Thanks Suresh and Joel, the text looks good! Thanks for taking the comment into consideration!
Dhruv On Sat, Oct 8, 2022 at 6:46 AM Suresh Krishnan <suresh.krish...@gmail.com> wrote: > Hi Joel, > > On Oct 7, 2022, at 9:07 PM, Joel Halpern <j...@joelhalpern.com> wrote: > > Almost, but not quite. The first part, up to "egress points" is fine. > But the description of the reasons leaves out one case I think is > important. Namely, preventing packets from outside the SR Domain (e.g. > from an outside attacker) entering the SRv6 Domain.) > > > Ah. Got it. This is covered in more detail in RFC8754 Section 5.1 but it > makes sense to at least point to it here. Take 2: > > NEW: > In case the deployments do not use this allocated prefix additional care > needs to be exercised at network ingress and egress points so that SRv6 > packets do not leak out of SR domains and they do not accidentally enter SR > unaware domains. Similarly as stated in Section 5.1 of RFC8754 packets > entering an SR domain from the outside need to be configured to filter out > the selected prefix if it is different from the prefix allocated here. > > Thoughts? > > Regards > Suresh > > _______________________________________________ > spring mailing list > spring@ietf.org > https://www.ietf.org/mailman/listinfo/spring >
_______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
