ietf
[Top] [All Lists]

RE: A follow up question

2003-04-23 11:37:26
At 01:12 PM 4/23/2003, you wrote:
So to clarify the question, do you believe the establishment of a set of
local use prefixes is the root cause of the unsolved problems that
applications developers are complaining about?

There will always be addresses which are administratively scoped, regardless of whether those addresses are from global space, or from RFC1918 (or equivalent) private space. That scoping will be instituted by policy at border routers, firewalls, and even filtering mechanisms on hosts (which may be outside the view of the applications, such as how IPTables operates on *nix machines.) The IPv6 mechanism to give hosts a-priori knowledge that the "site local" block is flawed in that it cannot truly provide the scoping information, since it does not address the wider issues associated with administrative address scoping. Indeed, the site local mechanism reminds me in a way of Steve Bellovin's "evil" bit in his RFC published on the first day of this month.

There will remain a need and desire for private address space, be that the assigned "site local" block (without the "special treatment" in the stacks), RFC 1918 space, or a combination. I think it would be useful to decouple the issue of the special treatment of the Site Local address block from the religious war over whether private address space and other mechanisms sometimes associated are beneficial or not. In reviewing the recent discussion, it is clear the two are being intertwined, and it appears to be adding to the heat, and producing no light.

Separately, if there is genuine interest in addressing the scoping problem, I suggest that be addressed separately. A proper effort might encompass mechanisms to deliver indications to applications as to the scoping limitations causing communications to be blocked, as well as wire protocol issues to carry such signalling. In a broader sense, there is a need to deal with signalling issues as well. There are network operators, firewall vendors and network administrators who've been taught ICMP packets are inherently dangerous and must be filtered. The work output of such efforts should span the Internet Area producing standards track documents to specify how to properly implement mechanisms in hosts, routers and firewalls, and the Operations Area to provide BCPs giving guidance to network administrators and service providers on the operational needs of such issues.




<Prev in Thread] Current Thread [Next in Thread>