[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipng
Subject:    RE: addrsel: privacy addresses within/out of a site
From:       Suresh Krishnan <suresh.krishnan () ericsson ! com>
Date:       2011-01-05 10:20:43
Message-ID: 4FD1E7CD248BF84F86BD4814EDDDBCC150E9C64860 () EUSAACMS0703 ! eamcs ! ericsson ! se
[Download RAW message or body]

Hi Pekka,

> Operational input: when discussing the use of RFC4941 
> (privacy) addresses with our LAN/workstation admins, it 
> seemed as if there would be great benefit from being able to 
> specify an RFC3484 rule which would in essence say:
> 
> "do not use privacy addresses when communicating inside the 
> site [a set of designated destination prefixes], use it by 
> default otherwise"
> 
> I don't think this is possible today because rfc3484 policy 
> table only allows matching by prefixes, not by address type.

I agree with you that this would be useful.

> 
> Has this come up in discussions / has anyone else thought about this?

Not exactly this point, but the ability to add specific prefixes into the policy \
table dynamically has been discussed several times before (e.g. in ULA scenarios) and \
will hopefully be solved soon.

On a side note, if you control the application you could use the \
IPV6_PREFER_SRC_PUBLIC flag defined in RFC5014 to effect such behavior.

Thanks
Suresh

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]