Re: Distributing site-wide RFC 3484 policy

[YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org>]

Hello.

In article <20070728.050316.783372127.fujisaki@syce.net> (at Sat, 28 Jul 2007 05:03:16 +0900 (JST)), (Tomohiro -INSTALLER- Fujisaki/藤崎 智宏) <fujisaki@syce.net> says:

>  | Anyway, the draft contains a horrible error, at least.
>  | We CAN NEVER specify zone-index from outside the box.  It MUST be removed.
> 
> I'm not sure why the error(?) is 'horrible', but we discussed about
> 'zone-index' in DHC wg ML.
> 
> http://www1.ietf.org/mail-archive/web/dhcwg/current/msg04683.html
> 
> If the site administrator knows the detail of a client, it may be
> possible to specify that value for the client.

You CANNOT specify "zone" itself from out of the box.

If an implementation supports a kind of "zone" in policy,
the node may want to restrict the rule only on that "interface"
(or zone) which the dhcpv6 message has arrived, but no other way.

Server may ask the node to restrict the policy within the interface,
but it cannot ask the end-node to use another specific interface.

Or, are you suggesting to have mapping between fake "zone-index" and the
real one?


Anyway, I'd say, you CANNOT distrubute the polocy itself, but you could
suggest a "hint" to end-nodes, with "virtual precedence" (or "relative
precedence"), "virtual label" and "virtual zone-index" (or "zone label").


Regards,

--yoshfuji