[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Distributing, period, was: Re: Distributing site-wide RFC 3484 policy



On 25-jul-2007, at 13:13, Marc Blanchet wrote:

As I said at the mike today, I really think we can't avoid
such a mechanism.

I agree with Brian. There must be a way for enterprises to push a RFC3484 policy to its nodes.

It occurs to me that we're trying to solve a subset of the full problem here. There is lots of site-wide stuff that may potentially be distributed. Stuffing those in DHCP and/or RAs is problematic because we essentially need to redo this every time a new piece of information is found that needs to be distributed, and because it would get too big. I don't think a nice, complex RFC 3848 table will necessarily fit into less than a kilobyte, which is the most you can possibly borrow from DHCP/RA.

Once you have connectivity, downloading data of arbitrary size, providing information of an arbitrary nature, is trivial through well- known mechanisms such as HTTP. The only missing piece is the name/ address of a small set of servers that are initially queried for this information. And this is something that will fit in a DHCP or RA message.