[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Real life scenario - requirements (local addressing)



Just responding to a few points..

On Thu, 7 Aug 2003, Andrew White wrote:
> > > - I need some form of local addressing that is not dependent on anyone
> > > or anything connected to the global internet.
> > 
> > no, you need some form of globally unique address that isn't dependent
> > on having an external internet connection.
> 
> Nor on needing an external registration procedure.  I'd like to be able to
> turn my router on and have it all just work.  [...]

Sure, I'd not object to that either, but I could live with a registration
procedure, especially if it's made simple.

We're not talking about the registration procedure similar to obtaining
e.g. an IPv4 /26-/29 from a RIR, i.e. a huge amount of headache and pain 
(for those who are not familiar with the procedures, at least).

> > you've not shown any justification for that.  what do you care what
> > addresses are used as long as the traffic doesn't escape and/or the
> > hosts that you don't want to be accessible from outside your
> > network, aren't accessible from outside your network?
> 
> When that 6to4 address goes away, I don't want my persistent sessions to be
> forced to maintain a stale address.

Why not?  There's no problem with that, really.  You can continue using 
bogus addresses as long as you want, the problems only start appearing 
when you reconnect.

> > > I want hosts in my network to prefer global addresses when talking
> > > externally.
> > 
> > why not have them use global addresses whenever possible?  it makes the
> > applications MUCH simpler...
> 
> Because (in the current context) there's no such thing?  A local address is
> an address that promises to be filtered.  A global address is an address
> that makes no promises.

I've made a counter point several times, and some probably agree, but 
really think ANY solution which "promises" automatic filtering is a 
non-starter.

It seems totally bogus to create an assumption that someone upstream will 
just do it and rely on that.  YOU CAN'T RELY ON THAT.

So the only reasonable approach is provisioning the filtering yourself (of 
course, it won't hurt if you contract the ISP to also do it .. when you 
filter yourself, you can easily check from filter counters whether the ISP 
did it or not).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to majordomo@sunroof.eng.sun.com
--------------------------------------------------------------------