In message <[EMAIL PROTECTED]>, Brian E Carpenter writes:
>Indeed. All of this is the same for the DSCP actually, and the
>assumption is that operators will protect themselves with
>admission control.
>
>(See sections 7.1 of RFC 2474 and 6.1 of RFC 2475 for detailed discussion)
>
Right. The question now is how to do that. I was about to agree
strongly with the "must send as zero if not a flow, routers must not modify"
until I started thinking along these lines. What should a border
router do with a packet that doesn't meet its constraints? I only see
three choices: reset the flow label to something locally acceptable,
drop the packet, or tunnel. But dropping the packet means that flow
labels can only be used for flows that stay within a particular flow
label domain, and the tunneling path leads to madness. (Well, perhaps
to MPLS, but I don't think we want to go down that rathole now.) I'm
forced to conclude that we have two choices: either we give up on flow
labels entirely, or we permit them to be modified en route.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
