[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Distributing site-wide RFC 3484 policy
Jun-ichiro itojun Hagino wrote:
I understood your opinion in one sense, but there might have been
problematic cases with reality.
some part are same as Brian, and we has been tried to write in the
- Currently we already have coexistence of VPN access and Global
Internet Access in a site
as i respnoded to Brian this is a non-issue.
I replied about this point in another email.
- demands for controlling prefixes exists in some cases
this has to be done sorely with routing table using ip6_dst, nothing
else. if you use ip6_src for controlling routing, you will go into
paradise of "policy routing" that is, basicaly, a pitfall towards hell.
I think you've already mentioned the benefit of policy routing, haven't
you ? As far as the source address is used for some reasons, such as
routing and access control, I believe there should be demand for control
the source address to be chosen.
- demands for controlling v4-v6 preference
maybe, but what would you need more than "IPv6 then IPv4"?
At least, I know there is a motivation for smooth transition
to IPv6, such as,
-> IPv4 and IPv6 with lower preference
-> IPv4 and IPv6 with higher preference
-> IPv6 only.
Another case may be a network administrator knows that the
quality of IPv6 connectivity is clearly worse than that of
IPv4 because of tunneling or something.