> From: Christian Vogt <[EMAIL PROTECTED]> > (d) IP addresses in filter devices, such as firewalls, intrusion > detection systems > ... > Filtering devices may have to be modified even if a *remote* edge > network renumbers since they may be configured with remote IP addresses > ... > filtering devices have to identify hosts or flows using locators.
I would _strongly_ argue that we should *not* be *configuring* _any_ kind of remote device (be it a filtering box, or anything else) with foreign *locators*. Note that this is a subtly different statement from 'remote boxes should not be using locators to perform their function' - the emphasis in my statement is on _configuration_. If a remote device wants to take some other kind of name with which it is confiured (DNS name, EID, etc) and dynamically convert that to locator(s), and then use the locator(s) to do its job (either because it's more efficient, or is the only field available in packets, or something) that's OK - modulo issues of binding lifetimes, etc. However, your second point - that renumbering a site may require changes in configuration at _remote_ sites - is the key point here. Renumbering of _any_ kind (either locators, endpoint names, or whatever) will be a non-starter if those bit-strings are configured in machines elsewhere on the network. I.e. if you allow that, renumbering is basically impossible. The conclusion is simple: either avoid such configuration, or renumbering (which includes provider independence, let's keep prominent) is impossible. Noel -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg