Re: IPv6 6to4 on site-local networks.

To:	David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Subject:	Re: IPv6 6to4 on site-local networks.
From:	Pekka Savola <pekkas@xxxxxxxxxx>
Date:	Fri, 12 Sep 2003 20:29:28 +0300 (EEST)
Cc:	netdev@xxxxxxxxxxx
In-reply-to:	<1063361813.23778.419.camel@hades.cambridge.redhat.com>
Sender:	netdev-bounce@xxxxxxxxxxx

On Fri, 12 Sep 2003, David Woodhouse wrote:
> On Fri, 2003-09-12 at 12:48 +0300, Pekka Savola wrote:
> > You might also want to check out the document which is documenting the 
> > deprecation (note, it's still a draft version, and likely to evolve a 
> > lot), to learn about some of the problems of the site-locals:
> > 
> > http://www.ietf.org/internet-drafts/draft-ietf-ipv6-deprecate-site-local-00.txt
> 
> It's interesting to see the arguments therein. I thought there might
> have been some valid ones I wasn't previously aware of, since I'm fairly
> new to IPv6. That doesn't really seem to be the case -- all the
> arguments could apply just as well to RFC1918 too.

You have this wrong assumption that IPv6 is engineered with RFC1918 in 
mind.  Site-locals were indeed that.  But the point of deprecating them 
was to get *rid of* (at least to a degree) RFC1918 addresses in IPv6.

It's no use to reply in detail, except to correct two very bad 
misunderstandings..

> Â§2.2 -- internal addresses 'leak'. Not if you apply even a modicum of
> clue. Same as RFC1918 in IPv4. You don't let packets with private source
> addresses outside your borders, and you don't put them in public DNS. 

Leakage is used to refer to a lot more than just source/destination 
addresses.  For example, addresses leak when you use a Peer-to-peer system 
behind a NAT; addresses leak when you contact to an FTP server from behind 
a NAT, etc.  Addresses leaking inside the application is a much more 
difficult problem.

> Â§2.3 -- routing is hard. Let's go shopping. You have a global internal
> network routed over crypto tunnels between multiple sites. And you can't
> handle setting up the routing? Yeah, right.

There's a lot more to it.

Consider the case when you have a router which is part of *two* sites,
each from overlapping addresses.  Routing protocols and everything would 
have to be modified to pass site identifiers in addition to the addresses.  
This looks like a simple problem but it isn't, that's for sure.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

<Prev in Thread]	Current Thread	[Next in Thread>
Re: IPv6 6to4 on site-local networks., (continued) Re: IPv6 6to4 on site-local networks., Pekka Savola Re: IPv6 6to4 on site-local networks., David Woodhouse Re: IPv6 6to4 on site-local networks., Pekka Savola Re: IPv6 6to4 on site-local networks., David Woodhouse Re: IPv6 6to4 on site-local networks., Pekka Savola Re: IPv6 6to4 on site-local networks., David Woodhouse Re: IPv6 6to4 on site-local networks., Pekka Savola Re: IPv6 6to4 on site-local networks., David Woodhouse Re: IPv6 6to4 on site-local networks., Pekka Savola Re: IPv6 6to4 on site-local networks., David Woodhouse Re: IPv6 6to4 on site-local networks., Pekka Savola <= Re: IPv6 6to4 on site-local networks., David Woodhouse Re: IPv6 6to4 on site-local networks., Pekka Savola Re: IPv6 6to4 on site-local networks., David Woodhouse Re: IPv6 6to4 on site-local networks., Pekka Savola Re: IPv6 6to4 on site-local networks., David Woodhouse Re: IPv6 6to4 on site-local networks., Pekka Savola

Previous by Date:	Re: [RFT][PATCH] Convert bluetooth to dynamic net_device., Max Krasnyansky
Next by Date:	Re: IPv6 6to4 on site-local networks., David Woodhouse
Previous by Thread:	Re: IPv6 6to4 on site-local networks., David Woodhouse
Next by Thread:	Re: IPv6 6to4 on site-local networks., David Woodhouse
Indexes:	[Date] [Thread] [Top] [All Lists]