On Wed, 27 Aug 2003 12:50:01 +1000
Andrew White [EMAIL PROTECTED] wrote:
I agree with Brian - the security issues are not the driving force in local
addressing.
The requirements I want are simple:
* I want to be able to create prefixes ex-nihilo (from nothing), without
involving the
Hi Bob, Alan,
My reply to Bob's question at end.
On Tue, 19 Aug 2003 19:48:26 -0400 (EDT)
Alan E. Beard [EMAIL PROTECTED] wrote:
Bob:
snip
This is not an urban legend, but, based on my experience, manufacturers
tend to react vigorously and very rapidly indeed to remove from public
Did a bit of googling, looks like Intel has had a duplicate MAC address problem as
recently as January last year :
http://www.intel.com/support/motherboards/server/stl2/ta-503.htm
IETF IPng Working Group Mailing List
IPng Home
On Tue, 19 Aug 2003 11:17:33 +1000
Andrew White [EMAIL PROTECTED] wrote:
Bound, Jim wrote:
Below is a picture of two links: Link 1 and Link 2. Link 1 has
Host-L1-B and Host-L1-C. Link 2 has Host-L2-E and Host-L2-F.
A multihomed Host-LX-D0 is connected to both Link 1 and Link 2.
All
Hi Pekka,
On Thu, 2003-08-07 at 17:47, Pekka Savola wrote:
On Thu, 7 Aug 2003, Andrew White wrote:
Just responding to a few points..
Real example: My ISP's DSL connection decides to drop the connection and
reconnect (with a new IPv4 address, and thus 6to4 prefix) every 1-3 hours.
Hi Tony,
On Wed, 13 Aug 2003 10:43:58 -0700
Tony Hain [EMAIL PROTECTED] wrote:
Mark Smith wrote:
True, but in my experience in a large, multi-departmental
govenment network, is it fairly common that end user security
/ access requirements don't fall neatly along route / prefix
On Wed, 2003-08-06 at 17:37, Aidan Williams wrote:
Mark Smith wrote:
Obviously it doesn't matter, but providing an explicit procedure to
generate the 'good enough' unique number that doesn't depend on one of
the EUI-48 values embedded in a device, will eliminate questions about
which
Hi Andrew,
On Wed, 2003-08-06 at 13:20, Andrew White wrote:
Particularly focusing on the FD00/8 space...
I'll raise my sole dissention up front:
3.2.2 and 3.2.3 are unnecessarily prescriptive for local addresses. Since
the goal is simply to get something which is 'good enough' unique,
On Mon, 11 Aug 2003 22:03:36 -0700
Tony Hain [EMAIL PROTECTED] wrote:
Pekka Savola wrote:
Why exactly is advertising the aggregate a problem? The
nodes will filter
out those sources they are auto-configured not to speak to
before even
seeing any maliscious packets.
You clearly
On Tue, 12 Aug 2003 12:09:20 -0700
Michel Py [EMAIL PROTECTED] wrote:
Routing it over the Internet (without a VPN) for inter-entrerprise
communication would also be perfectly legitimate, host-to-host IPSEC for
example. Then the line between it and global PI ceases to exist.
I think a
On Thu, 14 Aug 2003 09:39:59 -0700
Tony Hain [EMAIL PROTECTED] wrote:
Mark Smith wrote:
...
So is this a statement that the approach is not useful in
government
networks, or a statement that the tool is inadequate
because it does
not solve the government network problems
On Wed, 2003-08-06 at 18:50, Brian E Carpenter wrote:
but operational experience
with 10/8 suggests that ambiguity is actually a bigger pain than
NAT in some scenarios (VPNs between two Net 10 networks, for
example).
Combining the two is worse ... I spent two months _solid_ working to
Hi Nir,
I suggest you visit this page, which provides reasonable access to the
ipng mailing list achives.
http://marc.theaimsgroup.com/?l=ipngr=1w=2
Probably over the last two years, certainly over the last year, if there
is a dramatic jump in email traffic eg around 200 one month to 600 or
On Wed, 2003-08-06 at 19:00, Aidan Williams wrote:
Mark Smith wrote:
It is even less likely that the MAC address that came from an ethernet
card will be the same in both sites..
Ok, I think you might have missed the point of my original email, so
I'll try to re-state it :
1
On Thu, 2003-08-07 at 21:00, Pekka Savola wrote:
Hi Mark,
Thanks for the long reply; I found it very interesting.
Thanks for reading it.
A few more
comments in-line..
(hopefully this won't drift too far off-topic..)
Hopefully.
On 7 Aug 2003, Mark Smith wrote:
On Thu, 2003-08-07
This page should be a good place to start :
http://www.ipv6.org/impl/index.html
On Mon, 2002-12-09 at 22:12, Digambar Rasal wrote:
Hi,
we are process of changing network to Ipv6 and looking for switches and
routers those are supporting Ipv6 or Ipv6 and Ipv4 . If anybody has idea
about it
Hi Bob,
A few thoughts / questions / comments on your draft :
3.0 Proposal 3.1 Global Token
* 8 bit areas
I'm curious as to why you chose to allocate 8 bits for the area.
