[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [savi] Identifying First-Hop Vs. Forwarded Traffic

From: Christian Vogt <christian.vogt at ericsson.com>
To: marcelo bagnulo braun <marcelo at it.uc3m.es>
Cc: SAVI Mailing List <savi at ietf.org>
Date: Sun, 16 Nov 2008 13:06:04 -0600
In-reply-to: <490B1CA1.7010103 at it.uc3m.es>
References: <29B0AB6A-A250-427F-BFBB-AF63D405D633 at nomadiclab.com> <alpine.LRH.2.00.0810310827150.22025 at netcore.fi> <490ACD36.4000700 at it.uc3m.es> <alpine.LRH.2.00.0810311220140.27568 at netcore.fi> <490ADEE7.6080505 at it.uc3m.es> <4FFCABE7-BB56-4EE2-8F79-4225A2DC358D at nomadiclab.com> <490AFC77.5000601 at it.uc3m.es> <E1672896-A7C7-4E84-9E83-8A1866DF52FA at nomadiclab.com> <490B1CA1.7010103 at it.uc3m.es>

On Oct 31, 2008, marcelo bagnulo braun wrote:

The reason I am saying that approach (1) is "opt-in" is this:  Before
the attack, the SAVI device does not even perform any validation atall.
what do you mean? AFAIU, the SAVI device by default drops all the
packets except those coming with a source address containing one ofthe
on-link prefixes.


So a SAVI device by default drops all packets from off-link prefixes?
But the validation of these packets is exactly what we want to leave to
ingress filtering, right?

Then, since we leave to ingress filtering the validation of packets with
off-link prefixes, the SAVI device should let these packets pass IMO.

- Christian

References:
- [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: Christian Vogt
- Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: Pekka Savola
- Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: marcelo bagnulo braun
- Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: Pekka Savola
- Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: marcelo bagnulo braun
- Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: Christian Vogt
- Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: marcelo bagnulo braun
- Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: Christian Vogt
- Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
  - From: marcelo bagnulo braun

Prev by Date: Re: [savi] SAVI Meeting Agenda for IETF 73
Next by Date: [savi] about draft-vogt-savi-rationale-00.txt
Previous by thread: Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
Next by thread: Re: [savi] Identifying First-Hop Vs. Forwarded Traffic
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.