On 2010-09-12 15:22, sth...@nethelp.no wrote: >>>> How would you solve the problem? If you give end-nodes the ability to >>> Exactly the way it has been done for IPv4 with the mechanisms I've given >>> examples of before. >> Your criticisms seemed to be architectural ones - that the IETF hadn't >> designed a protocol that addressed these issues. So my question was how >> would you solve it (architecturally)? >> >> Layer 2 devices inspecting traffic isn't architecturally acceptable >> because it's a layer violation, > > L2 inspection of (IPv4) L3 traffic is a heavily used feature in some > environments, and is promoted by for instance Cisco as one part of > "Access Security Best Practices" (see the reference Mikael Abrahamsson > provided). > > The same functionality is of course needed for IPv6. If people have a > hard time accepting that I'd say they're badly out of touch with the > real networking world. >
The reason layer violation is considered architecturally wrong is that it means that layer n devices become an obstacle to deploying new layer n+1 protocols, or vice versa. So, indeed, those who market layer 2 solutions relying on layer violation will have to update their products when a new layer 3 arrives. That's a statement of fact, not an emotional reaction, BTW. Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------