[6bone] Network Address translation question

[Iljitsch van Beijnum]

On 22-jun-2005, at 14:51, Mohacsi Janos wrote:

>>>> The trouble is that there is no clear way to force the use of  
>>>> internal
>>>> addresses for internal stuff and external addresses for external  
>>>> stuff.

>>> This is easier, if you setup RFC3484 style address selection. You  
>>> give
>>> higher priority to your local addresses.

I'm not sure how you envision this. My understanding was that the  
address with the longest matching prefix would be used. So when I  
connect to my server which has both a 2001:: and a 3ffe:: address  
(sequoia.muada.com for those of you who want to try) my system at  
home with a 2001:: address would use the 2001:: address. However,  
that's not what happens.

MacOS 10.4:

% telnet sequoia
Trying 3ffe:2500:310:2::1...

FreeBSD 4.9:

# telnet sequoia
Trying 3ffe:2500:310:2::1...

Red Hat 9 Linux:

# telnet sequoia
Trying 3ffe:2500:310:2::1...

(Well, acutally they pick an address non-deterministically.)

Windows XP was the only one that used the 2001:: address each time.  
(But this could be because of DNS caching, no way to tell except for  
rebooting more times than I care to do right now.)

But that's not the real problem. The real problem is that always  
choosing the same address is a bad thing: that way, applications that  
don't cycle the address list themselves can easily get stuck retrying  
a non-working address and ignoring a working alternative.

(And this would also require two-faced DNS all over the place as  
you'd try to connect to other people's unique site locals otherwise.)

The bottom line is that there is no way to do the right thing with  
only a priori information. You need at least _some_ measurement info  
to make reasonable decisions.

> I think pretty large number of hosts potentially can support RFC3484.
> Windows XP/2003 fully supports it. All *BSD systems also fully  
> supports it.

So how do I install a policy?