Robert Wilton via Datatracker <[email protected]> wrote: > 6.10.1. Fundamental Concepts of Autonomic Addressing
> For a PE device or NID, how does it know which interfaces to run ACP
> over?
I think that "PE" here means "Provider Edge"?
The answer is that it runs the GRASP DULL on *ALL* interfaces, because it the
device may have no idea it is a Provider Edge device on that Interface.
A Provider might want to turn this off, and they could well do that once the
device has joined the ACP and gotten management control. But, the risk of
doing that is that the cables will get plugged in wrong, and the operator
will lose access to the device.
In this case, I think that ANIMA's ACP prefers connectivity over the small
amount of privacy lost by indicating that an IKEv2 is listening on an IPv6
Link-Local address. There is no security breach possible because the IKEv2
(or DTLS) connection will not complete without the right trust anchors present.
A smart heuristic might be to include some kind of dead-man's switch.
The management interface might turn the DULL off on some interfaces for a
period of time, and if the management interface is lost, then the interfaces
would stop being suppressed. This falls into the quality of implementation
category at this point.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
