[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GLOBAL-V6]IPv6 Allocation Policy
"Craig A. Huegen" wrote:
>
> On Wed, 21 May 2003, Michel Py wrote:
>
> > Yep. In the end, a specific announcement being filtered and sending the
> > traffic to a different entry point than it should have results in paying
> > three times transit for the traffic:
>
> ...keep in mind that this breaks stateful firewalling too, unless state is
> shared across the entire network (which is pretty significant when
> you're talking about passing and replicating messages for every single
> connection out of the network).
And people wonder why we say that state is evil, and distributed state
is more evil. I don't think we should design policy for stateful firewalls.
I think we're drifting away from the question of what the policy should
say. The point, I think, was to ease the wording to allow for
giving /32s in any case where common sense would allow it.
Brian
