[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6

To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
From: Tony Li <tli@cisco.com>
Date: Wed, 25 Jul 2007 17:58:54 -0500
Cc: Christian Vogt <christian.vogt@nomadiclab.com>, RRG Mailing List <rrg@psg.com>
In-reply-to: <469B2E26.3050005@gmail.com>
References: <468907C6.30001@nomadiclab.com> <4695EF81.9020600@gmail.com> <46961B70.7070207@nomadiclab.com> <277A39A2-3855-4248-B07F-96F08A2AB0FB@cisco.com> <469B2E26.3050005@gmail.com>

[Sorry for the delay in responding, I'm still catching up aftervacation...]


On Jul 16, 2007, at 3:36 AM, Brian E Carpenter wrote:

The alternative approach is that the necessary policy and preference
table is automatically distributed to all hosts in the site from
a central point; that would of course require overhead in every host
(but RFC 3484 already assumes such overhead).

Unfortunately, distributing policy is NOT the same as having aneffective policy. In an enterprise of any significant size, thenumber of hosts that is not completely under the control of the localadministration can be quite large. Those host may or may not complywith the policy as distributed, either due to non-implementation ofthe policy mechanisms, incorrect implementation, or outrightmalfeasance.

Yes, I realize that this is analogous to the architecture argumentabout firewalls vs the end-to-end principle that we've debated forabout 20 years now and still do not have consensus on. No, I don'tmean to reopen that. I will point out that the practical necessityfor firewalls does exist, and therefore the facilities exist in reality.

Similarly pragmatic thinking suggests that enterprise administratorswill take whatever steps necessary to ensure that they have a proxysolution. Given that, it would be greatly preferable in my mind ifwe architected the solution rather than letting it evolve.


Tony

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

Follow-Ups:
- Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
  - From: "Christian Vogt" <christian.vogt@nomadiclab.com>

References:
- [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
  - From: Christian Vogt <christian.vogt@nomadiclab.com>
- Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
  - From: Christian Vogt <christian.vogt@nomadiclab.com>
- Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
  - From: Tony Li <tli@cisco.com>
- Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

Prev by Date: Re: [RRG] some musings on PI v. PA, and assumptions, requirements, and tradeoffs
Next by Date: Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
Previous by thread: Re: [RRG] Six/One: A (Different) Solution for Routing and Addressingin IPv6
Next by thread: Re: [RRG] Six/One: A (Different) Solution for Routing and Addressing in IPv6
Index(es):
- Date
- Thread