On Thu, 2 May 2002, Brian Haberman wrote:
> Pekka Savola wrote:
> >
> > On Thu, 2 May 2002, Brian Haberman wrote:
> > > I had actually started taking a crack at this whole problem. It
> > > seems to me that the following components are needed for some form of
> > > global anycast support:
> > >
> > > 1. Host-to-router notification protocol (this is taken care of by
> > > changes to mld proposed in draft-haberman-ipngwg-host-anycast)
> > >
> > > 2. Security: at a minimum some form of authentication to allow
> > > routers to determine if hosts are allowed to join an anycast
> > > group
> >
> > You're making assumptions here.
> >
> > Hosts could very well participate in routing protocols.
>
> I don't think I am making assumptions. If a node is injecting routes,
> it is a router. It may not be a member of the trusted set of routers
> though. That is where the security comes in. If operators want to
> protect the set of nodes that can inject routes, they can do so by
> securing the routing protocol exchanges.
No, if a node is injecting routes, it needs not to be a router, as
specified in RFC2460 and referred to in addrarch.
The definition:
router - a node that forwards IPv6 packets not explicitly
addressed to itself. [See Note below].
DNS servers could participate in the routing protocol, injecting a route
to itself, while still being hosts.
Usually the definition of router also includes forwarding packets between
interfaces, but that's only implicit here.
> > > 4. Possibly a draft that documents any impacts on any existing
> > > protocols (routing protocols, TCP, etc.)
> >
> > Unicast RPF is capable of killing anycast with source addresses quite
> > effectively.
>
> Not sure I follow you. The anycast addresses are in the destination
> address field.
You mentioned a host-to-router notification protocol, so we're discussing
what would be different if anycast requirements are changed (not as a
source address, not on a host).
Anycast addresses as source addresses (if allowed) have some amount of
problems.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
