On 12/6/2016 11:31 AM, Templin, Fred L wrote: > Hi Joe, > >> -----Original Message----- >> From: Joe Touch [mailto:[email protected]] >> Sent: Tuesday, December 06, 2016 11:11 AM >> To: Templin, Fred L <[email protected]>; Lucy yong >> <[email protected]>; Brian E Carpenter >> <[email protected]>; [email protected] >> Subject: Re: [Int-area] Some thoughts on >> draft-yong-intarea-inter-sites-over-tunnels >> >> Fred, >> >> First, we are violently agreeing that subnet redirect works only where >> source addresses cannot be spoofed. The problem is that this is not the >> typical case, so it's not a generic solution IMO. > The same can be said about ordinary host-based Redirect (only works where > the source address cannot be spoofed). The only difference is the attack > surface is larger for subnet redirection which is why RFC6706 does the > due diligence of supporting data origin authentication. Because the attack surface is larger is the reason it's an issue.
... > AERO uses the NBMA tunnel virtual link model meaning that IPv6 ND works > the same as for an NBMA physical link. The model supports traffic engineering, > multi-homing, route optimization, fault tolerance, mobility management and > security. Do you have a solution for these that does not require new code? I already mentioned it - existing IP forwarding with virtual L2 interfaces. The existing IP forwarding supports TE, multihoming, route optimization, etc - all without any new code. Joe _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
