> > Hello Tyson > > > > Indeed a very good and interesting work!! > > > > I would like to suggest a few issues for you and the WG to consider: > > > > 1. In chapter 5 you proposed the PSDO structure. I think you must > consider the addition of Stain structure and semantics to be part of the > draft. Make the Stain semantics be vendor or security managers dependent > can be problematic. We must consider enterprise connecting to multiple ISPs > and vice versa. For Stain provider, define a Stain per customer might be > difficult to manage. The Stain provider cannot impose Stain structure > because his customers might be connected to multiple ISPs, thus to multiple > Stain provider. > > 2. Page 4, chapter 3, item #3 : I think that major concern here is > *scalability*. The client must deal with huge number of security > intelligence, this imposes relatively complicated and expensive hardware > and software. In chapter 3.1, it might be reasonable to add the scalability > benefit. In system view and in general, the IP Staining approach introduces > a genuine and efficient architecture with relatively *small number* of > high scale devices (PMDs) and *large number* of simple and low scale > devices all over the network, mainly in costumers networks. I think this > can be emphasized also in chapter 3, and helps to better understand the > huge benefit of the proposed architecture. > > > > 3. Page 8 – The S and U bits shall be better explained. There > usages are not clear enough. Also please consider to add a requirement in > the Option Type to allow the PSDO to be silently ignored by any nodes don’t > supporting staining, specified by the 2 high order bits in the Option Type . > > > > Best wishes, > > > > > > Ehud Doron > > Senior Architect, CTO office > > Radware Ltd. > > www.radware.com > > T:+972 (3) 7674655 > > M:+972 (54) 7575503 > > F:+972 (3) 7668997 >
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
