On Thursday, April 24, 2003, at 05:04 PM, Eliot Lear wrote:
Nobody ignored anything. To start with, the application community has
had to work around these sorts of problems. This is why there are SIP
proxy gateways, STUN services, and MX gateways. All of these exist
due to connectivity limitations (either intentional or architectural).
It strikes me that most of the symptoms of the problem have the word
"gateway" in the name.
Talking about policy domains, it seems that there is an implicit
assumption that they are necessary. And that makes sense from a
security POV. But policy domains do not /require/ site locals or NAT.
It's just as easy (with v6...) to get global addresses and not route
them outside the domain.
Then if you conclude that policy domains are a Good Thing, or at least
Necessary Evil, then why is there all this talk to design a network
that can somehow route around them?
My point is that A sends B a third-party address C, and the policy of
the domain is "you can't route that outside my domain" then it doesn't
matter whether C is site local, global, uses DNS, or whatever. Policy
says it still won't route!
simon
--
www.simonwoodside.com -- 99% Devil, 1% Angel