>Side note: A "feature" that I would like is the ability to only accept
>authenticated default routes. Could that be done in a topology like
>this:
>
>gw - routerA-withauth - routerB - routerC - routerD-wantsauth
Unfortunately no, this is too much different from RFC 7298, in which
authentication is a per-interface set of requirements. Based on each direct
neighbour's ability to satisfy those requirements the neighbour's packets make
(or don't make) it into the scope of the Babel protocol instance. The
authentication layer does not spell smaller non-authentication data items of
the packet like individual routes.
Also the diagram above would require a security model that manages to keep
things safe with untrusted speakers in between (here you would need an advice
from somebody experienced with the problem stated this way).
--
Denis Ovsienko
_______________________________________________
Babel-users mailing list
Babel-users@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users
