Erik Nordmark wrote:
> I don't understand your concern hence I can't follow your logic. Are you
> concerned with some admin that has chosen to use the link-local address
> range (169.254/16) for some purpose which is different than link-local
> addresses as defined by the RFC?
Yes. If they do so manually, it is their choice and we should
not prohibit this. But I'd try not to allow that to happen if
they use the supported mechanism.
> I suspect the issues is more complex than that, since it also matters
> whether or not the LLA is visible by remote systems (and the local
> system) in the naming services. I'm assuming you want to make the LLA
> visible with Bonjour (even if the system has non-LLA addresses?) thus
> applications will end up using it unknowingly since
> gethostbyname/getaddrinfo returns it. (If you don't make it visible in
> Bonjour then nothing of signficanse will use the LLAs, means makes it
> even less interesting to configure them!)
But I expect Bonjour will know what to do when there is a
routable address. After all, it's supposed to work in
exactly this situation. I have not looked at Bonjour's
code to verify this though.
> Depends whether or not you think email loops are a good thing.
> Suppose a host has been configured with the LLA 169.254.17.17.
> Using the email address syntax with a literal IP address I can now send
> mail to root at 169.254.17.17 (perhaps there is some quoting brackets in
> the syntax - I didn't double check.)
> That will connect to sendmail on the system. Sendmail will check whether
> the email is for local delivery, which among other things rely on
> knowing all the hostnames and all the IP addresses of the system. Since
> you've hidden 169.254.17.17 from sendmail, it will conclude it should
> relay this email. Thus it will open a smtp connection to that IP
> address. As a result the email will loop.
I don't know about sendmail internal and I'll take the
above as the real behavior. Yes, this is a problem if sendmail
uses SIOCGLIFCONF to get all the addresses without specifying
the LLA flag.
> While sendmail might by default not relay things, the larger point is
> that the interaction between what gethostbyname/getaddrinfo returns and
> what shows up in SIOCGLIFCONF has some interesting aspects, and the
> *architecture* for IPv4 link-local addresses better take that into
> account unless we want to end up with a brittle or broken system.
To be frank, I don't know how Bonjour handles the naming
service using IPv4 LLA. So I cannot answer what the implication
is. But I don't think it actually ties to the behavior
SIOCGILIFCONF does not return the LLA by default. At the
very least, the code can be changed to set the LLA flag to
retrieve the LLA.
> Huh? You said there was a need to implement this, but there is no
> customer interest. Is that right?
I'd defer this to the folks who requested this feature.
> Frankly, link-local addresses doesn't seem worth the effort. Even if you
> do address my concerns above, you'd still end up with a system that is
> more complex than without it, and some of that complexity will bleed
> through to make the administrator/user have to understand them.
>
> Already today it is the case that any network I've connected the laptop
> to has had a DHCP server, and the penetration of DHCP will have further
> increased by the time some LLA support shows up in Solaris.
>
> Keep it simple, please!
--
K. Poon.
kacheong.poon at sun.com
