As far as attack if someone can attach to LAN and if he knows security details he can do much better then hack IGP.
But oh well if we prefer to continue to ride on current type of roads while complicating design of new vehicles to accomodate it that is fine too. Best, R. On Wed, Apr 3, 2019, 17:26 Tony Przygienda <tonysi...@gmail.com> wrote: > > > On Wed, Apr 3, 2019 at 1:36 AM Robert Raszuk <rob...@raszuk.net> wrote: > >> Hi Tony, >> >> > The fact that we use them in a point-to-point fashion today is somewhat >> orthogonal, as from >> > the routing protocol layer, *we cannot tell* whether an interface is >> point-to-point or not, and we >> > must be explicitly configured to be in point-to-point mode. >> >> Why we cannot tell ? That to me is a protocol specification bug. >> >> Sorry if I was not very clear - My question was driven by the idea to >> actually redefine what LAN is for the purpose of LSR and specifically this >> discussion and perhaps even drop completely support of dynamic flooding >> when LAN is detected and present - based on a new definition of LANs. >> >> It should not matter if interface is multi access or not. >> >> Proposal: >> >> To consider LAN an interface on which you receive Hellos from more then >> one IGP peer. >> >> > leads to simple attack vectors, not possible on misconfiguration > > adding something like OSPF capability saying (/31 is automatically > point-to-point) and enforcing that is possibly but will lead to lots of > backwards compatibility breaks ... In ISIS there isn't a simple way to do > it given an interface may be on multiple subnets (TE TLVs) and so on ... > > so yeah, routing protocols are hard, especially the older ones when one > implements and deploys ;-) > > -- tony >
_______________________________________________ Lsr mailing list Lsr@ietf.org https://www.ietf.org/mailman/listinfo/lsr
