At 03:50 PM 4/20/2003, Stephen Sprunk wrote:
Thus spake "Daniel Senie" <dts(_at_)senie(_dot_)com>
> At 01:00 PM 4/20/2003, Richard Carlson wrote:
> >The question is - how do we provide some feedback to apps that
> >they are trying to cross a scope boundary that it's a permanent error
> >condition (5xx in SMTP verbiage)? One proposed notification
> >method is the site-local prefix. Other methods can be created, but
> >something needs to be done and simply killing site-locals and
> >ignoring the underlying scoping issue is a non-starter.
>
> You mean aside from applications understaning that an ICMP
> Destination Unreachable / Administratively Prohibited response from
> the site firewall?
Many firewalls simply drop packets which are prohibited without sending ICMP
responses, not to mention all the places that filter all ICMP
indiscriminately.
Agreed, however: a) on the "protected" side of a firewall (for those
firewalls that are configured for an "inside" and an "outside") this might
not be the case as often, and b) if there's a strong need for appropriate
ICMP responses to make IPv6 function well, then an RFC stating as much
could be published. Firewall vendors could choose whether to implement
such, but if that's an enabler for functionality then customers of such
vendors will raise their voices.
> For that matter, IPv6 machines arguably could try their Site Local
> address and be given that same feedback from the border router or
> firewall, and use the response as an indication to go use their assigned
> global address.
The vast majority of applications do not pick their source address, nor is
there a compelling reason for them to do so. A large number of applications
don't even handle multiple destination addresses properly, so expecting this
additional intelligence for the source address is irrational.
At which point they might as well just select their global address unless
the destination address for a service is site local. This decision could
(should?) be in the hands of the IP stack, unless the application
specifically asks for such control.