[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: network controls are neccessary

To: "Craig A. Huegen" <chuegen@cisco.com>
Subject: Re: network controls are neccessary
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Thu, 21 Nov 2002 02:19:24 +0100 (CET)
Cc: multi6@ops.ietf.org
In-reply-to: "Your message with ID" <Pine.WNT.4.44.0211201252040.980-100000@chuegen-w2k02.amer.cisco.com>
Reply-to: Erik Nordmark <Erik.Nordmark@sun.com>

> For a larger enterprise network, this becomes a showstopper.  If the host
> picks a destination address on the least preferred network, the network
> infrastructure has no way to redirect him.
> 
> An alternative is to push policy to the hosts that's a bit smarter than
> longest-bit-match, except in a large enterprise, programming policy to
> 100,000+ hosts is extremely hard to do unless it's standardized and
> centralized in the network.  Now, I have no problems with the host
> learning policy (through RA, or through a DNS mechanism, or whatever) but
> it needs to be a required, standard part of IPv6.

Thanks Craig, this was the type of info I was looking for.

Do you have ideas on how complex the policies typically are?
For instance, would it make sense to push all of the rules into the hosts
or is the set of rules so large that a host-based solution would need to
cache subsets of the rules on demand?

  Erik

References:
- Re: Host-based may be the way to go, but network controls areneccessary
  - From: "Craig A. Huegen" <chuegen@cisco.com>

Prev by Date: Re: Host-based may be the way to go, but network controls areneccessary
Next by Date: RE: network controls are neccessary
Previous by thread: Re: Host-based may be the way to go, but network controls areneccessary
Next by thread: Re: Host-based may be the way to go, but network controls areneccessary
Index(es):
- Date
- Thread