Ted Thanks for comments. I also found hipnet draft. The description and discussion might resolve today's homenet securty issue. http://tools.ietf.org/html/draft-grundemann-homenet-hipnet-01#section-4.1 http://tools.ietf.org/html/draft-grundemann-homenet-hipnet-01#section-8
Regards, -Shishio (2013/03/18 21:38), Ted Lemon wrote: > On Mar 18, 2013, at 4:17 AM, Shishio Tsuchiya <[email protected]> wrote: > >> CPE would do firewall to the user traffic for all of delegated prefix, Home >> GW might do firewall to user traffic. >> If security policy is same then user traffic would be double count/check on >> both HomeGW and CPE. >> It is waste of resource and might be downgraded for user experience. >> >> It is enough to do by each of one. >> What do think? > > You might want to look at the work Erik Kline and Lorenzo Colitti have been > doing in homenet on homenet edge detection. > > As for hierarchical prefix delegation, the current way of doing it is > broken―if you divide the prefix arbitrarily and delegate larger prefixes than > /64 within the home, you wind up with a mess, although it does make routing > simple until it fails. If you want to do prefix delegation within the home, > the CPE edge router that got the delegation from the ISP should be the > delegating router for the entire home, and the routers below it in the > hierarchy should relay PD requests up to the CPE edge. > > > _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
