[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNA] Route vs Advertise

To: greg.daley@eng.monash.edu.au, Sathya Narayanan <sathya@research.panasonic.com>
Subject: Re: [DNA] Route vs Advertise
From: James Kempf <kempf@docomolabs-usa.com>
Date: Fri, 03 Jun 2005 06:36:59 -0700
Cc: Erik Nordmark <erik.nordmark@sun.com>, Dna <dna@eng.monash.edu.au>
References: <429F4329.1040807@Research.Panasonic.COM><429FBC9E.1070507@eng.monash.edu.au>
Sender: owner-dna@ecselists.eng.monash.edu.au

Greg,

That is right, however, this is an optional feature of SEND, because many
ISPs may not have the ability to add the special attributes to the router
certs.

            jak

----- Original Message ----- 
From: "Greg Daley" <greg.daley@eng.monash.edu.au>
To: "Sathya Narayanan" <sathya@research.panasonic.com>
Cc: "Erik Nordmark" <erik.nordmark@sun.com>; "Dna" <dna@eng.monash.edu.au>
Sent: Thursday, June 02, 2005 7:12 PM
Subject: Re: [DNA] Route vs Advertise


> Hi Sathya,
>
> Sathya Narayanan wrote:
> > Erik -
> >
> > It was my understanding that, a host can choose a prefix advertised by
> > R1 for its address configuration and use R2 as the default router
> > through which it sends is packets; i.e. advertising a prefix doesn't
> > mean the router is the only one that can route it.
> >
> > In SEND, 3971, section 7.3:
> >
> > Constrained
> >
> >       If the network operator wants to constrain which routers are
> >       allowed to route particular subnet prefixes, routers should be
> >       configured with certificates having subnet prefixes listed in the
> >       prefix extension.  These routers SHOULD advertise the subnet
> >       prefixes that they are certified to route, or a subset thereof.
> >
> > ....
> >
> >    Nodes SHOULD use one of the certified subnet prefixes for stateless
> >    autoconfiguration.  If none of the advertised subnet prefixes match,
> >    the host SHOULD use a different advertising router as its default
> >    router, if one is available.
> >
> >
> > This text seems to imply that routers advertising a prefix means they
> > are the ones allowed to route it.
> > Am I missing something?
>
> I remember this issue from SEND.
>
> Someone else may remember better though.
>
> The issue in SEND is essentially that in some circumstances we want to
> guarantee that a router is actually delegated authority to route for
> that prefix.   This is in the Certificate, not the PIO.
>
> I'd guess that the origin of the prefix doesn't matter (which RA the
> PIO arrives in), although the certificate would indicate that only
> those prefixes which are similarly authorized should be used as next
> hops for packets with that source address.
>
> Greg
>

Follow-Ups:
- Re: [DNA] Route vs Advertise
  - From: Sathya Narayanan <sathya@research.panasonic.com>

References:
- [DNA] Route vs Advertise
  - From: Sathya Narayanan <sathya@research.panasonic.com>
- Re: [DNA] Route vs Advertise
  - From: Greg Daley <greg.daley@eng.monash.edu.au>

Prev by Date: Suggestions for working toward a single solution (was Re: [DNA] NoFastRA unless Landmark)
Next by Date: [DNA] comments on draft-ietf-dna-hosts-00
Prev by thread: Re: [DNA] Route vs Advertise
Next by thread: Re: [DNA] Route vs Advertise
Index(es):
- Date
- Thread