|
Eric, Please refer to the inline comment. Best regards, Guang (2) A rate limit of sending probes
can be set to avoid DoS. (This limit cannot be set on other types of ports,
either.) I think that is briefly mentionned in the
current draft in section 4.2.2 [Guang Yao] I don’t think limiting NSOL rate is
a good solution. There may be a burst of new addresses from the port attached to
a number of hosts. It’s hard to recognize this situation from DoS attack.
Although limiting the rate will not cause binding missing, bad user experience
will be resulted in. 1.3
Add a
section to specify the procedure of check a packet(Section 12 in slaac-cps can
contribute). Similar considerations can be found in
section 2.4 of the current document. [Guang Yao] I read the doc again and found them. I
suggest to separate the state transit description and forward-or-discard
specification, just for clarity. I found two things dubious: 1.
Traffic will be stored when
DAD is not finished. Would it cause a long queue or some kind of DoS? 2.
Why probes are not sent to
Trust port? There may be a host using the tentative address attached to one of
the SAVI neighbors. |
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.