[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] MTU/fragmentation AGAIN

To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Subject: Re: [RRG] MTU/fragmentation AGAIN
From: Brian Dickson <briand@ca.afilias.info>
Date: Thu, 03 Jan 2008 20:42:56 -0500
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, Routing Research Group list <rrg@psg.com>, Dino Farinacci <dino@cisco.com>, Tony Li <tli@cisco.com>
In-reply-to: <39C363776A4E8C4A94691D2BD9D1C9A1029EDD5B@XCH-NW-7V2.nw.nos.boeing.com>
References: <A7AB4880-E1F1-4AEE-8913-FC9EE8F9CDC2@muada.com> <477BF1D4.5050209@ca.afilias.info> <39C363776A4E8C4A94691D2BD9D1C9A1029EDD4F@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A1029EDD50@XCH-NW-7V2.nw.nos.boeing.com> <477C3AAA.7000808@ca.afilias.info> <39C363776A4E8C4A94691D2BD9D1C9A1029EDD52@XCH-NW-7V2.nw.nos.boeing.com> <477D83B8.9000800@ca.afilias.info> <39C363776A4E8C4A94691D2BD9D1C9A1029EDD5B@XCH-NW-7V2.nw.nos.boeing.com>
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

Templin, Fred L wrote:

Brian,

I probably didn't look at your proposal carefully enough,
and I may not have time to soon. But, regardless of
whether/not PTBs could be translated there is still a
trust issue. We can probably (hopefully!) trust PTBs from
a router within the same site (i.e., intra-domain). But,
the same may not be true for PTBs that come from outside
of the site (inter-domain) and these may in fact be used
as a DOS vector.

Yep, same as ICMP in IPv4 is a (potential) DOS vector.

However, in both cases, I believe that the fact that the original headeris included,makes it feasible for the host receiving the ICMP packet to (a) onlyhandle them

when it is doing PMTUD, and (b) validate them against transmitted packets.

Or, stateful packet inspection (firewall) devices could be taught the"rules" for matching

PTB against packets that were sent (but are TB).

To my understanding, inter-domain is the
deployment case for the map-and-encaps architectures we
have been discussing?

For some definition of inter-domain, yes.

For instance, two customers of ISP A, who are both multihomed to other ISPs,
and exchanging LISP traffic. No BGP, so not "inter domain routing" per se,
but inter-"domain" in the sense of crossing third-party infrastructure.

The benefit of LISP is to the multi-homed entity, and only seen whenother partiesuse LISP to communicate with them. In that sense, the entity *wants*everyone

to know about the EID->RLOC mappings, and to allow use of that pathway,
modulo any security policies (firewall etc.)

Brian



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

References:
- Re: [RRG] MTU/fragmentation AGAIN
  - From: Brian Dickson <briand@ca.afilias.info>
- RE: [RRG] MTU/fragmentation AGAIN
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- RE: [RRG] MTU/fragmentation AGAIN
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- Re: [RRG] MTU/fragmentation AGAIN
  - From: Brian Dickson <briand@ca.afilias.info>
- RE: [RRG] MTU/fragmentation AGAIN
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- Re: [RRG] MTU/fragmentation AGAIN
  - From: Brian Dickson <briand@ca.afilias.info>
- RE: [RRG] MTU/fragmentation AGAIN
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>

Prev by Date: RE: [RRG] MTU/fragmentation AGAIN
Next by Date: [RRG] map-and-map (vs map-and-encaps) - further thoughts
Previous by thread: RE: [RRG] MTU/fragmentation AGAIN
Next by thread: [RRG] map-and-map (vs map-and-encaps) - further thoughts
Index(es):
- Date
- Thread