[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] MTU/fragmentation AGAIN
Templin, Fred L wrote:
Brian,
I probably didn't look at your proposal carefully enough,
and I may not have time to soon. But, regardless of
whether/not PTBs could be translated there is still a
trust issue. We can probably (hopefully!) trust PTBs from
a router within the same site (i.e., intra-domain). But,
the same may not be true for PTBs that come from outside
of the site (inter-domain) and these may in fact be used
as a DOS vector.
Yep, same as ICMP in IPv4 is a (potential) DOS vector.
However, in both cases, I believe that the fact that the original header
is included,
makes it feasible for the host receiving the ICMP packet to (a) only
handle them
when it is doing PMTUD, and (b) validate them against transmitted packets.
Or, stateful packet inspection (firewall) devices could be taught the
"rules" for matching
PTB against packets that were sent (but are TB).
To my understanding, inter-domain is the
deployment case for the map-and-encaps architectures we
have been discussing?
For some definition of inter-domain, yes.
For instance, two customers of ISP A, who are both multihomed to other ISPs,
and exchanging LISP traffic. No BGP, so not "inter domain routing" per se,
but inter-"domain" in the sense of crossing third-party infrastructure.
The benefit of LISP is to the multi-homed entity, and only seen when
other parties
use LISP to communicate with them. In that sense, the entity *wants*
everyone
to know about the EID->RLOC mappings, and to allow use of that pathway,
modulo any security policies (firewall etc.)
Brian
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg