> > In 9.2, after > > "Additionally, a CE MUST allow packets sourced by the configured BR > IPv4 Address", > > I suggest to add, for anti spoofing, > > ", provided their IPv6 source address doesn't start with the 6rd prefix". > > > We've had operators interested in at least having the option to send > > traffic through the BR even for CE sourced traffic from within the > same > domain. Also, it is useful in some possible transition-to-native > scenarios to allow this. So, unless you have an identifiable security > > concern that this helps to mitigate, I'd rather not add this kind of > > restriction on the CE (and, it's an extra check, adding to complexity).
Please note that in section 8, the recommended method for reachability detection between CEs and BRs allows for CE sourced traffic "U-turn" BRs. washam _______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
