[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D.ietf-v6ops-cpe-simple-security-09

To: james woodyatt <jhw@apple.com>
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09
From: Mark Baugher <mbaugher@cisco.com>
Date: Thu, 4 Mar 2010 19:03:19 -0800
Cc: IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <A424A6DF-68F3-4338-833E-872490C6CB23@apple.com>
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <0E826480-B510-4907-9F38-6119C0D7523B@cisco.com> <929CA789-3B68-4B60-A623-311D072B4F17@cisco.com> <AA773B57-8CD1-4701-A39A-F2E10DEED35E@apple.com> <38CDE90C-7CF7-41B2-893E-E2811B3E51B1@cisco.com> <A424A6DF-68F3-4338-833E-872490C6CB23@apple.com>

On Mar 4, 2010, at 5:08 PM, james woodyatt wrote:

> On Mar 4, 2010, at 16:50, Mark Baugher wrote:
>> On Mar 4, 2010, at 4:41 PM, james woodyatt wrote:
>>> 
>>> I will say that it doesn't make sense to me that my service provider should be allowed to join my organization-local scope multicast groups, or that I can join their organization-local scope groups.  That's what it would mean if we said 'site-local' here instead of what it currently says.
>> 
>> Site scope give us the same thing and I recommend that we use that instead.
> 
> I'm confused.  To what "same thing" are you referring?
> 
> I've explained that making site-local the DEFAULT multicast scope boundary places the subscriber network in the same organization-local scope as the provider network, whereas making organization-local the DEFAULT multicast scope boundary places the subscriber network and the provider network in different organization-local scopes.

You stated it but didn't explain it.  As Fred Baker has pointed out to you in his recent email: 'RFC 4291 knows nothing of an "organization-local" scope'.  I don't see read any explanation in your latest version but only a reference to RFC 4291.  Here are the 4291 definitions:
'Site-Local scope is intended to span a single site. Organization-Local scope is intended to span multiple sites belonging to a single organization.'

> 
> In what way are subscribers and providers part of the same organization?  Why are they not separate organizations by DEFAULT?

Site-local scope means that the multicast messages will not be forwarded outside the site.  That's "the same thing" as what we need.  What about this problem of having my organizational scope multicast visible to my service provider.  Where is it written that a site must be part of a the nearest organization?  My home network is not part of any organization.  If I had organization-scope multicast on my home network, I would not expect my default CPE gateway to forward organization-local messages out my service access-network interface - and vice versa.  Where is your use case of organization-local scope defined?  Not in the source you cite. 

Mark

> 
> 
> --
> james woodyatt <jhw@apple.com>
> member of technical staff, communications engineering
> 
> 
>

Follow-Ups:
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Ole Troan <ot@cisco.com>

References:
- I-D.ietf-v6ops-cpe-simple-security-09
  - From: james woodyatt <jhw@apple.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Baugher <mbaugher@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Fred Baker <fred@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: james woodyatt <jhw@apple.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: Mark Baugher <mbaugher@cisco.com>
- Re: I-D.ietf-v6ops-cpe-simple-security-09
  - From: james woodyatt <jhw@apple.com>

Prev by Date: Re: I-D.ietf-v6ops-cpe-simple-security-09
Next by Date: Re: I-D.ietf-v6ops-cpe-simple-security-09
Previous by thread: Re: I-D.ietf-v6ops-cpe-simple-security-09
Next by thread: Re: I-D.ietf-v6ops-cpe-simple-security-09
Index(es):
- Date
- Thread