Warren,
This document looks good. Given its scope, there aren't many changes
required.
There is one section that I found a bit confusing. In section 2.1, the
document states:
"These link-local addresses SHOULD be hard-coded to prevent the change
of EUI-64 addresses when changing of MAC address (such as after
changing a network interface card)."
This means that this document recommends configuring static LLA addresses.
Then in section 2.2, the document states an advantage is:
" Lower configuration complexity: LLAs require no specific
configuration (except when they are statically configured), thereby
lowering the complexity and size of router configurations. This also
reduces the likelihood of configuration mistakes."
I understand the difference between these two statements, but we should
be more explicit in explaining why we recommend static LLA but then
discuss the benefits of using non-static LLA addressing. Fundamentally,
we are stating that we should configure static LLA, but in case we don't
we have an advantage that the configuration complexity is less. I would
recommend you tie these two pieces of information together in a more
directed statement in section 2.2. For example:
" Lower configuration complexity: Commonly, LLAs require no specific
configuration and are generated automatically using eui-64 format,
thereby
lowering the complexity and size of router configurations. This also
reduces the likelihood of configuration mistakes. But as noted
above, static LLA configuration is recommended to prevent the change of
MAC address when changing hardware."
This is reiterated in section 2.5, when it states:
"It [using LLA addresses] also simplifies router configurations."
It would be good to include that this only occurs when not using static
LLA addresses, thought it is not recommended.
Otherwise, I think the document is clean and clearly addresses its goal.
Regards,
Rama
On 3/26/13 10:38 AM, Warren Kumari wrote:
On Mar 25, 2013, at 7:32 PM, Fernando Gont <[email protected]> wrote:
Hi, Warren,
I can review the I.D. Quick question: what's the desired deadline for
reviews?
Thank you, kind sir…
April 2nd would be great…
W
Thanks!
Best regards,
Fernando
On 03/25/2013 03:05 PM, Warren Kumari wrote:
Dear OpSec WG,
This is a reminder to review draft-ietf-opsec-lla-only-03 -- The draft is
available here: https://datatracker.ietf.org/doc/draft-ietf-opsec-lla-only/
This has been presented a number of time, and has gotten some in person
discussion. This means that it shouldn't take very long to review -- this means
that you can get brownie points for reviewing, without having to spend a bunch
of time….
W
--
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
Rama Darbha, CCIE #28006
919-574-5071
[email protected]
Cisco TAC - Security Solutions
RTP, NC, USA
Hours: 8h30 - 17h00 (EST)
http://www.cisco.com/tac
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
