Hi Brian, Easily avoided by another layer of encapsulation, surely? Personally I > would want to do that, and to use an encrypted encapsulation, to make sure > that the SR domain is not penetrated. >
I am not even sure what you call SR domain ... In the old days, slides showed the domain as a little cloud or circle. Well times have changed. Today your domain may be using AWS internal links for interconnect shared with other users. Is this still limited domain buzz ? Then we have a concept of DMZs. Are those part of a limited domain or not ? Note that DMZs are usually open to the Internet (perhaps with few ACls protection and often IPS systems). Life is not as simple as RFCs to say "limited domain" and move on when you are dealing with Internet accepted ethertype. It doesn't, IMHO, belong in this draft. It really looks like an update to > 8402: how to build a distributed SR domain. > Well if you recall during those discussions I illustrated this use case. It was not taken into consideration. And my overall point here - let's be a bit closer to reality. Sure some IETF WGs could work completely detached and produce RFCs which not many will follow - but is this really a good thing ? Best, R.
_______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
