Andrew White <[EMAIL PROTECTED]> wrote:
|Dan Lanciani wrote:
|
|> There is a huge difference between requiring a /48 and allowing anything
|> greater than /8. The former ...
|> while the latter means that you can bypass the black hole with 2 or 4
|> route additions.
|
|Of course you can bypass it.
The proposed wording is:
``Router manufacturers MUST ensure that said black hole cannot be deconfigured,
turned off, or otherwise overridden in toto;''
How do you reconcile this with ``Of course you can bypass it.''?
|But remember that your bypass is only useful
|if all intermediate routers have ALSO agreed to the bypass, and that the BGP
|routers by default ignore updates to local prefixes.
Your reasoning would apply equally well to a black hole that *can* be turned
off by the owner of the router. The proposal to make the black hole not only
the default but a default that cannot be changed by the owner of the router
is unprecedented. It relegates these new addresses to permanent second-class-
citizen status even within a private network.
|So yes, it's trival to modify your system so that the next router in the
|chain discards the packet instead.
Not with the proposed wording.
|More usefully, you can redirect
|particular known routes to VPNs or other directly connected networks and
|still have the gateway router drop other (unknown) local packets.
I don't want to direct only "particular" routes to VPNs. I want to direct
all packets destined for otherwise unknown prefixes to a tunnel server which
will try to dynamically establish a tunnel to the target network. The proposed
restriction would make this kind of overlay network impossible. Maybe that's
the idea.
Dan Lanciani
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
