Le Jeudi 11 Mai 2006 09:30, vous avez écrit : > > This assumes that one may use an ULA (IPv6) to reach a globally > > routable (IPv6) address.
> yes > > In other words, that someone has introduced some kind > > of NAT or transparent proxy in the middle. > > no > it assumes that the routability domain of a ULA may be defined by the > site and extended to other sites using agreements. (...) > i hope it is clearer now. Well, it is now, thanks. But I'm still very wary as to whether doing that (using ULAs to reach globally routable addresses) should be supported/allowed at all. If there is one lesson that should be learned from the IPv4 and NATs mess, it would probably be: breaking the equivalence property of host reachability is VERY BAD. This includes the reflexive property (if A can reach B, B can reach A), which is not an issue. And it also includes the transitive property of reachability (if A can reach B and B can reach C, A can reach C). There are so many IETF, not-IETF and proprietary protocols out there that are more elaborate than HTTP with regards to how they use the network. There's one thing I've learned one thing after porting quite a bunch of applications to dual-stack; getaddrinfo() is not the universal solution to all IPv6/IPv4 transition considerations within applications. Lets say your company has desktop on ULAs space only, and globally routable addresses for servers. Some user wants to set up a media session with an external host (be it with SIP, RTSP, whatever). He'll happily connect to his whatever-proxy which is in public IPv6 address space. Then the proxy will connect with the remote peer and forward the setup infos, including the client ULA address as a return destination for media. Conclusion: You need not setup actual NATs to be faced with the NAT-type issues. Corollary: IMHO, ULAs should only be allowed to reach ULAs. In practice, one could use DNS views to advertise ULAs in one's internal DNS service, and advertise globally routable addresses to the outside to the host that are allowed to be contacted from the outside. -- Rémi Denis-Courmont http://www.simphalempin.com/home/
pgphSO0OyqELs.pgp
Description: PGP signature
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
