In message <[EMAIL PROTECTED]>, Brian E Carpenter writes: >Indeed. All of this is the same for the DSCP actually, and the >assumption is that operators will protect themselves with >admission control. > >(See sections 7.1 of RFC 2474 and 6.1 of RFC 2475 for detailed discussion) >
Right. The question now is how to do that. I was about to agree strongly with the "must send as zero if not a flow, routers must not modify" until I started thinking along these lines. What should a border router do with a packet that doesn't meet its constraints? I only see three choices: reset the flow label to something locally acceptable, drop the packet, or tunnel. But dropping the packet means that flow labels can only be used for flows that stay within a particular flow label domain, and the tunneling path leads to madness. (Well, perhaps to MPLS, but I don't think we want to go down that rathole now.) I'm forced to conclude that we have two choices: either we give up on flow labels entirely, or we permit them to be modified en route. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------