Hi,
See below.
On Tue, Oct 5, 2021 at 4:07 PM Samuel Weiler via Datatracker <noreply@xxxxxxxx> wrote:
>
> Reviewer: Samuel Weiler
> Review result: Not Ready
>
> I'm not satisfied with the weak anti-spoofing protections of TRILL, but I don't
> see this making things worse.
Can you be more specific? Are you talking about spoofing routing control messages or spoofing data or what?
> I have what I hope is a naive question: since this proposes to label level 1
> areas by the set of RBs that connect them to the level 2, expanding on Section
> 6 (One Border RBridge Connects Multiple Areas), what happens when the set of
> RBs connecting to multiple areas is the same, such that all of those areas
> would then get the same name, under this scheme? (I'm hoping this works, and
> I'm just not sorting out the details, but I'm making sure...)
Thanks,
Donald
===============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
2386 Panoramic Circle, Apopka, FL 32703 USA
d3e3e3@xxxxxxxxx
See below.
On Tue, Oct 5, 2021 at 4:07 PM Samuel Weiler via Datatracker <noreply@xxxxxxxx> wrote:
>
> Reviewer: Samuel Weiler
> Review result: Not Ready
>
> I'm not satisfied with the weak anti-spoofing protections of TRILL, but I don't
> see this making things worse.
Can you be more specific? Are you talking about spoofing routing control messages or spoofing data or what?
> I have what I hope is a naive question: since this proposes to label level 1
> areas by the set of RBs that connect them to the level 2, expanding on Section
> 6 (One Border RBridge Connects Multiple Areas), what happens when the set of
> RBs connecting to multiple areas is the same, such that all of those areas
> would then get the same name, under this scheme? (I'm hoping this works, and
> I'm just not sorting out the details, but I'm making sure...)
In the situation you hypothesize, there are three cases generally covered by Section 6 of the draft:
- There is no reason to treat outbound traffic to L2 from any of the L1 areas you hypothesize differently from any other, so there is no problem in this case.
- On inbound traffic from L2, the MAC and data label have to be looked up to determine the egress RBridge and output port and the output port determines the actual L1 area.
- On traffic between L1 areas on an border RBridge, that border RBridge will see itself as the egress nickname in the TRILL packet it receives and do the lookup as in the immediately previous case.
I am working on an update to resolve various IESG COMMENTs which should be posted shortly.
Thanks,
Donald
===============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
2386 Panoramic Circle, Apopka, FL 32703 USA
d3e3e3@xxxxxxxxx
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
