IETF Logo Mail Archive

[rbridge] Updated charter

erik.nordmark at sun.com (Erik Nordmark) Fri, 28 January 2005 21:18 UTC

From: "erik.nordmark at sun.com"
Date: Fri, 28 Jan 2005 21:18:24 +0000
Subject: [rbridge] Updated charter
In-Reply-To: <1106971684.2376.229.camel@thunk>
References: <41F99A4C.1020701@sun.com> <95173CDE-7114-11D9-A2CE-000D93ACD0FE@it.uc3m.es> <41FA8C7A.80907@sun.com> <1106971684.2376.229.camel@thunk>
Message-ID: <41FB1BFD.7070301@sun.com>
X-Date: Fri Jan 28 21:18:24 2005

Bill Sommerfeld wrote:

> Also: it would be very desirable if the behavior seen by hosts in the presence
> of other misconfigured hosts should be the same or better than what you get
> with a traditional network.
> 
> As a specific example, when two or more nodes assert ownership over the same
> address with arp, all nodes should see all the traffic (since hosts can ring
> alarm bells/log/audit/etc. when they're being spoofed).

I think you are stating a potential goal for rbridges that when multiple 
hosts claim the same MAC address, they should all receive a copy of 
packets to such a MAC address.
Do folks agree that this would be reasonable?

I don't think a solution can guarantee this when there is a mixture of 
802.1D bridges and rbridges, because 802.1D bridges don't provide this, 
but as long as the hosts are attached to different rbridges I think it 
would be possible.

    Erik
From marcelo at it.uc3m.es  Sat Jan 29 02:08:49 2005
From: marcelo at it.uc3m.es (marcelo bagnulo braun)
Date: Sat Jan 29 02:12:27 2005
Subject: [rbridge] Updated charter
In-Reply-To: <41FB1BFD.7070301@sun.com>
References: <41F99A4C.1020701@sun.com>	<95173CDE-7114-11D9-A2CE-000D93ACD0FE@it.uc3m.es>	<41FA8C7A.80907@sun.com>
	<1106971684.2376.229.camel@thunk> <41FB1BFD.7070301@sun.com>
Message-ID: <C58433C2-71DD-11D9-A2CE-000D93ACD0FE@it.uc3m.es>


El 29/01/2005, a las 6:15, Erik Nordmark escribi?:

> Bill Sommerfeld wrote:
>
>> Also: it would be very desirable if the behavior seen by hosts in the 
>> presence
>> of other misconfigured hosts should be the same or better than what 
>> you get
>> with a traditional network.
>> As a specific example, when two or more nodes assert ownership over 
>> the same
>> address with arp, all nodes should see all the traffic (since hosts 
>> can ring
>> alarm bells/log/audit/etc. when they're being spoofed).
>
> I think you are stating a potential goal for rbridges that when 
> multiple hosts claim the same MAC address, they should all receive a 
> copy of packets to such a MAC address.
> Do folks agree that this would be reasonable?
>

but, wouldn't this render trivial to sniff any communication across the 
whole bridged cloud?
i mean, i don't think it would acceptable to substitute routers by 
rbridges if one of the costs is that anyone can sniff any 
communication....

Perhaps we need to define link-layer CGA addresses to properly address 
this issue?

Regards, marcelo

> I don't think a solution can guarantee this when there is a mixture of 
> 802.1D bridges and rbridges, because 802.1D bridges don't provide 
> this, but as long as the hosts are attached to different rbridges I 
> think it would be possible.
>
>    Erik
> _______________________________________________
> rbridge mailing list
> rbridge@postel.org
> http://www.postel.org/mailman/listinfo/rbridge
>

v2.23.0 | Report a Bug | By Email