On Sun, 12 Sep 2010, Brian E Carpenter wrote:
Is there a writeup of the model as a whole? If not, it would be immensely useful (and maybe this discussion belongs on v6ops or opsawg).
I've asked Fred if he knows of a write-up/whitepaper, Cisco has customers with extensive deployments of this.
Looking a bit, I found <http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap5.html>. The interesting parts are around "Port Security Considerations", "DHCP protection", "ARP spoofing protection", and the likes.
But as Fred also mentioned, SAVI WG is working in specifically this area <https://datatracker.ietf.org/wg/savi/charter/>
There also is no "one model" for this, there are multiple variants. Some rely on MAC 1:1 re-write to do a lot of the L2 protection needed (Ericsson Ethernet DSLAMs and ETTH nodes do this for instance). Some let end users choose MAC addresses and rely on MAC uniqueness, and try to do the rest by inspecting policy traffic as it flows along and implement different filters.
Also regarding this "belonging" on other lists. I'm not sure. Deployment models need to be understood by people proposing and critiquing work being done in all related WGs. Having people dismiss other peoples opinions/ideas because they don't understand a deployment model and rationale behind why someone is proposing something is causing unneccessary friction on the lists. I've multiple times been thinking "why the hell am I doing this, my forehead is bloody enough as it is" and throwing my hands up and leaving, but I try to dig in and continue.
I hope others do the same thing, we need to get IPv6 deployable. -- Mikael Abrahamsson email: [email protected] -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
