[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some Comments on ID/Loc Separation Proposals

Christian Huitema wrote: 
There are many cases in which topology does matter. The classic example
is VPN: you don't necessarily want a connection initiated over a VPN
channel to migrate to another interface. Another classic example is
compartmented organization, with a secret network and an open network,
where you don't want a secret process to use the open network.

Yes, I would agree that topology does matter. However, I think your example may be overstated. In fact I *would* like my VPN to migrate from one interface to another when I change addresses (outside-outside). I would also like to know when I don't need it because I'm "inside" some network. To me that's a matter of secured signaling to the next layer.


There are also classic cases of interfaces with different monetary
characteristics, e.g. flat fee versus pay by volume. You don't want
applications assuming a flat fee to accidentally migrate to a pay by
volume interface.

Righto. And that's a matter of filtering at the TCP/UDP or even the application layer. Microsoft is in a very good position to ask and answer the question, "Who is calling me?" It's a bit more difficult if you're a router, but then IPSEC makes that a pain, anyway.

Eliot