nanog mailing list archives
Re: IPv6, IPSEC and DoS
From: Sean Donelan <sean () donelan com>
Date: Mon, 3 Jan 2005 15:54:38 -0500 (EST)
On Mon, 3 Jan 2005, David Barak wrote:
I guess it's true that everything old is new again: isn't this effectively circuit-switching? If you're dedicating network elements to particular hosts in a non-dynamic manner, doesn't that make your infrastructure effectively a PBX, where moving {device} from one room to the next requires a a technician's assistance?
Not necessarily. Some public networks are moving away from the ask everyone the question, anyone can answer model. It cuts down on the chatter, and the spoofing. That doesn't mean you have to go to a static provisioning model, but it does mean you have to think harder about what you trust, what asks the questions and what answers the questions. You can still have a dynamic network, as long as it doesn't learn the wrong things.
Current thread:
- Re: IPv6, IPSEC and DoS, (continued)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 02)
- Re: IPv6, IPSEC and DoS Valdis . Kletnieks (Jan 01)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 02)
- Re: IPv6, IPSEC and DoS Valdis . Kletnieks (Jan 02)
- Re: IPv6, IPSEC and DoS J. Oquendo (Jan 03)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 03)
- Re: IPv6, IPSEC and DoS David Barak (Jan 03)
- Re: IPv6, IPSEC and DoS Joe Abley (Jan 03)
- Re: IPv6, IPSEC and DoS David Barak (Jan 03)
- Re: IPv6, IPSEC and DoS Christopher L. Morrow (Jan 03)
- Re: IPv6, IPSEC and DoS Sean Donelan (Jan 03)
- Re: IPv6, IPSEC and DoS Todd Vierling (Jan 03)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 03)