[110173] in North American Network Operators' Group
Re: IPv6: IS-IS or OSPFv3
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Sat Dec 27 18:53:51 2008
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
In-Reply-To: Your message of "Sat, 27 Dec 2008 15:23:25 EST."
<20081227152325.59d5b391@cs.columbia.edu>
Date: Sat, 27 Dec 2008 15:53:41 -0800
From: "Kevin Oberman" <oberman@es.net>
X-To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1230422021_12437P
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
> Date: Sat, 27 Dec 2008 15:23:25 -0500
> From: "Steven M. Bellovin" <smb@cs.columbia.edu>
>
> On Fri, 26 Dec 2008 20:37:41 -0800
> "Kevin Oberman" <oberman@es.net> wrote:
>
> > The main reason I prefer ISIS is that it uses CLNS packets for
> > communications and we don't route CLNS. (I don't think ANYONE is
> > routing CLNS today.) That makes it pretty secure.
>
> Unless, of course, someone one hop away -- a peer? a customer? an
> upstream or downstream? someone on the same LAN at certain exchange
> points? -- sends you a CLNP packet at link level...
You mean that someone is silly enough to enable CLNS on external
interfaces? I mean, it's not by default on either Cisco or Juniper. I
don't imagine any other routers do that, either. (Of course, SOMEONE is
always that silly. But I hope the folks reading this are not.)
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
--==_Exmh_1230422021_12437P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Exmh version 2.5 06/03/2002
iD8DBQFJVsAFkn3rs5h7N1ERArz9AJ4zxz3ULnDEd7PE2cIWkddHdnD5HACfXA1i
r564mClUqEw0YLTKzUdlGgI=
=i2fC
-----END PGP SIGNATURE-----
--==_Exmh_1230422021_12437P--
