[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Distributing site-wide RFC 3484 policy
On 2007-07-25 00:53, Jun-ichiro itojun Hagino wrote:
Please think about a case like you wanna use the Internet at home and at
the same time the enterprise network via VPN connection.
The address you get from the latter network is IPv6 global address but
its scope is limited to the enterprise network.
as i mentioned previously, VPN is about how to
- encrypt/authenticate communication with your laptop and your
organization (like IBM)
- and pretend that you are inside your organization network
there's no real point in using, or requiring, ULA for this.
you can just use IBM PI or PA for the IPv4/v6 address inside the
IPsec tunnel. i wonder what Apple corporate VPN is using - i guess
it would be within 220.127.116.11/8.
so do you mean that your enterprise does not have external connectivity?
how do you use Google from your enterprise, for instance?
Today, I fear it is often NATted. Obviously that is not the future.
I expect to see many enterprises use ULA for internal traffic
and PA or PI for Google. But I was actually thinking about VPNs between
business partners, which create "fingers" of reachability for small
subsets of address space that are shared by pairs of enterprises.
This can get very complex when many companies have mutual business
relationships. I can't even think how to draw it in ASCII art.