Telco's write best practices for packet switching networks

• Previous message (by thread): Telco's write best practices for packet switching networks
• Next message (by thread): Telco's write best practices for packet switching networks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In a message written on Fri, Mar 08, 2002 at 05:52:46PM -0800, Vadim Antonov wrote:
> 1) isolation of control traffic from payload traffic to eliminate 
>    possible security breaches.
[snip]
> On #1, Internet routing protocols are notoriously weak. Using globally
> routable frames to carry neighbour-to-neighbour routing information is a
> recipe for disaster (i think everyone on this list can think of few
> not-yet-plugged holes arising from this approach).

This is an area of interest of mine when looking at IPv6.  IPv6
has the notion of link local IP addresses, that can't (for some
definition of can't) be accessed unless you are on that link.

This could go a long way to fixing the problems you mention, but
it introduces some additional configuration issues.  In particular,
the current practice of using the same link local addresses on
every link means you would need to configure both the address and
the port.

In any event, I wonder if there is an opportunity here for additional
security.  Although any changes are clearly years off.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org

• Previous message (by thread): Telco's write best practices for packet switching networks
• Next message (by thread): Telco's write best practices for packet switching networks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]