Suresh,
One of the main challenge in implementing the model proposed by the draft
is that edge router has no reliable indication if a host (once it has sent an
RS)
is present on the network or not.
Please see detailed comments below..
--
Shree
1. Prefix Lifetime Binding/Expiry..
Hi Fernando,
I have a question on:
http://tools.ietf.org/html/draft-gont-6man-flowlabel-security-00
Unless I misunderstand something, you're proposing that a flow-label be
constructed using the IPv6 Source Destination values as input-keys to a hash
function as follows:
Flow Label = counter
On Tue, 7 Sep 2010 13:58:21 -0600, Shane Amante sh...@castlepoint.net
wrote:
Hi Fernando,
I have a question on:
http://tools.ietf.org/html/draft-gont-6man-flowlabel-security-00
Unless I misunderstand something, you're proposing that a flow-label be
constructed using the IPv6 Source
Hi,
The authors of draft-carpenter-6man-flow-update (now also
including Shane Amante) are working on a new version. One
fundamental issue that has come up is about the (lack of)
security properties of the flow label. The most brutal
expression of this is:
The flow label field is always
While there may be a few firewalls that will do whatever they think they
need to in order to shut down covert channels, I do not see that as a
significant factor. I imagine most devices will not do so, since it
does represent a meaningful threat to the site being protected.
(There are other
That was supposed to read since it does NOT represent a meaningful threat.
Joel
On 9/7/2010 9:32 PM, Joel M. Halpern wrote:
While there may be a few firewalls that will do whatever they think they
need to in order to shut down covert channels, I do not see that as a
significant factor. I
On Tue, Sep 7, 2010 at 9:18 PM, Brian E Carpenter
brian.e.carpen...@gmail.com wrote:
Hi,
The authors of draft-carpenter-6man-flow-update (now also
including Shane Amante) are working on a new version. One
fundamental issue that has come up is about the (lack of)
security properties of the
Below...
On 2010-09-08 14:44, Christopher Morrow wrote:
On Tue, Sep 7, 2010 at 9:18 PM, Brian E Carpenter
brian.e.carpen...@gmail.com wrote:
Hi,
The authors of draft-carpenter-6man-flow-update (now also
including Shane Amante) are working on a new version. One
fundamental issue that has
On Sep 8, 2010, at 11:44 AM, Christopher Morrow wrote:
On Tue, Sep 7, 2010 at 9:18 PM, Brian E Carpenter
If this is correct, it is futile to assert that the flow label
MUST be delivered unchanged to the destination, because we
cannot rely on this in the real world.
Anything that cannot be
On Sep 8, 2010, at 12:38 PM, Brian E Carpenter wrote:
The idea is that someone
figures out what flow label values will screw you
In the model I proposed, the network the packet is in, as with the DSCP, is in
control of the flow label value.
On Tue, Sep 7, 2010 at 11:38 PM, Brian E Carpenter
brian.e.carpen...@gmail.com wrote:
Below...
On 2010-09-08 14:44, Christopher Morrow wrote:
On Tue, Sep 7, 2010 at 9:18 PM, Brian E Carpenter
brian.e.carpen...@gmail.com wrote:
Hi,
The authors of draft-carpenter-6man-flow-update (now also
On Tue, Sep 7, 2010 at 11:48 PM, Fred Baker f...@cisco.com wrote:
On Sep 8, 2010, at 11:44 AM, Christopher Morrow wrote:
On Tue, Sep 7, 2010 at 9:18 PM, Brian E Carpenter
If this is correct, it is futile to assert that the flow label
MUST be delivered unchanged to the destination, because we
Hi, Shane,
Please find my comments inline
I have a question on:
http://tools.ietf.org/html/draft-gont-6man-flowlabel-security-00
Unless I misunderstand something, you're proposing that a flow-label
be constructed using the IPv6 Source Destination values as
input-keys to a hash
Hi, Steven,
I don't think your conclusion follows. One thing you want for LAG/ECMP is
for each flow from a given src_addr, dst_addr to have a unique FL value.
Fernando's algorithm achieves this by incrementing counter for each new
flow from that address pair.
With that said, I don't
14 matches
Mail list logo