[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: misconfiguring the tunnel source address [mech-v2-04]

To: "Pekka Savola" <pekkas@netcore.fi>, "Erik Nordmark" <Erik.Nordmark@sun.com>, "Alex Conta" <aconta@txc.com>
Subject: RE: misconfiguring the tunnel source address [mech-v2-04]
From: "Follen, Stephen" <sfollen@enterasys.com>
Date: Fri, 20 Aug 2004 08:16:46 -0400
Cc: <v6ops@ops.ietf.org>

On Fri, 20 Aug 2004, Pekka Savola wrote:
> I just checked 4 different implementations: Linux, BSD, Cisco and
Juniper.
> All of them "allow" the administrator to misconfigure the source
addresses.
> This would seem like a hint that the implementors want to give the 
> power to the administrators, or not bother with additional checks. I'd

> be interested if you know of implementations which check the tunnel
source
> address at configuration time?

The Enterasys implementation also does not check the tunnel source
address at tunnel configuration time, primarily because to do so would
be overly restrictive to the admin in terms of order of configuration;
The admin is allowed the flexibility to configure the tunnel first and
then configure the IPv4 interface if (s)he wants to - but that's just an
implementation detail.

IMHO this sort of stuff is not important enough to go into an RFC. It
seems obvious that if the tunnel source address does not exist on the
device, or if there is no route to the remote v4 destination, or ... the
tunnel won't work.

Follow-Ups:
- Re: misconfiguring the tunnel source address [mech-v2-04]
  - From: Alex Conta <aconta@txc.com>

Prev by Date: Re: [ipv6-wg@ripe.net] Re: 9/9/2004 IP6.INT Removal (Was: 9/9/2006 : ip6.int shutdown?)
Next by Date: Re: misconfiguring the tunnel source address [mech-v2-04]
Previous by thread: IESG evaluation draft-ietf-v6ops-ent-scenarios-05
Next by thread: Re: misconfiguring the tunnel source address [mech-v2-04]
Index(es):
- Date
- Thread