Hi,
On Mon, 15 Sep 2003, Brian E Carpenter wrote:
> I believe RFC 2993 actually covers all the issues (including the one
> of VPNs between RFC 1918 sites, especially in section 7.6).
Thanks for the pointer. Yes, RFC 2993 seems to cover many aspects which
seem surprisingly familiar ;-), but I'm not sure if it answers questions
like : "I want to use NAT or RFC1918 for purpose X. Why shouldn't I do
it? (Why might I want to do it anyway?) What other feasible ways are
there to do it without such mechanisms?"
In other words, the document seems to cover the scenarios using a broad
overview -- it may not be applicable to the most common cases of
deployment.
But then again, I'll have to go read the RFC in detail.
> Given how difficult it was to get that RFC published, I wonder if it
> is worth the effort of writing what would efefctively be the same
> document, but with an emphasis on ambiguity instead of translation.
I can certainly envision how this could turn ugly. Could you elaborate a
bit on the difficulties that came across?
Pekka
> Pekka Savola wrote:
> >
> > Hi,
> >
> > Regarding the local addressing debate...
> >
> > I had the misfortune to having to participate in a discussion where a
> > multiple-branch (20-30+) enterprise, which has deployed private addresses
> > and network-to-network VPN's inside it, wants to start using IPv6.
> >
> > I'm wondering whether there exist any educational material why
> > RFC1918-like addressing is really *NOT* a good idea (or even, list and
> > evaluate the tradeoffs), and how to get around it. ("If one can state
> > clearly arguments why they shouldn't be doing it with IPv4, maybe it's
> > easier to convince them not to do so with IPv6").
> >
> > It seems to me that there is a very severe need for a way to enlighten
> > folks like that if we ever want to be successful..
> >
> > http://www.cs.utk.edu/~moore/what-nats-break.html is interesting, but not
> > focused enough for RFC1918-like addressing itself.
> >
> > I.e., what I'd like to see is whether anyone has written up something
> > regarding either "why local addressing would be a bad idea with IPv6", or
> > "why local addressing is a bad idea with IPv4", especially from the
> > security point-of-view.
> >
> > btw., one way to probably avoid the two-faced DNS issues with local
> > addressing is probably to simply use a different naming for internal
> > commuications like with example.com --> example.internal.
> >
> > --
> > Pekka Savola "You each name yourselves king, yet the
> > Netcore Oy kingdom bleeds."
> > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > [EMAIL PROTECTED]
> > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>
>
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
