> - we want to figure out whether it's worth exploring the details needed > to make redirects work with global/anycast next-hops.
Explored the global part long time ago. Conclusion was: In order to make redirects work well in this case and maintain the check to only accept redirects from the current nexthop requires the host to maintain an equivalence class for each router on the link i.e. knowing all the addresses of all the routers on the link. This adds memory requirements and some more complexity on small hosts for not much benefit. Also, accepting redirects from non-link-local sources removes one security check (but we still have the hoplimit=255 check; but implementation bugs means it might make sense to have two checks instead of one). Anycast is harder due to the "no anycast as source" requirement. Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
