The MPLS WG Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

[Isis-wg] Question on DCC Architecture

From: RJ Atkinson <rja@inet.org>
Date: Tue, 19 Dec 2000 17:05:12 -0500
Cc: isis-wg@spider.juniper.net, mpls@UU.NET

At 16:09 19/12/00, John Harper wrote:
>Not true - there are BIG security advantages 
>to not having is-is over ip. 
        
        Randy was right, IMHO, the advantages are modest.

>It rules out a huge class of spoofing attacks to which OSPF 
>is vulnerable. 

        OSPF is not vulnerable at all to spoofing attacks
if configured properly (e.g. MD5 enabled, reasonable keys chosen).

>Further,
>there are no evident advantages to having is-is over ip, 

        Agree.

Ran
rja@inet.org

References:
- [Isis-wg] Question on DCC Architecture
  - From: Randy Bush <rbush@bainbridge.verio.net>
- [Isis-wg] Question on DCC Architecture
  - From: Tony Przygienda <prz@net4u.ch>
- [Isis-wg] Question on DCC Architecture
  - From: Mike Truskowski <truskows@cisco.com>
- [Isis-wg] Question on DCC Architecture
  - From: John Harper <jharper@cisco.com>