On 1/22/13 10:15 AM, Luigi Iannone wrote: > Hi All, > > the definition of LSB as of the to-be-soon-rfc lisp specification is: > > LISP Locator Status Bits (LSBs): When the L-bit is also set, the > locator status bits field in the LISP header is set by an ITR to > indicate to an ETR the up/down status of the Locators in the > source site. > > I think that this clears Damien's question since LSB has no > "reachability" meaning, rather it is a message from the site telling > "from my perspective ETR X is up and running". > > (BTW this may help debugging, since if the ETR is running but not > reachable from the outside this clearly shows that the problem is > along the path somewhere. Yeah… could be a long path… but it is still > useful information). > > The main concern is about security. Obviously LSB can be easily > spoofed in a public environment and this is documented in section > 6.4.1 of the draft-ietf-lisp-threats, which recommends: > > Locator Status Bits can be blindly trusted only in secure > environments. In the general unsecured Internet environment, the > safest practice for xTRs is to confirm the status change > through the mapping system. > > > So IMHO the thing to do is to simply put a reference to the > lisp-threats draft about the use of LSBs. >
And actually I would recommend a small change to draft-ietf-lisp-threats, changing 'through the mapping system' to 'through other means'. Otherwise it is possible to introduce circular dependencies.
_______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
