> Margaret Wasserman wrote: > In your model of how site-local would be used, > will there be devices that have both site-local > and global addresses?
The short answer is no, but I'd rather get into more details: There are four situations I can see: 1. For control devices that have only one interface, no, that's the point. If they also have public addresses the advantages of using site-locals are nullified. The example is these control devices in the diagram below, only one interface and only one address which is a site-local (and a link-local of course). 2. In terms of having a host located on the control devices subnet that does not have control functions and that has both a global and a site-local address, this is a double edged sword. I personally favor that it should _not_ be possible, because it would require to have public addresses on the right side of router B, which is getting half of the hacking job done. I believe this is the core of your question. The arguments I have heard in favor of making this possible are mostly economic, it basically saves a router interface. When viewed from layer 8 or 9, it does not matter so I would say unless someone else argues for it the answer should be no, in other words no exception to the control devices setup explained in 1. 3. Now there could be hosts that act as proxies, even though they do not route packets. In the diagram below, Router B could be a host instead of a router, that will naturally be the only one able to access directly the control devices. However, this is one interface with public addresses and another one with site-locals, and I don't see the difference with a router in terms of the scope of the addresses, except that there is no routing. 4. Routers, yes. In the diagram below, it is clear that B will have a site-local address on the right side and a global address on the left side. Hope this answers the question. Michel. <------------------- Global Addresses ---------------><-- SL addr --> +-----+ | ISP | +--+--+ ! +--+-------+ +----------+ +----------+ +----------+ | Router A +--+ Firewall +--+--+ Firewall +--+--+ Router B +----+ +----------+ +----------+ | +----------+ | +----------+ | | | | +---+--+ +--+---+ +----+----+ | DFZ | | Host | | Control | | Host | +------+ | Device | +------+ +---------+ <---------------------- Network ----------------------> -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------