[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IETF multihoming powder: just add IPv6 and stir

To: "Iljitsch van Beijnum" <iljitsch@muada.com>
Subject: RE: IETF multihoming powder: just add IPv6 and stir
From: "Tony Li" <Tony.Li@procket.com>
Date: Wed, 14 May 2003 15:58:42 -0700
Cc: <multi6@ops.ietf.org>


IMHO, firewall type filtering should be on "who" you are, not 
on "where" you are.

The only filtering on location that makes sense to me is to simply
ensure that the source locator is not spoofed.

Tony


|    > A filter that is looking at a locator is probably a bug.
|    
|    The need to filter is an operational reality.
|    
|    So how do we filter on an identifier? Put them into the 
|    routing tables 
|    and then uRPF? And if the identifiers are in the routing 
|    tables, who 
|    needs a locator?
|    
|    To me, identifiers belong at layer 4 and up. Locators 
|    belong at layer 
|    3. So any filtering on layer 3 must be on locators.
|    
|

Prev by Date: RE: Agenda for Vienna
Next by Date: Re: Mutli6 meeting in Vienna
Previous by thread: Re: IETF multihoming powder: just add IPv6 and stir
Next by thread: I-D ACTION:draft-savola-multi6-nowwhat-00.txt
Index(es):
- Date
- Thread