Re: draft-ietf-v6ops-cpe-simple-security-12.txt feedback

[Fred Baker <fred@cisco.com>]

On Aug 6, 2010, at 10:20 PM, james woodyatt wrote:

> I'm really not sure why people seem to think that subscribers ought to be lumped into the same organizational zone as their service provider. I must need to be educated about operational considerations again.

On Aug 7, 2010, at 2:49 AM, Mark Smith wrote:

> There's quite a lot of IPTV interest in the .au market at the moment,
> and one of the branded service wholesale IPTV providers to ISPs is
> using IPv4 multicast to deliver it. The provider is originating the
> multicast traffic outside the ISP networks, so in an IPv6 context I
> think the scope for that traffic would need to be global.

OK, Mark, what are you arguing here?

I *think* you are arguing that the router SHOULD be configurable by some means (manual? UPnP? what?) to accept a multicast from the ISP and repeat it on the (a?) local LAN, or more generally, that a CPE router SHOULD be configurable to forward an identified class of multicast traffic between subnets to which it is attached. Is that correct? If so, I'll suggest we think about that recommendation for the CPE Router discussion that we just initiated.

With respect to security, which is the subject of this draft, how would you recommend identifying the class of traffic? Are you suggesting that a simple home firewall should prevent the home from being ddos'd using unicast but should be default be ddos-able using multicast? Where does this discussion lead us?