On 2010-09-12 15:22, sth...@nethelp.no wrote:
>>>> How would you solve the problem? If you give end-nodes the ability to
>>> Exactly the way it has been done for IPv4 with the mechanisms I've given
>>> examples of before.
>> Your criticisms seemed to be architectural ones - that the IETF hadn't
>> designed a protocol that addressed these issues. So my question was how
>> would you solve it (architecturally)?
>>
>> Layer 2 devices inspecting traffic isn't architecturally acceptable
>> because it's a layer violation,
>
> L2 inspection of (IPv4) L3 traffic is a heavily used feature in some
> environments, and is promoted by for instance Cisco as one part of
> "Access Security Best Practices" (see the reference Mikael Abrahamsson
> provided).
>
> The same functionality is of course needed for IPv6. If people have a
> hard time accepting that I'd say they're badly out of touch with the
> real networking world.
>
The reason layer violation is considered architecturally wrong is
that it means that layer n devices become an obstacle to deploying
new layer n+1 protocols, or vice versa.
So, indeed, those who market layer 2 solutions relying on layer
violation will have to update their products when a new layer 3 arrives.
That's a statement of fact, not an emotional reaction, BTW.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
