>|> That implies that the >|> ETR does a mapping lookup on the receipt of a packet, buffers >|> the packet until the lookup succeeds, and the does the >|> compare. >| >|Oh you mean like the IPv6 neighbor discovery process!? > > >Two wrongs don't make a right.
Why buffer the packet until the lookup succeeds? Why not just accept the first few packets while a lookup is done in parallel then, if subsequent packets appear to be coming from an incorrect ITR, just start dropping? That way we can defeat *sustained* DOS attacks, which are the only ones we really care about anyway. Fred [EMAIL PROTECTED] _______________________________________________ rrg mailing list [email protected] https://www.irtf.org/mailman/listinfo/rrg
