Re: RS sending in draft-ietf-v6ops-ipv6-cpe-router-04

[Wojciech Dec <wdec@cisco.com>]

On 17/04/2010 11:53, "Philip Homburg" <pch-v6ops@u-1.phicoh.com> wrote:

> In your letter dated Fri, 16 Apr 2010 11:49:18 +0200 you wrote:
>> Which node needs the link local address of the CPE? The edge router or
>> the access node? (using draft-krishnan-6man-rs-mark-03 terminology)
>> 
>> Woj> Likely both: The edge router is expected to have an address binding
>> table per CPE and so may the access-node.
> 
> Maybe I'm missing something. I would expect the edge router to maintain a
> mapping from prefix to vlan. It can then use normal neighbor discovery to
> find the mac address for a CPE.

That's not what is envisaged in the BBF and SAVI work. The L2-IP binding
would be learned at user authentication time and likely fixed so as to
prevent some rogue user from polluting the binding table.

> 
> The access node is mostly a bridge. But it may have to filter on mac address
> (and prohibit direct CPE-to-CPE communication) to increase security a bit.
>
The main issue is the IP-L2 binding and the ability to establish it when the
user is authenticated. Attempting to patch together such a binding after
authentication is far from being a good thing.

-Woj. 
>