On Tue, Aug 09, 2005 at 05:57:15PM +0900, Arifumi Matsumoto wrote: > Sorry for my late comment. > This is what I told Tim after dhc session, though. > > On 2005/08/03, at 16:33, Francis Dupont wrote: > > > In your previous mail you wrote: > > > > In a managed DHC environment, privacy addresses can be returned by DHCPv6 > > for client use, but my reading of RFC3315 suggests (section 12) that the > > request is client initiated, which implies there should/could be some > > policy > > that could be distributed by DHCP itself to hint to the client that it > > can > > make the request. > > > > I appreciate Keith's point that per-application (non) usage may also be > > desirable, but there is an API being proposed for that? It should > > probably > > have some relationship to the site policy though? > > > > => this point is supposed to be solved by RFC 3484 and related APIs but: > > - the private/public address switch (rule 7) is not in the policy table > > - related APIs assume that every applications were changed in order to > > use them (so they are nearly useless). > > > > Regards > > Of course, the privacy/public address switch isn't in the policy table, > you can control it by configuring policy table in not a beautiful way. > > It's too simple. Just put a privacy address with 128-bit prefix-len > into the policy table. > > Prefix Prec Label > 2001:db8:1:1:a:b:c:d/128 1 1 <-- privacy address > 2001:db8:1:1::/64 10 2 > ::/0 10 2 > > In this case, the privacy address won't be used anymore to any dst by > default address selection. > > Alternatively, you can specify public address with 128-bit prefix-len > and can prioritize public address over privacy one, or vice versa. > > Prefix Prec Label > 2001:db8:1:1:a:b:c:d/128 10 2 <-- public address > 2001:db8:1:1::/64 1 1 > ::/0 10 2 > > In this case, the privacy address will be used to connect to the hosts > on the same link, though. > > As a privacy address is re-generated periodically, the policy table has > to be updated accordingly in the former case.
This seems a bit ugly though (should be a way to refer to privacy address so that you don't need to update the policy table yourself whenever you get a new privacy address), and I think whether to use privacy source address is mainly an application decision. There is a proposed socket API for this which I think is more useful. My main concern with applications and privacy addresses are applications that get all addresses on an interface and then pass one or more of those at the application layer to someone else (e.g. referrals). How does it know which to pass. When an application gets a list of all addresses on an interface, how does it determine which are privacy addresses and which are not. I also believe it would be useful to have a way the kernel can tell an app that the addresses on an interface has changed. This would be useful for privacy addresses and also for renumbering. E.g. something like the netlink socket stuff which some systems use to tell applications of routing changes. Stig -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
