Re: draft-macaulay-6man-packet-stain-00 --- Issues to consider
Ehud Doron <ehudoron@gmail.com> Sat, 17 March 2012 10:46 UTC
Return-Path: <ehudoron@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6506921F86BB for <ipv6@ietfa.amsl.com>; Sat, 17 Mar 2012 03:46:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uwn5hjx5iM4G for <ipv6@ietfa.amsl.com>; Sat, 17 Mar 2012 03:46:39 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6BCCC21F86B9 for <ipv6@ietf.org>; Sat, 17 Mar 2012 03:46:39 -0700 (PDT)
Received: by vcbfk13 with SMTP id fk13so6147664vcb.31 for <ipv6@ietf.org>; Sat, 17 Mar 2012 03:46:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=egTNAouYovJNZr8c7G14KthyNxK0+T5eVk/v+Uk14h4=; b=VJ8zhRJ7yDBtAFOKax1UhQtL3qWSzpFaezHOiqcc2kepJq0U7lpZvuv/IfmlbEFcax +Yzg9iQ8SdrfdPlpkf6DMNHnfpJ6+ikReXfFJuw3/+3jeQtFfSe6ohgcg8qBpKOmwTru As/9d0Gsud7vFXnS5aPgDlJAeZe7Y2Bu+BXVWmIiTOtQ1MEwblrskG4ECf/8ZUbvp6/E 835ZWSAk/ncSge9bBTA1jw8aV2/hNbtCO5al0zPIBg8wA4XThHgV171PqkY4tE13jH14 kn8gbZ01Xf4C59xXHAj6s8IDv1lNeBOLj8JAz6XnQLgpzelYcFWeuoVNFbWOktCuuYAf BOow==
MIME-Version: 1.0
Received: by 10.52.69.4 with SMTP id a4mr2633712vdu.87.1331981198937; Sat, 17 Mar 2012 03:46:38 -0700 (PDT)
Received: by 10.220.17.208 with HTTP; Sat, 17 Mar 2012 03:46:38 -0700 (PDT)
In-Reply-To: <CAD=ad3izPCfxBAU9gfLA-UGYa_cn-nKxawSKuSDqix0K0+X9dQ@mail.gmail.com>
References: <CAD=ad3izPCfxBAU9gfLA-UGYa_cn-nKxawSKuSDqix0K0+X9dQ@mail.gmail.com>
Date: Sat, 17 Mar 2012 12:46:38 +0200
Message-ID: <CAD=ad3gMMqthWtO7cdDk3zHeQAukAeRiJmyNeyo=J0L6TcidtQ@mail.gmail.com>
Subject: Re: draft-macaulay-6man-packet-stain-00 --- Issues to consider
From: Ehud Doron <ehudoron@gmail.com>
To: ipv6@ietf.org
Content-Type: multipart/alternative; boundary="20cf30780b4e35ccf904bb6e0ae8"
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Mar 2012 10:46:40 -0000
> > Hello Tyson > > > > Indeed a very good and interesting work!! > > > > I would like to suggest a few issues for you and the WG to consider: > > > > 1. In chapter 5 you proposed the PSDO structure. I think you must > consider the addition of Stain structure and semantics to be part of the > draft. Make the Stain semantics be vendor or security managers dependent > can be problematic. We must consider enterprise connecting to multiple ISPs > and vice versa. For Stain provider, define a Stain per customer might be > difficult to manage. The Stain provider cannot impose Stain structure > because his customers might be connected to multiple ISPs, thus to multiple > Stain provider. > > 2. Page 4, chapter 3, item #3 : I think that major concern here is > *scalability*. The client must deal with huge number of security > intelligence, this imposes relatively complicated and expensive hardware > and software. In chapter 3.1, it might be reasonable to add the scalability > benefit. In system view and in general, the IP Staining approach introduces > a genuine and efficient architecture with relatively *small number* of > high scale devices (PMDs) and *large number* of simple and low scale > devices all over the network, mainly in costumers networks. I think this > can be emphasized also in chapter 3, and helps to better understand the > huge benefit of the proposed architecture. > > > > 3. Page 8 – The S and U bits shall be better explained. There > usages are not clear enough. Also please consider to add a requirement in > the Option Type to allow the PSDO to be silently ignored by any nodes don’t > supporting staining, specified by the 2 high order bits in the Option Type . > > > > Best wishes, > > > > > > Ehud Doron > > Senior Architect, CTO office > > Radware Ltd. > > www.radware.com > > T:+972 (3) 7674655 > > M:+972 (54) 7575503 > > F:+972 (3) 7668997 >