On 2009-04-08 10:51, james woodyatt wrote:
...
> Quoting my IS&T contact again:
>>
>> I believe our 3 choices are:
>>
>> 1) Inject PI address into partner (and vice versa)
>> 2) Inject ULA address into partner (and vice versa)
>> 3) NAT at the partner connection
>>
>> #1 is broken because the hosts might need to talk to other
>> partner/Apple services via another path
>> #2 is dangerous because it dramatically increases the routing table size.
I think this is FUD. I'd like to understand why it would be
'dramatic'. If you have N business partners that you reach by
ULAs, that would add at most N routes. That seems highly unlikely
to be dramatic.
If you actually want to funnel your business partner traffic
through a single firewall router, it could be that the only routes
you would add would be FC00::/7 and a more specific /48 for
your own in-house ULA prefix.
(Of course, there's no doubt that if you're running multiple prefixes,
according to the IPv6 standard model, your IGP will have to carry
multiple routes accordingly. But that's another discussion.)
Brian
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
