On Oct 23, 2011, at 5:13 AM, Jari Arkko wrote: >>>> o When a router originates packets it may use as a source address >>>> either an EID or RLOC. >>> You should state somewhere what the manageability requirements are for >>> making this happen, or if hardcoded policies are sufficient (e.g., iBGP vs. >>> eBGP use of addresses). Does this require additional functionality for RFC >>> 3484 style source address selection, or can you cope with existing >>> functionality? >> It does not. The same requirements for originating IP packets has not >> changed. If it is stated that the outgoing interface's address is used as >> the source address, then whatever namespace the address belongs to is used. >> >>> Note: I'm not asking for any new functionality, just a statement about the >>> expectations. >> No expectations. ;-) > > Fine. Can we state that? At least this reader was wondering if a router > needed something special to be handle the selection. I'm of course very glad > that the answer is no.
I added a sentence to the first bullet. >> >>> Second, I wish you would have specified the source address checks better. >>> Are there situations where you would NOT want to make a pretty strict test, >>> i.e., that source EID maps to source RLOC? >> Because this is work still in progress. > > I understand that, but accepting tunnel packets without this validation just > seems pretty open to attacks. And this is not just about LISP. In general, > every IETF technique that comes out may have vulnerabilities that cause > trouble not just for that technology but also for other things in the > Internet. I'm worried that this coyld be an attack vector to attack other > things in the Internet in the future. Can we agree on a middle ground, e.g., > make the MAY a SHOULD? I'd be much happier with that… I hear you loud and clear. But no one may implement this beacuse it is hard and expensive. We need to solve it another way and we are not ready to document it yet. Dino _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
