[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Host-based may be the way to go, but network controls are neccessary
- To: "Erik Nordmark" <Erik.Nordmark@sun.com>
- Subject: RE: Host-based may be the way to go, but network controls are neccessary
- From: "Aldrin Isaac" <aisaac@bloomberg.com>
- Date: Wed, 20 Nov 2002 16:33:07 -0500
- Cc: "IETF-Multi6" <multi6@ops.ietf.org>
- In-reply-to: <Roam.SIMC.2.0.6.1037818807.24115.nordmark@bebop.france>
Erik,
% From: Erik Nordmark [mailto:Erik.Nordmark@sun.com]
%
% > I personally am not suggesting that a complex policy
% > function should exist for optimum address selection.
% > IMHO the network should be able to tell a host immediately
% > when it makes an unusable selection without the host
% > having to depend on time-outs. This can be accomplished
% > simply by knowing whether a packet in transit has a valid
% > site-exit.
%
% ok
% Does the rest of the WG agree that this is sufficient?
% Or do folks want policy control for load balancing i.e.
% be able to control things even when no site exit has failed?
I think that the first steps to take are to fix certain elemental
stuff that ought to work, and then move on to much more complex stuff.
In my opinion source-based site-exit routing is elemental. I think if
we can get past this, we will be able to see clearly enough to find a
solution to more complex needs.
%
% > Information about the lack of a valid site-exit for a
% > selected source-address should be communicated simply
% > as an ICMP unreachable message.
%
% Presumably it would be useful to understand the security
% threats beforeadvocating a particular solution. I don't
% claim to understand them - atleast not yet.
ICMP unreachables are nothing new. When a route to a destination does
not exist it is considered unreachable. If the network knows that a
source prefix cannot be routed to a specific destination via a
specific path, it should also be considered as unreachable.
-- aldrin