Alain Durand wrote: > > This recent thread is stressing the fact that what is really needed is > easy access to stable address space.
... without any contingency on the existence or lack thereof of a 'higher level' address provider. > Getting this address space from an ISP, a LIR or a RIR is just a minor > variation. > The point is that this can be solved by policy and does not require to > put anything in the architecture to handle "local" addresses. The above clarification is the critical point that many people seem to miss. The value of local addresses increases as the deployment scenario gets SMALLER. An enterprise might choose to use local addresses so they can have a network numbering scheme that is independent of their ISP. However, they could probably buy this space from real global addresses if they wanted. Further, their 'network' as a whole is likely to be 'permanently' connected to the public internet. The networks that particularly benefit from local addresses are intermittently connected. Note that 'intermittent' doesn't mean a stable link that goes up and down, but that the 'logical' point of attachment (as defined by network prefix) may change, even on a daily or sub-daily basis. As it happens, the physical point of attachment may change as well. In a permanently attached network, the division between 'my inside world' and 'the outside world' is primarily a logical one. At some point (or points) we draw a line and say 'that side is in' and 'that side is out'. In a intermittently attached network this distinction is much more tangible. Inside is 'the stable bit'. Outside is 'the bit that changes and that I have no control over'. The home user / research ship / PAN wants their 'core' network to remain intact and independent of 'outside', but to have the ability to contact 'outside' if and when it exists. Side comment: Any 'inherent' security derived from local addresses is only as good as the default filtering in the internet, and it would be foolish to trust that implicitly. From a security standpoint, using a local address for internal traffic (and preventing some hosts from using any other address) is functionally equivalent to using a global for the same purpose. The core benefit of local addresses is independence from address allocation authorities (and thus a degree of stability). The price is non-routeability. -- Andrew White -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------