[rbridge] Options...

Eastlake III Donald-LDE008 Donald.Eastlake at motorola.com
Tue Feb 26 08:10:43 PST 2008 

Hi Radia,

See below at @@@

-----Original Message-----
From: Radia Perlman [mailto:Radia.Perlman at sun.com] 
Sent: Monday, February 25, 2008 6:48 PM
To: Eastlake III Donald-LDE008
Cc: Rbridge at postel.org
Subject: Re: [rbridge] TRILL Use of IS-IS

I like this draft, which I'm just saying explicitly because in the past 
I've not been all that enthusiastic about options.

@@@ Thanks.

However, I'm still unconvinced about the need for critical options, but 
it doesn't seem that onerous to provide for them.

And as for the integrity protection option in the draft, (section 3.4), 
why not just protect the inner packet, which does not
get modified hop by hop? And furthermore, it seems like security ought 
to be end-to-end and not ingress-to-egress RBridge,
so I'm not sure how useful it is to provide it, especially if computing 
it is nontrivial.

@@@ Sure end-to-end security is best but it is a fallacy to believe that
security should be ignored unless it can be the best. That would imply,
for example, that 802.11 (Wi-Fi) security is useless because it is just
hop by hop. But people at public hot spots really don't want everyone in
the vicinity to be able to tell what insecure web sites they are
browsing and the like.

@@@ The computations for authentication and/or encryption will be
nontrivial but how much of a burden that is depends on what hardware
assist you have. People in the wireless world generally think of
authentication and encryption as being free because there is usually
hardware built in that can do it at your maximum transmission rate. That
hardware will just be sitting idle if you choose not to use security.

As for congestion indication, or anything else (like flow ID), in theory

we could provide for it in the main TRILL header, but
there would have to be room for it. Maybe eventually we could do a new 
version of the header that had some of the
options upgraded to be in the main header, and possibly shuffle the 
header along the lines Don proposed awhile ago (moving
the VLAN bits into the TRILL header, for instance.

Radia

@@@ Thanks,
@@@ Donald

More information about the rbridge mailing list