On Fri, 21 Feb 2003, Erik Nordmark wrote:
> > On the other hand, I'm very worried about specifying a host-router
> > protocol, as it is a new protocol -- contrary to working operational
> > practise -- and has a number of difficult issue to tackle with, most
> > important of them perhaps the security/authorization and interaction
> > with the routing protocols.
>
> I thought you just agree with me that the security/auth issue is independent
> of the protocol used.
Well .. it is, in a sense that security/auth must be done _somehow_, _but_
certain protocols (like BGP) already provide this functionality to
the sufficient degree.
> > I fail to see an issue with multi-interfaced hosts: all implementations I
> > know have an explicit toggle to disable/enable packet forwarding between
> > interfaces ("routing").
>
> I wasn't concerned about that but accidentually getting the host
> to pass routes in the routing protocol between its interfaces.
You've configured the routing protocol wrong in a few places (host itself,
and it's neighboring routers: they must have access lists to prevent
everything but the anycast announcement) if this happens. With IGP's it's
easier, but I'm not really advocating one due to signicantly more
difficult control mechanisms.
> > > > - the high number of packets exchanged before commencing with real TCP
> > > > traffic
> > >
> > > And the alternative is?
> >
> > Possibly some TCP modification. I'm not sure if there are others.
>
> What about UDP, SCTP, DDP?
> Minimizing transport awareness of anycast seems like
> a reasonable approach to me.
For connection-oriented protocols, similar modifications would have to be
done. Note that e.g. in SCTP this might not be a problem -- because there
is already a concept of multiple addresses -- anycast could just be one
which is never really used.
For connection-less protocols, source address should not matter, that
much.
But certainly, I agree that "protocol independence" has certain value :-).
But it also has a price tag attached to it..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
