IETF Logo Mail Archive

Re: I-D.ietf-v6ops-cpe-simple-security-09

Ole Troan <ot@cisco.com> Fri, 05 March 2010 09:07 UTC

Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1ED4928C1FB for <ietfarch-v6ops-archive@core3.amsl.com>; Fri, 5 Mar 2010 01:07:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtF15wkvf75B for <ietfarch-v6ops-archive@core3.amsl.com>; Fri, 5 Mar 2010 01:07:17 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 0F38D3A8D52 for <v6ops-archive@lists.ietf.org>; Fri, 5 Mar 2010 01:07:15 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1NnTQG-000A3v-MD for v6ops-data0@psg.com; Fri, 05 Mar 2010 09:02:16 +0000
Received: from [144.254.224.141] (helo=ams-iport-2.cisco.com) by psg.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.71 (FreeBSD)) (envelope-from <ot@cisco.com>) id 1NnTQE-000A3U-0H for v6ops@ops.ietf.org; Fri, 05 Mar 2010 09:02:14 +0000
Authentication-Results: ams-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-AV: E=Sophos;i="4.49,586,1262563200"; d="scan'208";a="4018914"
Received: from ams-core-1.cisco.com ([144.254.224.150]) by ams-iport-2.cisco.com with ESMTP; 05 Mar 2010 08:29:24 +0000
Received: from ams-otroan-87110.cisco.com (ams-otroan-87110.cisco.com [10.55.160.155]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o2592BW9023252; Fri, 5 Mar 2010 09:02:12 GMT
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Ole Troan <ot@cisco.com>
In-Reply-To: <429FD946-7AD4-4C3A-B2F4-0226244E5C08@cisco.com>
Date: Fri, 05 Mar 2010 10:03:27 +0100
Cc: james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F37EA061-E55C-4DA1-8FC4-1C583F3605BD@cisco.com>
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <0E826480-B510-4907-9F38-6119C0D7523B@cisco.com> <929CA789-3B68-4B60-A623-311D072B4F17@cisco.com> <AA773B57-8CD1-4701-A39A-F2E10DEED35E@apple.com> <38CDE90C-7CF7-41B2-893E-E2811B3E51B1@cisco.com> <A424A6DF-68F3-4338-833E-872490C6CB23@apple.com> <429FD946-7AD4-4C3A-B2F4-0226244E5C08@cisco.com>
To: Mark Baugher <mbaugher@cisco.com>
X-Mailer: Apple Mail (2.1077)
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>

>>>> I will say that it doesn't make sense to me that my service provider should be allowed to join my organization-local scope multicast groups, or that I can join their organization-local scope groups.  That's what it would mean if we said 'site-local' here instead of what it currently says.
>>> 
>>> Site scope give us the same thing and I recommend that we use that instead.
>> 
>> I'm confused.  To what "same thing" are you referring?
>> 
>> I've explained that making site-local the DEFAULT multicast scope boundary places the subscriber network in the same organization-local scope as the provider network, whereas making organization-local the DEFAULT multicast scope boundary places the subscriber network and the provider network in different organization-local scopes.
> 
> You stated it but didn't explain it.  As Fred Baker has pointed out to you in his recent email: 'RFC 4291 knows nothing of an "organization-local" scope'.  I don't see read any explanation in your latest version but only a reference to RFC 4291.  Here are the 4291 definitions:
> 'Site-Local scope is intended to span a single site. Organization-Local scope is intended to span multiple sites belonging to a single organization.'
> 
>> 
>> In what way are subscribers and providers part of the same organization?  Why are they not separate organizations by DEFAULT?
> 
> Site-local scope means that the multicast messages will not be forwarded outside the site.  That's "the same thing" as what we need.  What about this problem of having my organizational scope multicast visible to my service provider.  Where is it written that a site must be part of a the nearest organization?  My home network is not part of any organization.  If I had organization-scope multicast on my home network, I would not expect my default CPE gateway to forward organization-local messages out my service access-network interface - and vice versa.  Where is your use case of organization-local scope defined?  Not in the source you cite. 

if you also want the CPE to be a boundary router for the organizational scope, then aren't you in agreement with James?

see RFC4007. a zone of lesser scope is fully contained within a zone of larger scope. so a organizational-scope boundary will also be a site-local boundary.

cheers,
Ole

v2.23.0 | Report a Bug | By Email