[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 01031) Re: Scoped Addresses
- To: don@xxxxxxxxxxxxxxxxxxxxx, usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 01031) Re: Scoped Addresses
- From: JINMEI Tatuya / 神明達哉 <jinmei@xxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 19 Nov 2001 18:27:08 +0900
- Cc: users@xxxxxxxx
- In-reply-to: <200111131326.fADDQVP01364@obelix.dgrc.crc.ca>
- Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
- References: <200111131326.fADDQVP01364@obelix.dgrc.crc.ca>
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- User-agent: Wanderlust/2.7.5 (Too Funky) Emacs/21.1 Mule/5.0 (SAKAKI)
>>>>> On Tue, 13 Nov 2001 08:26:31 -0500 (EST),
>>>>> Donald McLachlan <don@xxxxxxxxxxxxxxxxxxxxx> said:
> As part of a multinational project we are planning a network. The plan
> is to construct a private network, connected via methods including tunnelling
> through the 6Bone.
> I envisioned using a site local netowrk, but concensus seems to be to allocate
> some real addresses, and then make them unroutable from the 6Bone. Is there
> any benefit do doing it this way rather than just sharing out a site-local
> address and treating it as a multi-campus site?
You may want to check an internet-draft
"draft-itojun-ipv6-local-experiment-02.txt."
Roughly speaking, you can use either site-local or "private" global
addresses for the purposes above. However, if you go with site-locals
and you're going to make a site-border node, you should be very
careful. Also, it can even be insecure to use site-local addresses,
because one may misunderstand that site-local addresses are
automatically filtered at some border routers, which is simply not
correct. Regardless of the address scope type, we should explicitly
filter the internal addresses at the border routers. I'd rather use
global addresses to make this point clear.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei@xxxxxxxxxxxxxxxxxxxxx