On Sat, 11 Sep 2010, Mark Smith wrote:
How would you solve the problem? If you give end-nodes the ability to
Exactly the way it has been done for IPv4 with the mechanisms I've given
examples of before. L2 devices look at DHCPv6 etc and then enforce policy
accordingly. The thing here is that these mechanisms should have been
designed alongside IPv6 and all the "core" protocols in IPv6 should have
been designed with this in mind, making it easy and cheap for L2 devices
to find the traffic they need to look at.
Now whatever L2 devices need to look at is what is available, and some
isn't that easy to find and it might have to look at multiple things, some
of which is of no interest to it.
If you truly don't trust the end-nodes at all to set their source
address correctly, then quarantining them on individual point-to-point
links would seem to me to be the only option that still allows other
people in other environments to continue to trust end-nodes setting the
source address.
*sigh* Taking the easy way out again. Point to point links are expensive.
Equipment doing q-in-q and/or PPPoE termination carry a hefty premium over
the ones who don't, especially if they need to handle thousands of
customers (ie thousands of interfaces). Compare this to a Cisco 3550 which
can route thousands of customers in a few subnets if needed.
--
Mikael Abrahamsson email: swm...@swm.pp.se
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
