On 1/12/10 3:43 AM, WashamFan wrote:
> In 9.2, after
> "Additionally, a CE MUST allow packets sourced by the configured BR
IPv4 Address",
> I suggest to add, for anti spoofing,
> ", provided their IPv6 source address doesn't start with the 6rd prefix".
>
We've had operators interested in at least having the option to send
traffic through the BR even for CE sourced traffic from within the
same
domain. Also, it is useful in some possible transition-to-native
scenarios to allow this. So, unless you have an identifiable security
concern that this helps to mitigate, I'd rather not add this kind of
restriction on the CE (and, it's an extra check, adding to complexity).
Please note that in section 8, the recommended method for reachability
detection between CEs and BRs allows for CE sourced traffic "U-turn"
BRs.
Yes, that too! Thanks.
- Mark
washam
_______________________________________________
Softwires mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/softwires
