On Fri, Feb 12, 2021 at 05:04:40PM +1300, Brian E Carpenter wrote:
> > > Forget using multicast MAC destinations. Maybe i can find the time
> > > trying to remember all the horrible things that could go wrong with
> > it.
> >
> > okay.
>
> As long as you remember that we will always be emulating multicast for
> discovery and flooding. There really isn't any mathematically possible way
> round that, even if the only solution is replicast.
Link-local multicast is fine for DULL grasp, i just wouldn't want to overload
the semantic of the multicast address for the punt="break L2 domain" function
of th
ACP L2 switch.
Full mesh of ACP secure channels to emulate L2 multicast should be well enough
defined
in ACPdraft. If we get ACP capable L2 switches, then that full-mesh problem
wouldn't
even arise anymore.
More interestingly though is to make sure that whatever we do to make the
solution
more resilient (by being able to operate independent of STB), we should also
make sure
that it does not prohibit HW forwarding if/when nodes implement this. I am not
very
confident though that campus/Metro equipment will get HW IPsec any time soon, so
that would leave the open question of how to utilize MacSec.
The trick is not trying to take too many steps at once but ensure that we don't
close doors on them.
Cheers
Toerless
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
