One assumption that is being made is that all hosts are trying to communicate through a router. There are many networks that hosts only talk to each other. Looking at ND tables or flows in a router is not viable for these networks.
True network discovery like security, relies on multiple mechanism. Not one mechanism fits all. Active discovery is one of the key elements. Passive monitoring (e.g. ND tables, MLD joins, DAD monitoring) is another. Some network administrators may determine that responses to all-hosts ping is reasonable, others may not. Having all hosts contain the code for responding gives the network administrators the choice. Without it, they have no choice. The same is true for Inverse ND. Requiring that it be implemented gives them the choice to use it or disable it. -----Original Message----- From: Christian Huitema [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 03, 2005 4:07 To: Mark Smith; Pashby, Ronald W CTR NSWCDD-B35 Cc: ipv6@ietf.org Subject: RE: FW: Re: about draft-pashby-ipv6-network-discovery-00.txt > Only if they respond to the multicast echo request. Reality check: by default, host firewalls drop incoming echo requests. An explicit design goal of these firewalls is to make the host "stealthy", i.e. make sure the host is only detected by parties with which the host decide to communicate. I don't believe that polling protocols can reliably provide inventory. If you really want inventory, you probably will have better luck with a layer 2 access control protocol (802.1x), or by using a router based tool to monitor flows going in and out of the network. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
