Hi Brian,
Thank you for raising up this point. IMHO some existing monitoring or filtering
approaches should be adopted to prevent against these attacks. We will include
these considerations in the next version.
In general, I believe that this work will be of benefits, though it still needs
to be improved. It will be greatly appreciated if we can receive more comments
from the WG.
Best regards!
Yuchi Chen
From: Brian E Carpenter
Date: 2014-02-19 03:32
To: meng.wei2
CC: chenycmx; [email protected]
Subject: Re: [Int-area] [intarea]Comments on
draft-cui-intarea-unified-v6-framework-00
On 18/02/2014 20:15, [email protected] wrote:
...
> "Yuchi Chen" <[email protected]> 2014-02-18 12:39:34:
...
>> [yuchi] Yes, switch should forward the inital packet of each of
>> unknown flows to controller. I agree that
>> it indeed may lead to congestion if there are too many new flows
>> concurrently passing through switch.
That sounds like an ideal and simple target for a DDOS attack.
Brian
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
