RE: A follow up question
2003-04-23 11:37:26
At 01:12 PM 4/23/2003, you wrote:
So to clarify the question, do you believe the establishment of a set of
local use prefixes is the root cause of the unsolved problems that
applications developers are complaining about?
There will always be addresses which are administratively scoped,
regardless of whether those addresses are from global space, or from
RFC1918 (or equivalent) private space. That scoping will be instituted by
policy at border routers, firewalls, and even filtering mechanisms on hosts
(which may be outside the view of the applications, such as how IPTables
operates on *nix machines.) The IPv6 mechanism to give hosts a-priori
knowledge that the "site local" block is flawed in that it cannot truly
provide the scoping information, since it does not address the wider issues
associated with administrative address scoping. Indeed, the site local
mechanism reminds me in a way of Steve Bellovin's "evil" bit in his RFC
published on the first day of this month.
There will remain a need and desire for private address space, be that the
assigned "site local" block (without the "special treatment" in the
stacks), RFC 1918 space, or a combination. I think it would be useful to
decouple the issue of the special treatment of the Site Local address block
from the religious war over whether private address space and other
mechanisms sometimes associated are beneficial or not. In reviewing the
recent discussion, it is clear the two are being intertwined, and it
appears to be adding to the heat, and producing no light.
Separately, if there is genuine interest in addressing the scoping problem,
I suggest that be addressed separately. A proper effort might encompass
mechanisms to deliver indications to applications as to the scoping
limitations causing communications to be blocked, as well as wire protocol
issues to carry such signalling. In a broader sense, there is a need to
deal with signalling issues as well. There are network operators, firewall
vendors and network administrators who've been taught ICMP packets are
inherently dangerous and must be filtered. The work output of such efforts
should span the Internet Area producing standards track documents to
specify how to properly implement mechanisms in hosts, routers and
firewalls, and the Operations Area to provide BCPs giving guidance to
network administrators and service providers on the operational needs of
such issues.
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
Re: A simple question, Margaret Wasserman
Re: A simple question, Harald Tveit Alvestrand
- Re: A simple question, Keith Moore
- A follow up question, Tony Hain
- Re: A follow up question, Harald Tveit Alvestrand
- RE: A follow up question, Tony Hain
- RE: A follow up question,
Daniel Senie <=
- RE: A follow up question, John C Klensin
- RE: A follow up question, Tony Hain
- Re: A follow up question, David Conrad
- Re: A follow up question, Keith Moore
- RE: A follow up question, Tony Hain
- Re: A follow up question, Shannon -jj Behrens
- RE: A follow up question, Tony Hain
- Re: A follow up question, Shannon -jj Behrens
- RE: A follow up question, Tony Hain
- Re: A follow up question, Keith Moore
|
|
|