On Mon, 19 Aug 2002 [EMAIL PROTECTED] wrote: > i guess you are confused. > > >But that doesn't mean that we break/refuse existing communications > >earlier than we need to to achieve that. > > i have never said we should terminate existing connections. i suggested > we should refuse new incoming connections (TCP SYN).
Note: 'communications' not 'connections'; the wording was deliberate, I think. The point (as I saw it) was that if you want to deprecate an address, you must first kill all references to that address. If incoming connection request comes in, probably either: 1) the initiator has learned the address via some means (e.g. long-running application) some time ago before the address became deprecated 2) the deprecated address is still referenced somewhere (e.g. DNS) Sending RST might be ok for a purpose "ok, I'll reset this request gracefully [compared to TCP timeout], round-robin or try some other address", but for some others like "even though you don't know my other address, I'll send a reset anyway" it may disrupt communications between the two nodes. We don't know the reasen the initiator wants to establish the connection, so we probably should play safe and allow it. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
