Thank you for bringing this proposal forward. I think it is an
interesting idea worth developing.
A couple of small points that I think it would be helpful to clarify.
I believe that there is no intent to require that all limited domains
using RFC 8754 also used the TD Ethertype defined by this draft? I fear
some folks could read the wording that fail-closed domains require this
Ethertype to be trying to say that all limited domains requrie that.
While I would like all SRv6 domains to use the new Ethertype, I do not
think we are or should require that.
I also think that the draft would benefit from calling out an implied
deployment requirement. All Routers which are on SRv6 domains inside
the fail-closed path will need to be upgraded to handle the new
Ethertype, including both accepting packets with the new Ethertype, and
properly generate outgoing packets with the new Ethertype. Even though
they themselves are not processing the SRH (nor adjusting any compressed
SRv6 SID.) I think for many domains this restriction is helpful in
making clear to the operator where they are deploying the new
technology. We need to state it.
Yours,
Joel
On 3/26/2023 7:17 PM, Andrew Alston - IETF wrote:
Hi All,
This is just a notification of publication of the -00 draft referred
to in the subject.
We, as the authors, welcome any discussions around this draft and look
forward to receiving feedback from the working group.
Thanks
Andrew.
*Subject: *New Version Notification for
draft-raviolli-intarea-trusted-domain-srv6-00.txt
A new version of I-D, draft-raviolli-intarea-trusted-domain-srv6-00.txt
has been successfully submitted by Andrew Alston and posted to the
IETF repository.
Name: draft-raviolli-intarea-trusted-domain-srv6
Revision: 00
Title: Trusted Domain SRv6
Document date: 2023-03-26
Group: Individual Submission
Pages: 6
URL:
https://www.ietf.org/archive/id/draft-raviolli-intarea-trusted-domain-srv6-00.txt
Status:
https://datatracker.ietf.org/doc/draft-raviolli-intarea-trusted-domain-srv6/
Htmlized:
https://datatracker.ietf.org/doc/html/draft-raviolli-intarea-trusted-domain-srv6
Abstract:
SRv6 as designed has evoked interest from various parties, though its
deployment is being limited by known security problems in its
architecture. This document specifies a standard to create a
solution that closes some of the major security concerns, while
retaining the basis of the SRv6 protocol.
The IETF Secretariat
Internal All Employees
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area