>>> Nir Arad wrote:
>>> I would like to point out again, that as per my suggestion, nodes
>>> MUST NOT send, receive or forward traffic in which the source and
>>> destination addresses are not of the same scope.
>> Michel Py wrote:
>> That would some problems but appears to be unworkable to me. It's
>> not flexible enough.
> Could you please give a scenario that breaks it?
<-------------------- Global Addresses ----------------><- Local addr ->
+-----+
| ISP | :
+--+--+ :
! :
+--+---------+ +----------+ +----------+ +----------+
| Router A : +--|< Firewall+--+--|< Firewall+--+--+ Router B +----+
+------------+ +----------+ | +----------+ | +----------+ |
: | | |
: +---+--+ +--+---+ +----+----+
: | DFZ | | Host | | Control |
: | Host | +------+ | Device |
: +------+ +---------+
---Site -->:<-------------------------- Site -------------------------->
:
- Router A is the SBR.
- DFZ hosts need to be able to talk to hosts between the internal
firewall and router B, but not to the control devices.
- DFZ hosts need to be able to talk to the outside.
- Hosts between the internal firewall and router B need to be able to
talk to everybody.
- Control devices are accessible only from hosts between the internal
firewall and router B.
Michel.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
