Hi, Inline.
On Fri, Dec 6, 2019 at 5:21 PM Sander Steffann <san...@steffann.nl> wrote: > Hi Robert, > > > To your specific first question this is very popular deployment model .. > just look at SDWANs. So Internet is just a L3 transport for all routers in > your administrative domain or global WAN. Spot on. I do sincerely hope that > whatever the result be of this debate all features will be legal to run on > my boxes regardless how I choose to interconnect them. > > > > As (Internet) transit boxes would never be destination addresses of the > outermost header what problem do you see running anything one likes on R1 > or R2 or R3 and transporting it via open Internet or perhaps some third > party networks ? > > So this is basically a tunnel over the open internet with all tunnel > endpoints in the same (or cooperating) administrative domain. In that case > it's indeed up to the participants to deal with and debug. > Ok very cool. So it looks like we have quick and easy agreement on that one. Chairs please take a note on that. So the tunnel model I don't mind. Can we be certain it indeed fits all > deployments and leaking isn't possible. Theory and practice are the same in > theory, but not in practice :) > Very true - no argument. But what is "leaking" ? If I am forwarding within my own address space as we just agreed this is ok - no leaking. Now if I will construct the packet stuff it with whatever legal or illegal EHs and send it towards the address that does not belong to me - this is not leaking but an attack vector. Can this happen - oh yes. Almost certainly it will happen. So we need to protect our edges from such attacks regardless what 6man or spring or xyz will standardize or allow to insert or remove from the packet header. Sounds to me like a very important topic but a bit orthogonal to subject of this specific thread. Many thx, R.
_______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
