Dear authors, In PBB-EVPN we advertise PE shared BMACs or dedicated (per-ES) BMACs. Either way, I believe it is a good practice to advertise them as ’static’ i.e. along with the ’sticky’ bit. That provides a natural protection against BMACs that might be learnt locally and are not ‘managed’.
In RFC7432, when the sticky bit is set, the sequence number is zero. For PBB-EVPN, that means that when shared BMACs are used and per-ISID load balancing multihoming is in place, the shared BMACs cannot be advertised as static (since the sequence number is used as a CMAC flush notification). Since the PE BMACs are not subject to mobility procedures and are by nature ‘static’ and managed, would it be possible to explicitly allow in the pbb-evpn draft the advertisement of the sticky bit along with a sequence number, when the mac-mobility extended community is used for CMAC flush notification? This can be optional and would allow an extra level of security in a PBB-EVPN network. If you agree with that, I can provide a text if needed. Looking forward to your feedback. Thank you. Jorge
_______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
