Pekka, Pekka Savola wrote: > > On Thu, 2 May 2002, Brian Haberman wrote: > > I had actually started taking a crack at this whole problem. It > > seems to me that the following components are needed for some form of > > global anycast support: > > > > 1. Host-to-router notification protocol (this is taken care of by > > changes to mld proposed in draft-haberman-ipngwg-host-anycast) > > > > 2. Security: at a minimum some form of authentication to allow > > routers to determine if hosts are allowed to join an anycast > > group > > You're making assumptions here. > > Hosts could very well participate in routing protocols.
I don't think I am making assumptions. If a node is injecting routes, it is a router. It may not be a member of the trusted set of routers though. That is where the security comes in. If operators want to protect the set of nodes that can inject routes, they can do so by securing the routing protocol exchanges. > > I don't think Host-to-router protocols and security can be _practically_ > dealt in the short/mid-term (<2-3 years). I am not sure if I agree with that. Today an operator can secure routing protocols. And I envision that the number of services reachable via anycast will be small and operating on an operator-trusted set of nodes. In that scenario, I can see the host-ro-router protocols being made secure. > > > 4. Possibly a draft that documents any impacts on any existing > > protocols (routing protocols, TCP, etc.) > > Unicast RPF is capable of killing anycast with source addresses quite > effectively. Not sure I follow you. The anycast addresses are in the destination address field. Regards, Brian -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
