IETF Logo Mail Archive

RE: addrsel: privacy addresses within/out of a site

Suresh Krishnan <suresh.krishnan@ericsson.com> Wed, 05 January 2011 10:18 UTC

Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 361A43A6DD6 for <ipv6@core3.amsl.com>; Wed, 5 Jan 2011 02:18:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.575
X-Spam-Level:
X-Spam-Status: No, score=-102.575 tagged_above=-999 required=5 tests=[AWL=0.024, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqVK2pMfdHMj for <ipv6@core3.amsl.com>; Wed, 5 Jan 2011 02:18:47 -0800 (PST)
Received: from imr4.ericy.com (imr4.ericy.com [198.24.6.8]) by core3.amsl.com (Postfix) with ESMTP id 5D3D53A6B6F for <ipv6@ietf.org>; Wed, 5 Jan 2011 02:18:46 -0800 (PST)
Received: from eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) by imr4.ericy.com (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id p05AuoQE024295; Wed, 5 Jan 2011 04:56:52 -0600
Received: from EUSAACMS0703.eamcs.ericsson.se ([169.254.1.66]) by eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) with mapi; Wed, 5 Jan 2011 05:20:45 -0500
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: Pekka Savola <pekkas@netcore.fi>, "ipv6@ietf.org" <ipv6@ietf.org>
Date: Wed, 05 Jan 2011 05:20:43 -0500
Subject: RE: addrsel: privacy addresses within/out of a site
Thread-Topic: addrsel: privacy addresses within/out of a site
Thread-Index: AcurK9pZDSI68n2DQyGiE0abRhY/KgBlf0Qg
Message-ID: <4FD1E7CD248BF84F86BD4814EDDDBCC150E9C64860@EUSAACMS0703.eamcs.ericsson.se>
References: <alpine.LRH.2.02.1101031151250.23654@netcore.fi>
In-Reply-To: <alpine.LRH.2.02.1101031151250.23654@netcore.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2011 10:18:48 -0000

Hi Pekka,

> Operational input: when discussing the use of RFC4941 
> (privacy) addresses with our LAN/workstation admins, it 
> seemed as if there would be great benefit from being able to 
> specify an RFC3484 rule which would in essence say:
> 
> "do not use privacy addresses when communicating inside the 
> site [a set of designated destination prefixes], use it by 
> default otherwise"
> 
> I don't think this is possible today because rfc3484 policy 
> table only allows matching by prefixes, not by address type.

I agree with you that this would be useful.

> 
> Has this come up in discussions / has anyone else thought about this?

Not exactly this point, but the ability to add specific prefixes into the policy table dynamically has been discussed several times before (e.g. in ULA scenarios) and will hopefully be solved soon.

On a side note, if you control the application you could use the IPV6_PREFER_SRC_PUBLIC flag defined in RFC5014 to effect such behavior.

Thanks
Suresh

v2.23.0 | Report a Bug | By Email