> Margaret Wasserman wrote:
> In your model of how site-local would be used,
> will there be devices that have both site-local
> and global addresses?
The short answer is no, but I'd rather get into more details:
There are four situations I can see:
1. For control devices that have only one interface, no, that's the
point. If they also have public addresses the advantages of using
site-locals are nullified. The example is these control devices in the
diagram below, only one interface and only one address which is a
site-local (and a link-local of course).
2. In terms of having a host located on the control devices subnet that
does not have control functions and that has both a global and a
site-local address, this is a double edged sword. I personally favor
that it should _not_ be possible, because it would require to have
public addresses on the right side of router B, which is getting half of
the hacking job done.
I believe this is the core of your question. The arguments I have heard
in favor of making this possible are mostly economic, it basically saves
a router interface. When viewed from layer 8 or 9, it does not matter so
I would say unless someone else argues for it the answer should be no,
in other words no exception to the control devices setup explained in 1.
3. Now there could be hosts that act as proxies, even though they do not
route packets. In the diagram below, Router B could be a host instead of
a router, that will naturally be the only one able to access directly
the control devices. However, this is one interface with public
addresses and another one with site-locals, and I don't see the
difference with a router in terms of the scope of the addresses, except
that there is no routing.
4. Routers, yes. In the diagram below, it is clear that B will have a
site-local address on the right side and a global address on the left
side.
Hope this answers the question.
Michel.
<------------------- Global Addresses ---------------><-- SL addr -->
+-----+
| ISP |
+--+--+
!
+--+-------+ +----------+ +----------+ +----------+
| Router A +--+ Firewall +--+--+ Firewall +--+--+ Router B +----+
+----------+ +----------+ | +----------+ | +----------+ |
| | |
+---+--+ +--+---+ +----+----+
| DFZ | | Host | | Control |
| Host | +------+ | Device |
+------+ +---------+
<---------------------- Network ---------------------->
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
