(ngtrans) Re: 6BONE AUP

Robert Elz kre@munnari.OZ.AU
Fri, 19 Feb 1999 17:28:35 +1100


    Date:        Thu, 18 Feb 1999 15:33:00 -0800 (PST)
    From:        "Michael P. Burton" <mpburton@europa.com>
    Message-ID:  <Pine.GSO.3.96.990218152656.14979L-100000@thetics.europa.com>

  | The whole access-list issue is a difficult one because from my
  | understanding, IPv6 dosn't deal with it; it is propitary tech. I'm sure
  | Cisco could come up with a solution for their routers, but if you are
  | dealing with different kinds of routers, you are going to be pretty hosed.

We don't need to define a scheme that works for cisco (or anyone else's)
routers, but to provide the mechanisms that the router vendors can use to
incorporate into their products.   Right now (as Perry pointed out) there's
no good way to say "SMTP from a uunet dialup address is disallowed",
other than to discover (somehow) the IP address ranges concerned and block
them explicitly.   Because of that, access lists are almost exclusively
written using IP addresses (or IP addresses and masks).   If we can provide
the mechanism to allow such things to be named, we can then lean upon the
vendors to support building access lists from names instead of numbers
(and if we & they do it right, the translations will contain TTLs and
the access lists will be automatically updated as the addresses alter).

  | But admins are going to need to be able to change their addresses on an
  | "as-needed"  basis, hopefully less than once a year. Do you have a
  | proposed solution to this issue?

Note the problem with access lists (and the reason I assume Matt raised it)
is that it isn't my address changes that are of immediate concern.   It is
that other guy's address changes that matter - if uunet decide (or are forced)
to reassign addresses to their dialup customers, then I have a bunch of access
lists I need to update.   This is not a new problem for IPv6, it is just likely
to become more importantthere, as renumbering is likely to happen much more
often (and yes, quite possibly much more often than once a year).

kre