On 14/04/2017 04:36, Michael Richardson wrote: ... > I also think we could in light of rfc2460bis renegotiation, argue for > insertion of RPI header by the ACP without IPIP encapsulation :-)
I wouldn't bet on that for a few more weeks yet. We do have a couple of mitigations however: 1) Since the ACP is strictly using ULAs, we can assert that ACP packets are not intended for the open Internet. It would in fact be tragic for many reasons if an ACP packet "escaped". 2) Since the ACP will be based on IPsec/ESP, we can assert that breaking IPsec/AUTH is not an issue. However, we would also need a story on PMTUD within the ACP. > > So all in all, considering the hassle of updating silicon along the > > forwarding plane, I'd think that living without RPI is fine. Now if you > > tell me that it is always going through software that is easy to > > update, then why not? > > I think that this is the case. Updating the ACP code network-wide, in a large network, might not be so easy. Ignorant question: what happens if only some RPL nodes support RPI? Brian _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
