> OSPF is a good choice for quickly disseminating the same piece of information > to multiple OSPF routers using the same policy and I believe that the > transport instance http://www.ietf.org/id/draft-ietf-ospf-transport- > instance-11.txt > facilitates this. However, I see flow-spec distribution in the general controller > case as being peer specific or even peer interface specific. Do you disagree?
> The use case in question is mitigating attacks closer to the compromised > system by pushing the flow-spec to the customer sites using OSPF as a PE-CE > protocol (RFC 4577). Are there any other instances where we¹d want to push > the same flow-spec to the routers in an IGP domain using OSPF or ISIS? Why isn't this use case extendable to all edge OSPF routers, and not just CE's? I would think the same reasoning would apply... So -- if we are going to do this, we should specifically design it more like a type 5, perhaps, or something with a very limited flooding scope to solve the specific use case in hand, rather than in a way that encourages general use... Does this make sense? :-) Russ _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
