Hi, Lixia! Concerning my unclear statement (i.e., your "I do not see the implication here." comment), what I was trying to convey is the following logic flow: 1) not all identifiers should be at the IP layer -- some logically occur at other layers 2) just because identifiers are at several layers, one can still correlate between them (e.g., for network management or security) as long as that layer isn't encrypted.
The reason I made this statement is that some postings seemed to imply (or, at least, this is how I read them) that routing identifiers have to solve all problems. I disagree: routing identifiers need to solve routing problems but other problems can be solved by identifiers at other layers. This observation is hopefully obvious but what excites me is what it means to ancillary requirements such as security and network management. As you may know, I've been keen for about a decade on the concept of "security zones" in which one can have unique policies for parts of a routing infrastructure to handle unique requirements of a community of interest. I therefore consider the various insights of the RRG postings to see their implications to this type of goal, which is why I felt the need to mention something which to others is hopefully obvious. Specifically, security zones theoretically can be made by routing policy at the IP layer (e.g., policy-based routing) but I am currently discouraged at how this works, except for VPNs and map-and-encaps, which really are parallel (complementary) routing systems. Therefore, I am currently trying to do this at the "IPsec layer" or above. I am curious whether LISP, for example, could be used to support security zones but I haven't pursued that idea myself. I wonder if others have? I am also naturally interested if others have had more success doing security zones solely at the IP layer, but that is probably out-of-scope for the RRG and so I didn't want to go there in postings to this WG. -----Original Message----- From: Lixia Zhang [mailto:[email protected]] Sent: Wednesday, July 22, 2009 11:52 PM To: Fleischman, Eric Cc: [email protected] Subject: Re: [rrg] Next topic: properties of identifiers <snip> > The thing that bothers me about this otherwise excellent discussion is > that I interpret these emails as implying that all identifiers must be > known at the IP layer. Hi Eric, I do not see the implication here. <snip> _______________________________________________ rrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/rrg
