>>> Nir Arad wrote: >>> I would like to point out again, that as per my suggestion, nodes >>> MUST NOT send, receive or forward traffic in which the source and >>> destination addresses are not of the same scope. >> Michel Py wrote: >> That would some problems but appears to be unworkable to me. It's >> not flexible enough.
> Could you please give a scenario that breaks it? <-------------------- Global Addresses ----------------><- Local addr -> +-----+ | ISP | : +--+--+ : ! : +--+---------+ +----------+ +----------+ +----------+ | Router A : +--|< Firewall+--+--|< Firewall+--+--+ Router B +----+ +------------+ +----------+ | +----------+ | +----------+ | : | | | : +---+--+ +--+---+ +----+----+ : | DFZ | | Host | | Control | : | Host | +------+ | Device | : +------+ +---------+ ---Site -->:<-------------------------- Site --------------------------> : - Router A is the SBR. - DFZ hosts need to be able to talk to hosts between the internal firewall and router B, but not to the control devices. - DFZ hosts need to be able to talk to the outside. - Hosts between the internal firewall and router B need to be able to talk to everybody. - Control devices are accessible only from hosts between the internal firewall and router B. Michel. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------