Hi, On Dienstag 06 Januar 2009, Alexander Morlang wrote: > Axel Neumann schrieb: > > We wanted batmand (and especially its core routing algorithm) to be > > decentral and simple. So no central point of control/failure and > > therefore also no HNA server. Of course there are many potential attack > > vectors in a community mesh and probably there will always be until you > > completely restrict the access. Therefore IMHO the preferable security to > > be solved should be: > > > > - detect and protect against (usually accidental) misconfigurations like > > duplicate addresses. > > sure, a duplicate address is something the routingprotocoll has to > detect and to react on, but: > duplicate HNA are very importand and widely accepted in the internet > community, they are called anycast and are a vital instrument in network > design and deployment. > > as an example, anycast ist used for dns root servers, 6to4 tunnel and > many other usecases. > > i am still not understanding why you are discussing about removing such > important thing as anycast. I think nobody wants to remove it. I wanted to point out that real anycast routing has never been supported by batman/bmx and that our features for HNA should NOT be confused with anycast routing. The problem is that the concept of anycast-routing does not easily fit into the batman routing algorithm which relies on a single-source of originator messages (OGMs) for any given destination.
I agree that the lack of anycast routing support is a problem and not a feature. Especially when talking about quagga/zebra like route exchange between different autonomous systems. ciao, axel > > anycast is a way to use distributed services, as you can announce an > anycast address on every node, providing a specific service and packets > will get routed to the nearest service provider. > > > - find mechanisms to limit the impact of denial of service or other > > attacks to the local environment (neighborhood). > > <removed> > > Gruss, Alex > _______________________________________________ > B.A.T.M.A.N mailing list > [email protected] > https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n
