[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IGP choice
On 23/Oct/15 10:48, Saku Ytti wrote:
> I believe this is because you need 802.3 (as opposed to EthernetII)
> and rudimentary CLNS implementation, both which are very annoying from
> programmer point of view.
I'm not really sure what the hold-up is, but I know Mikael, together
with the good folks at netDEF (Martin and Alistair) are working hard on
fixing these issues. While I have not had much time to provide them with
feedback on their progress, it is high on my agenda - not to mention
funding support for them will only help the cause.
> I hope ISIS would migrate to EthernetII and IP. From security point of
> view, people often state how it's better that it's not IP, but in
> reality, how many have verified the flip side of this proposal, how
> easy it is to protect yourself from ISIS attack from connected host?
> For some platforms the answer is, there is absolutely no way, and any
> connected host can bring you down with trivial amount of data.
Well, on the basis that an attack is made easier if you are running
IS-IS on a vulnerable interface, in theory, an attack would be highly
difficult if a vulnerable interface were not running IS-IS to begin with.
But I do not have any empirical data on any attempts to attack IS-IS,
successfully or otherwise. So your guess is as good as mine.
Mark.
- Follow-Ups:
- IGP choice
- From: saku at ytti.fi (Saku Ytti)
- IGP choice
- From: swmike at swm.pp.se (Mikael Abrahamsson)
- References:
- IGP choice
- From: marcel.duregards at yahoo.fr (marcel.duregards at yahoo.fr)
- IGP choice
- From: mark.tinka at seacom.mu (Mark Tinka)
- IGP choice
- From: me at geordish.org (Dave Bell)
- IGP choice
- From: bblackford at gmail.com (Bill Blackford)
- IGP choice
- From: mark.tinka at seacom.mu (Mark Tinka)
- IGP choice
- From: saku at ytti.fi (Saku Ytti)