[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IETF multihoming powder: just add IPv6 and stir
IMHO, firewall type filtering should be on "who" you are, not
on "where" you are.
The only filtering on location that makes sense to me is to simply
ensure that the source locator is not spoofed.
Tony
| > A filter that is looking at a locator is probably a bug.
|
| The need to filter is an operational reality.
|
| So how do we filter on an identifier? Put them into the
| routing tables
| and then uRPF? And if the identifiers are in the routing
| tables, who
| needs a locator?
|
| To me, identifiers belong at layer 4 and up. Locators
| belong at layer
| 3. So any filtering on layer 3 must be on locators.
|
|