Hi, On Mon, 15 Sep 2003, Brian E Carpenter wrote: > I believe RFC 2993 actually covers all the issues (including the one > of VPNs between RFC 1918 sites, especially in section 7.6).
Thanks for the pointer. Yes, RFC 2993 seems to cover many aspects which seem surprisingly familiar ;-), but I'm not sure if it answers questions like : "I want to use NAT or RFC1918 for purpose X. Why shouldn't I do it? (Why might I want to do it anyway?) What other feasible ways are there to do it without such mechanisms?" In other words, the document seems to cover the scenarios using a broad overview -- it may not be applicable to the most common cases of deployment. But then again, I'll have to go read the RFC in detail. > Given how difficult it was to get that RFC published, I wonder if it > is worth the effort of writing what would efefctively be the same > document, but with an emphasis on ambiguity instead of translation. I can certainly envision how this could turn ugly. Could you elaborate a bit on the difficulties that came across? Pekka > Pekka Savola wrote: > > > > Hi, > > > > Regarding the local addressing debate... > > > > I had the misfortune to having to participate in a discussion where a > > multiple-branch (20-30+) enterprise, which has deployed private addresses > > and network-to-network VPN's inside it, wants to start using IPv6. > > > > I'm wondering whether there exist any educational material why > > RFC1918-like addressing is really *NOT* a good idea (or even, list and > > evaluate the tradeoffs), and how to get around it. ("If one can state > > clearly arguments why they shouldn't be doing it with IPv4, maybe it's > > easier to convince them not to do so with IPv6"). > > > > It seems to me that there is a very severe need for a way to enlighten > > folks like that if we ever want to be successful.. > > > > http://www.cs.utk.edu/~moore/what-nats-break.html is interesting, but not > > focused enough for RFC1918-like addressing itself. > > > > I.e., what I'd like to see is whether anyone has written up something > > regarding either "why local addressing would be a bad idea with IPv6", or > > "why local addressing is a bad idea with IPv4", especially from the > > security point-of-view. > > > > btw., one way to probably avoid the two-faced DNS issues with local > > addressing is probably to simply use a different naming for internal > > commuications like with example.com --> example.internal. > > > > -- > > Pekka Savola "You each name yourselves king, yet the > > Netcore Oy kingdom bleeds." > > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > > > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > [EMAIL PROTECTED] > > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 > > -------------------------------------------------------------------- > > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------