On Mar 18, 2013, at 4:17 AM, Shishio Tsuchiya <[email protected]> wrote:
> CPE would do firewall to the user traffic for all of delegated prefix, Home > GW might do firewall to user traffic. > If security policy is same then user traffic would be double count/check on > both HomeGW and CPE. > It is waste of resource and might be downgraded for user experience. > > It is enough to do by each of one. > What do think? You might want to look at the work Erik Kline and Lorenzo Colitti have been doing in homenet on homenet edge detection. As for hierarchical prefix delegation, the current way of doing it is broken—if you divide the prefix arbitrarily and delegate larger prefixes than /64 within the home, you wind up with a mess, although it does make routing simple until it fails. If you want to do prefix delegation within the home, the CPE edge router that got the delegation from the ISP should be the delegating router for the entire home, and the routers below it in the hierarchy should relay PD requests up to the CPE edge. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
