[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNA] Re: RS/RA Exchange

To: Soliman Hesham <H.Soliman@flarion.com>
Subject: Re: [DNA] Re: RS/RA Exchange
From: Greg Daley <greg.daley@eng.monash.edu.au>
Date: Tue, 16 Mar 2004 12:42:08 +1100
Cc: Bernard Aboba <aboba@internaut.com>, dna@eng.monash.edu.au
Organization: Monash University
References: <F4410B91C6CC314F9582B1A8E91DC9281BE7CB@ftmail2000>
Reply-to: greg.daley@eng.monash.edu.au
Sender: owner-dna@ecselists.eng.monash.edu.au
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529

Hi Hesham (and Bernard),

Soliman Hesham wrote:
> 
>  > You're right.
>  > 
>  > The link can be a physically distinct, or logically
>  > distinct.
>  > 
>  > I think it would assume a preconfigured interface arrangement
>  > between the access network's routers.
>  > 
>  > It's interesting, but not universally applicable to
>  > access network scenarios.
> 
> => ok, but also consider Bernard's comment on the fact
> that APs are not necessarily pure bridges and that
> they forward traffic selectively over the air to
> associated nodes only. I thought that's how it worked
> but I wasn't sure about existing products. 
> Bernard's description also fits well with having IAPP.
> So I don't think forwarding over the air is a major issue.

I agree, if the routers have a (semi-)private channel, the
forwarding onto the wireless medium needn't be a problem.

The VLAN proposal is sound if it is available.

>  > > => Ok, but even if that can happen, what harm is there
>  > > in snooping? As long as the device cannot impersonate
>  > > the router I don't see any harm in that. 
>  > 
>  > I don't mind this, in the case that there's not too
>  > much traffic on the wireless link.
>  > 
>  > Alternatively, multicast snooping can be used to
>  > help prevent the traffic going onto a wireless segment.
>  > I'm not sure this is 'kosher' though.
> 
> => Sure, but I think it's implemented in bridges. In 
> fact the MLD spec is specifically designed to allow
> bridges to snoop MLD and not treat multicast as broadcast.

I'm gravitating towards some of the ideas
expressed by yourself and Bernard.

The only issue I still have is when it is possible
to inject packets into the configuration stream
(if there's no strong topological separation
between the wireless medium and the config channel).

This could happen if 'just' differential forwarding
was being done based on destination addresses.  It
would be the case either with explicit snooping or
logic in the APs to prevent transmission through the
air.

In this case, the signalling will require some
robustness or authorization. This could be bidirectional
packet exchange on the private channel, or
external authorization like SEND router discovery.
In the bidirectional communication
case, the system would be vunerable to MitM only
from switches or routers on the group's path (or through
prediction/bombardment).

Also, the routers would have to be aware of the fact
that the packets are only going to be sent over a
controlled portion of the link.  So they would need to
be aware of the VLAN topology or the presence of snoopers,
for example.

Greg

References:
- RE: [DNA] Re: RS/RA Exchange
  - From: Soliman Hesham <H.Soliman@flarion.com>

Prev by Date: RE: [DNA] Re: RS/RA Exchange
Next by Date: RE: [DNA] Re: RS/RA Exchange
Prev by thread: RE: [DNA] Re: RS/RA Exchange
Next by thread: RE: [DNA] Re: RS/RA Exchange
Index(es):
- Date
- Thread