Allocating 6 bits for area would allow aggregation to take place on the
/16 bit boundary. I think this would make it a
Hi All,
I've put together the following email as a bit of a thought provoker on
how organisations may connect themselves together in the future, and how
that may effect globally unique site-local use.
Note that I haven't thought out a lot of it thoroughly - it may all be
totally bogus, or may be
, but not the VPN.
Mark Smith wrote
I'm not sure I see the difference.
Brian Carpenter
I agree. As longs as GUSL prefixes are unique, you can
flat route them in a foreign enterprise network. Maybe
some ad hoc static routes are needed, but that's common
in inter-enterprise VPN setups.
Note
On Thu, 2002-11-28 at 09:08, Pekka Savola wrote:
On 28 Nov 2002, Mark Smith wrote:
I think what was meant was that 10/8 addresses leak as _source_ addresses,
which is about equally bad.
Fair enough - I'd overlook that one, mostly because I don't see many
bogus source addresses bounce off my
On Thu, 2002-11-28 at 13:57, Michel Py wrote:
[Note: this is independent of GUPI]
GUSL
Globally Unique Site Local
Goals:
1. Provide an allocation method of site-local addresses
within FEC0::/10 in order to avoid ambiguity of such
addresses.
2. Enforce the non-routability of
On Thu, 2002-11-28 at 15:59, Michel Py wrote:
Mark,
Mark Smith wrote:
I've always thought we were trying to solve this same
single problem, and GUPIs and GUSLs were basically the
same thing.
GUSL solves the merger thing, but not the VPN.
I'm not sure I see the difference
On Tue, 2002-11-26 at 18:06, Keith Moore wrote:
One difference between our models may be that you seem to be assuming
that if a network has external connectivity, it has connectivity to
the public Internet.
Your right. I have been assuming that external = public Internet.
But I have also
Hi Margaret,
On Tue, 2002-11-26 at 23:47, Margaret Wasserman wrote:
Hi Mark,
2) Globals and GUPIs - you don't want to rely on the stability of your
allocated globals for your internal connectivity, so you roll out GUPI
address space as well. GUPIs are used for your internal communications
Hi Keith,
On Wed, 2002-11-27 at 00:21, Keith Moore wrote:
I suppose basically I'm considering internal to be any time one
organisation chooses to make its GUPI address space routes available to
another, and accept the other organisation's GUPI address space routes.
The organisation knows
Hi Margaret,
I agree it is useful to consider the problem we are trying to solve,
however, my understanding has been that we have been trying to solve the
same problem that traditional site-locals were created to solve.
I've generally understood the goals of traditional site-locals were :
1)
On Wed, 2002-11-27 at 02:54, Michel Py wrote:
Mark,
Mark Smith
2) Globals and GUPIs - you don't want to rely on the
stability of your allocated globals for your internal
connectivity, so you roll out GUPI address space as well.
GUPIs are used for your internal communications ie
I like it :-)
On Wed, 2002-11-27 at 07:57, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], [EMAIL PROTECTED] wr
i
tes:
Require the DNS server at the edge of the site be authoritative for the
whole of fec0::/10 or blackhole the queries.
(I don't think too many people would even
On Tue, 2002-11-26 at 10:52, Tim Chown wrote:
On Mon, Nov 25, 2002 at 10:19:55AM -0800, Michel Py wrote:
Let me emphasize again that none of this stuff goes anywhere is there is
no default enforcement of non-routability along the lines that Bob
Hinden, Christian Huitema and myself have
On Tue, 2002-11-26 at 13:17, Christian Huitema wrote:
So I've been watching this debate about globally
~unique site locals and I don't understand how the
end node knows whether a particular destination
address is in scope (reachable) or not. The old
way, it just matched it to its
On Sun, 2002-11-24 at 09:18, Kurt Erik Lindqvist wrote:
Absolutely agree. I've experienced the both the VPN and network 10
addressing situation concurrently with IPv4, in addition to having to
come up with bodgey solutions, I spent two months just saying to my
self
customers should
On Sun, 2002-11-24 at 11:56, Margaret Wasserman wrote:
All of these issues are present for any sort of private addressing,
and I don't think that the use of globally-unique local addresses
will significantly complicate any of these issues.
I think that we should stop calling these
On Sun, 2002-11-24 at 13:31, Michel Py wrote:
Margaret,
Michel Py wrote:
There is room for both models at the same, and good
enough is not going to be good enough for everybody.
