As far as intra-AS infrastructure links are concerned, I'm perfectly fine with the draft.
HOWEVER, EBGP is a huge can of worms. While we can definitely make EBGP work over link-local addresses, the interface name becomes part of EBGP neighbor ID (at least in Cisco IOS), leading to a nightmare scenario if you have to move the peering (or worse: IXP) link to another interface in hurry. At least Junos has configuration identifier renaming functionality ... Hallway discussions with a few IXP operators and IXP members during last week's RIPE65 also indicated some lack of enthusiasm for this idea. I know the sample was statistically irrelevant, but it was clear not everyone wholeheartedly embraces EBGP-over-LLA concept. Ivan > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Benoit Claise > Sent: Monday, October 01, 2012 11:11 AM > To: [email protected] > Subject: [OPSEC] Feedback on draft-ietf-opsec-lla-only-01 > > Dear all, > > I discussed one topic off line with Eric, regarding > http://tools.ietf.org/html/draft-ietf-opsec-lla-only-01 > For the sake of openness, here it is again on the list. > > One on hand, the draft mentions: > > Lower configuration complexity: LLAs require no specific > configuration, thereby lowering the complexity and size of router > configurations. This also reduces the likelihood of configuration > mistakes. > > On the other hand, the draft mentions: > > These link-local addresses SHOULD be hard-coded to prevent the change > of EUI-64 addresses when changing of MAC address (such as after > changing a network interface card). > > So the question is: who is going to configure this? If the NMS, there is > not much of a gain in term of lower configuration complexity. > > We discussed the possibility of a global config on the router, for which > the link-local addresses for that router would be generated from the UUID. > > Regards, Benoit > > > _______________________________________________ > OPSEC mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsec _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
