Re: [savi] Potential issue for all SAVI mechanisms?

Hi Jean-Michel,

What we are talking about "savi switch" is a 2.5 layer switch (layer 2 
switch in data plan with layer 3-aware in controll/management plan).
So what I know from switch vendor is that the 2.5 layer switch chip or the 
stronger CPU can handel it.
For example, the chip can recongnize the Protocol ID field of IP packets to 
recongznie HDCP or NDP packets (even in fragments),
then copy them to switch CPU. The CPU can handle it.

The SAVI switch has been really implmented and deployed, so I did really see 
any problem in real network.
BTW, it seems that SAVI switch doesn't snoop and process RA packets  for 
binding, so maybe RA packet is different.

thanks,
Jun Bi

-----原始邮件----- 
From: Jean-Michel Combes
Sent: Tuesday, June 21, 2011 9:37 PM
To: SAVI Mailing List
Subject: [savi] Potential issue for all SAVI mechanisms?

Hi,

Maybe you already know that there is a discussion on v6ops/6man MLs
about RA Guard evasion (cf.
http://www.ietf.org/mail-archive/web/ipv6/current/msg14204.html).
One of the methods to perform this evasion is fragmentation: it seems
that a L2 device would not be able to re-assemble all the fragments
without an important extra-cost and so would not be able to determine
whether or not the message is a Router Advertisement (cf.
http://www.ietf.org/mail-archive/web/ipv6/current/msg14240.html).

Knowing that:
(1) In common use-case, SAVI device is a L2 device
(2) SAVI mechanisms are based on NDP/SEND/DHCP messages inspection

I am wondering whether or not fragmentation would not impact strongly
SAVI specifications too: any fragmented NDP/SEND/DHCP message could
not update correctly the Binding Table and so what would be the
consequences?

I would appreciate comments from WG members, especially
implementors/manufacturers, about this.

Thanks in advance for your replies.

Best regards.

JMC.
_______________________________________________
savi mailing list
savi@ietf.org
https://www.ietf.org/mailman/listinfo/savi 