40 likes | 137 Views
bsr update <draft-ietf-pim-sm-bsr-11.txt>. Stig Venaas venaas@uninett.no. bsr update. Some editorial changes that were presented by Alex last wg meeting In addition we have made changes based on secdir review I posted a few mails on this to the mailing list the last few weeks
E N D
bsr update<draft-ietf-pim-sm-bsr-11.txt> Stig Venaas venaas@uninett.no
bsr update • Some editorial changes that were presented by Alex last wg meeting • In addition we have made changes based on secdir review • I posted a few mails on this to the mailing list the last few weeks • Some editorial changes trying to avoid synonyms and other nits • E.g. group range, address range, group prefix • IPsec related changes, see next slide • Access lists vs BSR border, see later slide
IPsec related changes • Got comments regarding IPsec replay and multi-sender SAs • Added informational reference to draft-ietf-pim-sm-linklocal and text regarding per source SA
Access lists vs BSR border • Got comments regarding our recommendation for ACL to block BSMs from “invalid” BSR addresses and whether they were of any use • Realised two things • They are of very limited use, and it’s better and more effective to do BSR border • I believe many implementations allow you to configure an interface as border interface and block all BSMs • Also, text in 11 has text from PIM draft regarding dropping messages from invalid neighbours • This text should be changed to talking about dropping BSMs from neighbours outside the domain • Plan to make a new revision 12 that recommends BSR border instead of ACLs • Anyone disagreeing with this? • Can update this now and get IESG to review revision 12