[rrg] Remote ACLs [Proposals which match rrg architectures.html pls check the page]
William Herrin
bill at herrin.us
Sun Jan 4 19:44:56 PST 2009
> On 2009-01-05 02:54, MARCELO BAGNULO BRAUN wrote:
>>> 3 - Problems with maintaining ACLs in other networks for hosts
>>> using SHIM6.
>> I don't understand this one
Marcello,
Shim6 has several weaknesses that can be revealed by comparing it to
the Strategy B criteria. This particular weakness is the lack of
accompanying dynamic source routing protocol.
Unless the IGP in a stratgy B system moves packets first to a valid
exit for the source address and only then to the optimal exit for the
destination address, you end up with a nasty spoofing problem where
routers require extensive manual configuration to tell the difference
between a spoofed source address and a valid multiprefix source
address.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the rrg
mailing list