On Aug 27, 2015, at 5:59 PM, Russ Housley <housley@xxxxxxxxxxxx> wrote: > > (3) In Section 11, we learn that the VLAN membership of all the > RBridge ports in an LAALP MUST be the same. Any inconsistencies in > VLAN membership may result in packet loss or non-shortest paths. > Is there anything that can be added to the Security Considerations > that can help avoid these inconsistencies? Interesting. In the trill draft I recently reviewed for secdir (draft-ietf-trill-aa-multi-attach) it makes a similar statement that VLAN membership had to be consistent across all ports on all RBridges in a LAALP. In that draft, the consistency meant the VLANs could be left out of the protocol packet. All enabled VLANs MUST be consistent on all ports connected to an LAALP. So the enabled VLANs need not be included in the AA-LAALP- GROUP-RBRIDGES TRILL APPsub-TLV. They can be locally obtained from the port attached to that LAALP. I wondered if the LAALP was responsible for ensuring the consistency. If it is left to the operator configuration, that’s tough. Turns out there’s a dynamic VLAN registration protocol (VRP), but I could not discover that it is doing a consistency check. If the draft you are looking at implies inconsistency is a possibility, then it must be that neither the LAALP or VRP ensures the consistency. —Sandy
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail