In your letter dated Sun, 17 Jul 2011 11:32:37 +0930 you wrote: >The quite novel technique of allocation transient addresses to >applications/processes to assist with firewalling also takes advantage >of IPv6's large address space and that hosts can have multiple >addresses at once. It'd be a shame to loose the opportunity to do that >or similar innovative things with the large IPv6 address space -
A more scalable approach is to simply route a /96 to the host. There paper already suggests that: "If necessary in a given environment, this could be faked by hav- "ing a host pretend to be a stub router; however, this would require "the host to participate in routing protocols, which is generally "considered to be a bad idea. A better solution would be to extend "NDP to handle host address prefix lengths. I guess the authors didn't know about DHCPv6 prefix delegation. I think the same applies to hosts with lots of VMs: maintaining a potentially large number of NC entries for a single MAC address is unlikely to scale. This is what routing is designed for. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
