In your previous mail you wrote: I sure hope that nobody's making the assumption that you need to be a mobile node to send BU's and/or HAO's.
=> by definition if a node which sends BUs is a mobile node. But I agree that HAOs are useful for nodes which are not mobile nodes, so the BCE check is not a good solution. My provider doesn't care diddly squat about any of this, nor is it likely that if I tunnel to the 6bone they're going to care much either. => my proposal is not based on traditional unicast RPF ingress filtering done by routers, it is based on firewalls at the border of source sites. But don't believe RPF checks are obsolete, the idea is to use it against traditional DDoS and to use enhanced ingress filtering against the iDDoS threat from HAOs. If this is your only line of defense of protecting CN's from senders of malicious HAO's, I'm pretty skeptical. => enhanced ingress and anti-spoofing filterings are based on the knowledge of bindings. If there should be no HAO sender in a site, the extra ingress filtering rule is just "drop packets with a HAO". If there should be no home agent in a site, the extra anti-spoofing filtering rule is just "applies anti-spoofing to addresses in HAOs". So in common cases the job is easy and even scalable. RPF checks "work" mainly because they are so painless for ISP's to implement. => I don't believe this is so easy but this is an indication that ISPs are ready to implement a kind of access control which gives them no direct benefit. IMHO we can trust smart ingress filtering as much as current ingress filtering... Anything beyond that is likely to be a complete non-starter. => we'll see... We (IETF) can't do far more than to provide technical solutions. Regards [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
