Date: Fri, 01 Dec 2000 09:33:59 +0900 From: itojun@iijlab.net To: Dominick LaTrappe <seraf@2600.COM> Cc: freebsd-net@freebsd.org, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Gerhard Sittig <Gerhard.Sittig@gmx.net> Subject: Re: filtering ipsec traffic (fwd) Message-ID: <3711.975630839@coconut.itojun.org> In-Reply-To: seraf's message of Thu, 30 Nov 2000 15:00:29 EST. <Pine.NEB.4.21.0011301440230.8590-100000@phalse.2600.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> from IPv6 point of view (yes, I'm IPv6 centric!) we cannot add extra >> interface like tun0. IPv6 has scoped address, and if we add extra >> interface in IP stack we will change the address semantics. >I take this to mean that in KAME an IPv6 address's scope cannot span >multiple interfaces, which is in itself a big limitation that will prevent >a lot of code from being IPv6-enabled. yes, spec-wise, scope can span across multiple interfaces. i know of no "link can span across multiple interface" implementation to date. "scope across multiple interfaces" does not really help you in this story. if you have multiple ethernet cards (under different scope) and single tunnelling device for ipsec (let us assume that it has its own scope), you aggregate traffic from two different scopes into single scope. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3711.975630839>