> > > How would you solve the problem? If you give end-nodes the ability to > > > > Exactly the way it has been done for IPv4 with the mechanisms I've given > > examples of before. > > Your criticisms seemed to be architectural ones - that the IETF hadn't > designed a protocol that addressed these issues. So my question was how > would you solve it (architecturally)? > > Layer 2 devices inspecting traffic isn't architecturally acceptable > because it's a layer violation,
L2 inspection of (IPv4) L3 traffic is a heavily used feature in some environments, and is promoted by for instance Cisco as one part of "Access Security Best Practices" (see the reference Mikael Abrahamsson provided). The same functionality is of course needed for IPv6. If people have a hard time accepting that I'd say they're badly out of touch with the real networking world. Steinar Haug, Nethelp consulting, sth...@nethelp.no -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