Margaret Wasserman wrote:
I would need to see a very compelling case for why two
types of
On Sat, 2002-11-23 at 17:14, Michel Py wrote:
Mark,
Mark Smith wrote:
Michel, maybe my mind isn't lateral enough, but I
can't think of an example of anybody who would want
to pay for guaranteed globally unique site local
addresses. Usually people seem to be happy with
good enough
On Fri, 2002-11-22 at 09:34, Markku Savela wrote:
Fine by me. It's just that dealing with scopes seems to be the problem that
most people are complaining about rather than the existence of the addresses
themselves.
I cannot understand those people complaining about scopes. We will
I think another way of looking at this is to consider the domain of
reliability.
One of the advantages of Pekka's (auto)configured model for globally
unique site local addressing is that it doesn't make absolute guarantees
of global uniqueness. While the chance of globally unique site-local
On Fri, 2002-11-22 at 15:35, Michel Py wrote:
Bob,
(1) I am thinking about something like the default deny at the end,
except that it would be at the beginning and would be effective even
though there is no prefix-list applied to the peer. Something that would
require a separate command
I support this change and the new text.
Mark.
At 01:53 PM 11/12/2002 +0100, Brian E Carpenter wrote:
Unfortunately it's too late to catch the addressing architecture
document unless we recall it from the RFC Editor and cycle it
through the IESG again. But I propose that we do exactly that,
On Tue, 2002-11-12 at 12:07, Keith Moore wrote:
snip - and agree
Are we trying to solve a problem at the network layer, which impacts the
transport layer, which really is best and most appropriately solved at
the application layer ?
The overhead of recovering from renumbering is close
there is a need for BGP, or at least the
pseudo EBGP connections between the pseudo ASs in your confederation, to
carry site-local addressing.
Mark.
On Mon, 2002-11-11 at 13:41, Michel Py wrote:
Mark Smith wrote:
Could it be argued that if there was a need for confederations
in BGP to handle
On Wed, 2002-11-06 at 12:23, Michel Py wrote:
Bob,
Bob Hinden wrote:
Another router issue that gets talked around is should
packets with site-local destination be forwarded to
default. Given that site-local addresses are not
created without being configured, one approach could be
On Fri, 2002-11-01 at 04:47, Richard Draves wrote:
Obviously my last two models don't really fit the idea that
site-local addressing is to cover a single geographical site.
Why do you think that site-local addressing is tied to geography in any
way?
A few reasons :
1) because of the
Hi Michel,
On Sat, 2002-11-02 at 15:08, Michel Py wrote:
Mark,
Mark Smith wrote
Obviously my last two models don't really fit the idea that
site-local addressing is to cover a single geographical site.
Richard Draves wrote:
Why do you think that site-local addressing is tied
Does this make me a terrorist network administrator, for trying to help
by showing how I might try to use one of the features of IPv6 in the
real world ?
Please do not bring up terrorism on this mailing list, not only is it
in-appropriate, it is in particularly bad taste after the recent
Would provider independent local addressing be a better name for site
local addressing if Tony's model is the most commonly followed ?
I would find that a more descriptive name, as it doesn't suggest that I
have to artificially place a boundary on the addressing due to physical
geography.
Mark.
Thanks Tony, Margaret.
On Thu, 2002-10-31 at 10:19, Margaret Wasserman wrote:
On a related topic, if I was to stuff up my site local filters at the
edge of my site, would my network then become part of my ISPs site local
network ? In the proposed site-local models, are sites adjacent, or
On Thu, 2002-10-31 at 13:13, Brian Haberman wrote:
Tony Hain wrote:
Mark Smith wrote:
...
On a related topic, if I was to stuff up my site local
filters at the edge of my site, would my network then become
part of my ISPs site local network ?
You would both have to make
Oops, sorry, I think I overloaded an already defined term.
Maybe enterprise local addressing or something similar that doesn't
imply a geographical size or location, and indicates the addressing
uniqueness is only local to the organisation using it.
On Thu, 2002-10-31 at 15:04, Keith Moore
I think there is in Australia ...
Have a read of my previous emails.
If I was to build a very simple enterprise network between 8 capital
cities, with an single ethernet segment in each, and 7 wan links
connecting them, if I follow the current site-local definition
(geographical boundaries
On Thu, 2002-10-31 at 16:29, Keith Moore wrote:
however I'd be really surprised if SL filtering added to the
cost of a router.
You're probably right.
On the other hand, as per Ole Troan's earlier email (which I agree
with), I don't think all router implementations should be required to
Hi Tim,
I can provide a one network administrator's view, because that is all I
am.
In my experience, the main reasons network admins adopted RFC 1918
addressing were (in my naive days, I was one of them, thankforly(sp?)
not for long) :
1) the security benefits of non-routable address space.
Hi All,
On Tue, 2002-10-29 at 04:42, Bound, Jim wrote:
Michael,
Comments below.
/jim
[Have you ever seen the rain coming down on a sunny day]
Margaret,
Besides, it would be possible (although perhaps not
adviseable) to enforce this restriction. Nodes could immediately
52 matches
Mail list logo