Hi,
On Wed, Aug 27, 2008 at 10:51:04AM +0200, Rémi Després wrote:
> >What is "internal to external" is inevitably "external to internal" to
> >someone else.
> >
> >How do you solve "tunneling is permitted if solicited from the inside" for
> >the
> >
> > Host A --- CPE A ----[Internet]---- CBE B --- Host B
> >
> >case?
>
> In my understanding, there is no ambiguity.
[..]
>
> Filtering control, if not dministrative, should always come from the
> internal side (from A to CPE A, from B to CPE B).
Staying in the context of the original discussion: if you want to permit
tunneled packets for IPv6 (or other) purposes, but at the same time insist
that "packets must be solicited from the internal side", how do you make
the scenario above work?
That was my whole point. The argument "the CPE will know what the host
wants to receive" doesn't work for enduser-to-enduser traffic, unless
you have a signalling mechanism. Or you just permit tunnels.
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 128645
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Attachment:
pgplWgcaEe6wQ.pgp
Description: PGP signature