Thinking differently about the site local problem (was: RE: site local a

Tony,

I've been trying to get my mind around the various issues here, 
and I keep getting back to the same place, so I think I need to 
embarrass myself by making a proposal that I find frightening.
Let's assume, as I think you have suggested, that SL is all 
about local addresses and filtering, and not about some special 
prefix that applications need to recognize.  I'm still not sure 
I believe that, but let's assume it is true and see where that 
takes us.
Let's also remember the long path that got us to CIDR and 1918. 
Our original position was that anyone using TCP/IP (v4) should 
have unique address space.  I remember many discussions in which 
people were told "don't just grab an address on the theory that 
you would never connect. Our experience has been that, sooner or 
later, you might connect to the public network, or connect to 
someone else who has used 'private' (or 'squatter') space... 
unique addresses will save you, and everyone else, a lot of 
trouble".  In that context, 1918 and its predecessors came out 
of two threads of developments:
        * we were running short of addresses and wanted to
        discourage unconnected (or hidden) networks from using
        up public space and
        
        * we hoped that, by encouraging such isolated networks
        to use some specific address ranges, those ranges could
        be easily and effectively filtered at the boundaries.

We can debate how well either really worked, or what nasty 
side-effects they caused, but probably it makes little 
difference in the last analysis except to note that, no matter 
what we do, leaks happen.
Now one of the problems IPv6 was supposed to solve was "too 
little address space" or, more specifically, our having to make 
architecturally bad decisions on the basis of address space 
exhaustion.  I hope we have solved it.  If we haven't, i.e., if 
the address space is still too small, then the time to deal with 
that issue is right now (or sooner), before IPv6 is more broadly 
deployed (and it better be variable-length the next time, 
because, if we are conceptually running short of space already, 
it would be, IMO, conclusive proof that we have no idea how to 
specify X in "X addresses will be enough").
But suppose we really do have enough address space (independent 
of routing issues).  In that context, is site local just a 
shortcut to avoid dealing with a more general problem?  Should 
we have a address allocation policy that updates the policies of 
the 70s but ignores the intermediate "we are running out" steps? 
Should I be able to go to an RIR and ask for unique space for an 
isolated network, justify how much of it I need, and get it -- 
with no promises that the addresses can be routed (and, 
presumably, without pushing a wheelbarrow full of dollars/ 
euros/ yen/ won/ yuan/...)?
Of course, this takes us fairly far onto the path of having to 
think about multihomed hosts, not just multihomed LANs, but, as 
others have pointed out, the notion of multiple addresses (or 
multiple prefixes) for a given host (or interface) takes us 
rather far down that path anyway.  Figuring out which address to 
use is a problem we need to solve, with or without SL, or the 
whole idea of multiple addresses on hosts, especially dumb 
hosts, is going to turn out to be a non-starter.  And, as Louis, 
Noel, and others have pointed out, it is hard.   But, if we can 
find a solution, even one that is just mostly locally-optimal 
and that fails occasionally, then it seems to me that your 
position ultimately gives no advantages to a reserved site-local 
form over unique, but non-routable, addresses.  The advantages 
of the latter appear obvious, starting with being able to 
identify the sources of address leaks and the notion that 
routability is a separate negotiation with providers (and their 
peers and other customers) and not an RIR responsibility.
That would leave another topic which I consider separate: 
whether we ought to create some number of 1918-like addresses 
that organizations that are really isolated (not connected even 
with other prefixes) can use without needing to have a 
negotiation with an RIR.  The answer, I think, is probably 
"yes", but it really is a policy question, not a technical one. 
And, on the above model, an ISP offering service (and prefixes) 
to an enterprise could be expected to insist that the enterprise 
not be using any of those isolated addresses in their local 
environment.
I obviously don't understand all of the issues here well enough. 
But the traffic of the last few days has left me with the strong 
impression that SL may be an answer to the wrong question.  If 
so, is the suggestion above closer to the right question?
And, unfortunately, since this approach involves a change in the 
advice the IETF gives the RIRs, it probably does belong on the 
IETF list and not that of a WG.
regards,
    john