Hi Randy, >From: Randy Bush [mailto:[email protected]] >Sent: Tuesday, November 20, 2012 4:04 >AM > >being lazy, i really wanted to spec communities. but communities are >too small to hold a reasonable hash.
Regular community may be too small to protect from attacks but probably not to protect against unintentional errors, which is the goal of the draft as per the abstract. That's why IMO, the draft should clearly states what are the VPN customers' requirements in term of protection and how much the draft address thoses requirements. In addition, a few uses cases would be useful to better understand the issues the draft is proposing to solve. Extended community are bigger (6 or 7 octets). Not working on crypto, I don't know if that's big enough to sign an IP prefix. > and they are not necessarily transitive. If you pick the transitive flavor, I assume that the SP(s) will not specifically filter out the customers' communities as the SP is supposed to provide a transparent IP VPN service. (and we could argue that the "L3VPN Origination BGP Path" Attribute is also not guaranteed to be transitive (e.g. to protect from BGP session failure caused by incorrect handling of BGP attributes, SP could filter out the attributes) Bruno > >randy _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, France Telecom - Orange is not liable for messages that have been modified, changed or falsified. Thank you.
