For (3), the question is whether or not you need a single SA
or multiple
SAs (one per MN). The level of protection provided by both
is in fact
comparable, assuming trust relationship between AR and MAP
(which should
be a fundamental requirement for NETLMM anyway). From a
threat
perspective, if we are trying to address both a bogus MN
causing
unnecessary updates in the network and a bogus AR sending
updates to the
MAP, the former should be handled by (1) and (2), while the
latter will
be handled sufficiently by a single AR-MAP SA.
jak>> The SA really only needs to be one per tunnel.
The tunnel runs between
MAP and the AR, but there could be multiple of these
depending on whether
traffic engineering is being used to provide different
service levels. Each
would need a separate SA. I don't think a seperate SA per
MN is needed, and,
as a practical matter, it would raise scalability concerns.
jak
_______________________________________________
netlmm mailing list
netlmm ngnet.it
https://vesuvio.ipv6.cselt.it/mailman/listinfo/netlmm
|