inside to the ula address?

Although I can see one or two cases where people may want this, I would agree that such a setup is a bad idea. However, if you have www.example.com with global::/128 and secret-internal- only.example.com with ula::/128 that would make sense and not cause problems.