Andrew White <[EMAIL PROTECTED]> wrote: |Dan Lanciani wrote: | |> There is a huge difference between requiring a /48 and allowing anything |> greater than /8. The former ... |> while the latter means that you can bypass the black hole with 2 or 4 |> route additions. | |Of course you can bypass it.
The proposed wording is: ``Router manufacturers MUST ensure that said black hole cannot be deconfigured, turned off, or otherwise overridden in toto;'' How do you reconcile this with ``Of course you can bypass it.''? |But remember that your bypass is only useful |if all intermediate routers have ALSO agreed to the bypass, and that the BGP |routers by default ignore updates to local prefixes. Your reasoning would apply equally well to a black hole that *can* be turned off by the owner of the router. The proposal to make the black hole not only the default but a default that cannot be changed by the owner of the router is unprecedented. It relegates these new addresses to permanent second-class- citizen status even within a private network. |So yes, it's trival to modify your system so that the next router in the |chain discards the packet instead. Not with the proposed wording. |More usefully, you can redirect |particular known routes to VPNs or other directly connected networks and |still have the gateway router drop other (unknown) local packets. I don't want to direct only "particular" routes to VPNs. I want to direct all packets destined for otherwise unknown prefixes to a tunnel server which will try to dynamically establish a tunnel to the target network. The proposed restriction would make this kind of overlay network impossible. Maybe that's the idea. Dan Lanciani [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------