[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: misconfiguring the tunnel source address [mech-v2-04]

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: misconfiguring the tunnel source address [mech-v2-04]
From: Vladislav Yasevich <vladislav.yasevich@hp.com>
Date: Fri, 20 Aug 2004 10:39:55 -0400
Cc: v6ops@ops.ietf.org
In-reply-to: <Pine.LNX.4.44.0408201224090.8222-100000@netcore.fi>
References: <Pine.LNX.4.44.0408201224090.8222-100000@netcore.fi>
User-agent: Mozilla Thunderbird 0.6 (X11/20040502)

Pekka Savola wrote:

I just checked 4 different implementations: Linux, BSD, Cisco and
Juniper.  All of them "allow" the administrator to misconfigure the
source addresses.  This would seem like a hint that the implementors
want to give the power to the administrators, or not bother with
additional checks. I'd be interested if you know of implementations
which check the tunnel source address at configuration time?


Tru64 and maybe HP-UX do.

It seems like this problem is an artifact of uni-directional tunnels
that were present in rfc2893.  Since all tunnels now are bi-directional
point-to-point links, the additional specification may be a good idea.
This way, additional guidance is given to the implementors.

-vlad
--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Vladislav Yasevich		Linux and Open Source Lab
Hewlett Packard 		Tel: (603) 884-1079
Nashua, NH 03062		ZKO3-3/T07

References:
- misconfiguring the tunnel source address [mech-v2-04]
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: misconfiguring the tunnel source address [mech-v2-04]
Next by Date: Re: misconfiguring the tunnel source address [mech-v2-04]
Previous by thread: Re: misconfiguring the tunnel source address [mech-v2-04]
Next by thread: Re: 12 Problems with "draft-ietf-v6ops-mech-v2-04.txt" : was RE: Reminder: clarification....
Index(es):
- Date
- Thread