Pekka Savola wrote: > Why exactly is advertising the aggregate a problem? The > nodes will filter > out those sources they are auto-configured not to speak to > before even > seeing any maliscious packets.
You clearly trust your filter configuration manager. Not everyone does, and there is ample 'operational failure from typo' evidence to back up their mistrust. The point is that if there is no route, there is nothing that will need to be filtered. The security paranoid will both remove routes, and install filters, on the belief that failures will not occur in both at the same time. Despite the noise about not providing security, these are two mechanisms used in basic layered security models. Tony -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
