[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Status of <draft-hinden-ipv6-global-local-addr-00.txt>





Andrew White wrote:

>Pekka Savola wrote:
>  
>
>>That's not the complete picture.  Addresses leak.  They leak to others
>>using the local scope, but without connectivity.  I'd much prefer using
>>globals first, because falling back to globals from first trying locals
>>could take a long time (consider e.g. stupid firewalls who silently drop
>>packets).
>>
>>This should not be an important issue, but I fear in practice, it is..
>>    
>>
>
>Agreed.  There could be a long timeout on connection if we use an invalid
>address (local or global) as our first choice, and an out-of-scope local is
>theoretically guaranteed to be invalid.
>
Operational experience on a production network:
We have seen the results of those timers with different implementations.
They can be up to 3 minutes and 30 seconds per invalid address.
Multiply that by the number of 'published/leaked' addresses (v6 nodes with
multiple interfaces can have many) and you end up with an unusable system.

    - Alain.

--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to majordomo@sunroof.eng.sun.com
--------------------------------------------------------------------