On Fri, 8 Aug 2003, Tony Hain wrote: > Pekka Savola wrote: > > So, what exactly is wrong with the Bellovin/Zill Router > > Advertisement option proposals which make it very easy for > > normally local-only appliances to restrict the nodes they > > allow access from? > > For the function it performs, nothing. What it lacks is a prefix space to > advertise that is not in any way associated with an aggregate that is being > announced in global routing. Fortunately that prefix space is available > using the Hinden draft.
Why exactly is advertising the aggregate a problem? The nodes will filter out those sources they are auto-configured not to speak to before even seeing any maliscious packets. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
