On 27.10.2014, at 15.03, Michael Kloberdans <[email protected]> wrote: > Behaviors resulting from the knowledge of the CER are left to other > implementations. One implementation detects the CER and disables firewall, > NAPT and allocates PD requests for all Internal Routers (non-CER), but this > is just one example of applying behaviors based on knowing where the CER lies.
First, draft comments.. Section 2 - why clients SHOULD send the ORO for this at all? Perhaps it is MAY, just server responding with one. Why use WAN _or_ unique LAN interface address? Inconsistency is not a plus. Also, it is not obvious to me what to do if it has one LAN interface but multiple addresses.. Then, non-draft comments .. I am not sure evil bit (that ISP must obviously be nice enough to set, i.e. cer_id ::) is really what I would trust my firewalling decisions on. In Cablelabs context this is especially puzzling, as you have ISP-facing holes (with weird antenna-style bits in them), and home facing holes (RJ45 or wireless). Why is this autodetection needed at all there? Or is it just so ISP _can_ turn off the firewall if they want to, or government wants to force them to do so? Cheers, -Markus _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
