Re: Comments on Extensions to IS-IS for Advertising Optional Router Capabilities
Naiming Shen <naiming <at> redback.com>
2003-07-02 01:55:29 GMT
thanks for the comments, some replies inline.
] Naiming & all,
] I have a couple of questions on the draft.
] 1) As you mentioned, this feature can be used in MPLS-TE environment (or) by
] the Network management (or) for some other informational purposes.
] Having said that, Router-ID may not be available (if TE extensions are not
] implemented) in some implementations. How do we solve that? Shouldn't we
] consider System-ID as the unique identity?
I think Router-ID is something very simple to implement, does not need
to do it along with TE extensions. For this capability extension purpose,
it only needs to be an unique 32bits number in the IGP domain. For
example, it could use the "IP Interface Address" number in the LSP.
But since the router-id is such a useful thing, I would recommend
anyone implements this draft to use the "real" router id of the
router or the virtual router. This extension came up first with
the troubleshooting in mind, and if the router-id is a routable one,
it would be useful in operation with an IP address.
] 2) I think advertising the router capabilities do create security concerns.
] For example, if I advertise I don't have HMAC-MD5 capability, then an
] intruder can aim at that specific system.