Christian Huitema wrote: > > I'm not sure I believe in the need for topology hiding. But if I > did, > > on v6 I'd just allocate a separate subnet or group of subnets for > > external access. If really necessary, have such hosts set up IP over > > IP or L2TP tunnels to a concentrator; that will make this external > > access net look flat. > > That idea has been advanced quite a few times, but there is not a whole > lot of code written or products deployed. There are a few interesting > issues, e.g. the cost of tunneling versus in terms of overhead or > management, or the deployment of adequate source address selection > policies. This approach is discussed in 4864 using mIPv6 as the automated tunneling mechanism to the home agent at the network border. The entire point of topology hiding is to make all end systems look like they exist at the network border, and a mIPv6 home agent makes all associated end systems look like they are hosted from it, and as long as route optimization is blocked at the firewall the remote system will never see that tunneling is happening within the corporate network. There is shipping code for home agents and some for mIPv6 clients. If we could just get a major vendor to ship their implementation..... > > Actually, rather than tunneling, have we seriously consider flat host > based routing in a corporate network? A combination of DHT and caching > technologies ought to make that quite scalable. 4864 does suggest host routes as an alternative, but the 66nat fanatics refuse to read that section. Tony _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf