[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [RRG] draft-rja-ilnp-intro-01.txt

To: "'Iljitsch van Beijnum'" <iljitsch@muada.com>, "'rrg Group'" <rrg@psg.com>
Subject: RE: [RRG] draft-rja-ilnp-intro-01.txt
From: "Tony Li" <tony.li@tony.li>
Date: Fri, 1 Aug 2008 12:54:09 +0100
In-reply-to: <A21C9B11-86C2-47C4-9623-7829ADBA1287@muada.com>
References: <A21C9B11-86C2-47C4-9623-7829ADBA1287@muada.com>
Reply-to: <tony.li@tony.li>

Hi Iljitsch,
 
|It also shares with shim6 the limitation that locators are 
|exposed all  
|the way to the hosts, so it's highly likely that someone will filter  
|on them so it doesn't solve or avoid the renumbering problem.


This doesn't seem like a very reasonable comment.  There are many fields
exposed to the firewall, are they going to filter on the DSCP, for example?
If this architectural path is the one that we select, it would seem that it
would become obvious to the firewall vendors that filtering should be
possible on an identifier basis as well.  We can document and encourage this
behavior too.


|    When one upstream connection
|    fails, the node sends an ICMP Locator Update message to each
|    existing correspondent node to remove the no-longer-valid
|    Locator from the set of valid Locators.
|
|This mechanism doesn't address the situation where there is a 
|failure,  
|but the failure isn't directly visible to the host (or router)  
|connecting to the link in question. Because of switches, failures on  
|the actual link are often hidden.


True, but it seems like the point of this mechanism is to give the host a
mechanism to deal with the case where there is visibility into the failure.


|Obviously sending ICMP messages over the failed link doesn't 
|work, and  
|using another link creates security issues.


There are security issues with the message independent of where it was sent
from.  If those issues are dealt with, as in section 9, it doesn't seem like
there are outstanding issues.


|Although it doesn't look that way on the surface, this is fairly  
|similar to shim6 in what it does, except that shim6 is much more  
|complete and backward compatible.


Except that shim6 has to continue to fool the transport protocols, rather
than changing them to use a new namespace.

Tony


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

References:
- [RRG] draft-rja-ilnp-intro-01.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Next by Date: RE: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Previous by thread: Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Next by thread: Re: [RRG] draft-rja-ilnp-intro-01.txt
Index(es):
- Date
- Thread