Subj : New candidate member
To   : Markus Reschke
From : Michiel van der Vlist
Date : Mon Oct 17 2016 00:14:05

Hello Markus,

On Sunday October 16 2016 14:54, you wrote to me:

 MvdV>> 1) "WAN address" is IPv4 NAT speak. In IPv6 one has link local
 MvdV>> addresses and globally unique routable addresses.
 MvdV>> 2001:470:70:bf5::1 is a globally routable address.

 MR> For me, a WAN address is any address on an interface facing WAN.

OK...

 MR> Therefore his tunnel endpoint is a WAN address. 2001:470:71:bf5::1
 MR> seems to be his node's LAN address.

By your definition that address qualifies. The problem is that /every/ globally routable IPv6 address qualifies. 2001:470:71:bf5::1 qualifies as well.

With IPv4 it is clear where the LAN ends and the WAN start. At the NAT. Or more precise: with IPv4 after the coming of NAT. Because before the coming of NAT the usual IPv4 situation was similar to what we now have with IPv6. Every node had a globally routable address. One could argue that the LAN is defined by the subnet, but where does the WAN begin? I would argue that every node with a routable global address is part of the WAN, and hence its address is a WAN address by your defintion.

 MvdV>> 2) 2001:470:70:bf5::1 is the he.net tunnel endpoint. His binkp
 MvdV>> server does not answer on that address.

 MR> Yep.

 MvdV>> 3) 2001:470:70:bf5::2 is the tunnel end point on his end. His
 MvdV>> binkp server answers on that address because it so happens that
 MvdV>> the tunnel end point and the binkp server run on the same host.
 MvdV>> But this is coincidence. He could move the tunnel end point to
 MvdV>> another device on his LAN and then it would no longer work.

 MR> He would just have to update the AAAA record.

Yes, no big deal, but it could be avoided by not using that address in the first place and use 2001:470:71:bf5::1 instead.

 MvdV>> 2001:470:71:bf5::1 is the address of the interface that
 MvdV>> connects the system that runs his binkp server to the
 MvdV>> 2001:470:71:bf5::/64 subnet. IMNSHO that should be the address
 MvdV>> to connect to his binkp server. That keeps working if he moves
 MvdV>> the tunnel end point to his router or another host on the same
 MvdV>> subnet.

 MR> In this case I would assign a service IP address, which could be moved
 MR> around easily, and not use the ::1 LAN address, which might be the
 MR> gateway for the LAN.

Instead of "LAN" I would prefer the term "subnet". But you have a point. Although there is no hard rule that says ::1 is to be a special case reserved for a gateway, it would be preferable to use something else for a server on that subnet.


Cheers, Michiel

--- GoldED+/W32-MINGW 1.1.5-b20110320
 * Origin: he.net certified sage (2:280/5555)

.