[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Headers
> marcelo bagnulo:
> > In order to preserve aggregation, renumbering is required when changing
> > ISP, this is why end-sites like PI.
>
> > Now, the separation of identifier and locator can help with this,
> > simplifying re-homing events and renumbering. I guess that this
> > separation can help in such events. Currently internal systems such as
> > access lists, firewall use IP address for filtering, so that if the
> > site
> > renumbers all these list have to be updated. If id-locator separation
> > is
> > implemented, these systems can use identifiers, that belong to the end
> > site, symplifying re-homing events. In order to do this, identifiers
> > need to be carried in packets.
>
> You can't take what's in a packet at face value: this information can
> be spoofed.
Perhaps you could include enough info so you can check this.
>
> I would rather have the firewalls take part in the session
> establishment procedure.
Wouldn't this preclude fault tolerance? I mean what happens if this path
is broken and the communication is re-routed through another firewall? I
mean this would introduce some of the issues of NAT.
Regards, marcelo
> Then you don't need the explicit identifiers
> as per the above.
>
> Iljitsch
--
marcelo bagnulo <marcelo@it.uc3m.es>
uc3m
- Follow-Ups:
- Re: Headers
- From: Brian E Carpenter <brian@hursley.ibm.com>
- References:
- Headers
- From: Iljitsch van Beijnum <iljitsch@muada.com>