draft-ietf-intarea-router-alert-considerations-09.txt   draft-ietf-intarea-router-alert-considerations-10.txt 
Network Working Group F. Le Faucheur, Ed. Network Working Group F. Le Faucheur, Ed.
Internet-Draft Cisco Internet-Draft Cisco
Intended status: BCP August 2, 2011 Updates: 2113,2711 (if approved) August 2, 2011
Intended status: BCP
Expires: February 3, 2012 Expires: February 3, 2012
IP Router Alert Considerations and Usage IP Router Alert Considerations and Usage
draft-ietf-intarea-router-alert-considerations-09 draft-ietf-intarea-router-alert-considerations-10
Abstract Abstract
The IP Router Alert Option is an IP option that alerts transit The IP Router Alert Option is an IP option that alerts transit
routers to more closely examine the contents of an IP packet. routers to more closely examine the contents of an IP packet.
Resource reSerVation Protocol (RSVP), Pragmatic General Multicast Resource reSerVation Protocol (RSVP), Pragmatic General Multicast
(PGM), Internet Group Management Protocol (IGMP), Multicast Listener (PGM), Internet Group Management Protocol (IGMP), Multicast Listener
Discovery (MLD), Multicast Router Discovery (MRD) and General Discovery (MLD), Multicast Router Discovery (MRD) and General
Internet Signalling Transport (GIST) are some of the protocols that Internet Signalling Transport (GIST) are some of the protocols that
make use of the IP Router Alert Option. This document discusses make use of the IP Router Alert Option. This document discusses
security aspects and usage guidelines around the use of the current security aspects and usage guidelines around the use of the current
IP Router Alert Option. Specifically, it provides recommendation IP Router Alert Option thereby updating RFC2113 and RFC2711.
against using the Router Alert in the end-to-end open Internet as Specifically, it provides recommendation against using the Router
well as identify controlled environments where protocols depending on Alert in the end-to-end open Internet as well as identify controlled
Router Alert can be used safely. It also provides recommendation environments where protocols depending on Router Alert can be used
about protection approaches for Service Providers. Finally it safely. It also provides recommendation about protection approaches
provides brief guidelines for Router Alert implementation on routers. for Service Providers. Finally it provides brief guidelines for
Router Alert implementation on routers.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
skipping to change at page 12, line 35 skipping to change at page 12, line 35
o the sites of a network A are interconnected through a service o the sites of a network A are interconnected through a service
provider network B provider network B
o the service provider network B protects itself from IP Router o the service provider network B protects itself from IP Router
Alert messages without dropping those when they transit over the Alert messages without dropping those when they transit over the
transit network (for example using mechanisms discussed in transit network (for example using mechanisms discussed in
[RFC6178]) [RFC6178])
In such controlled environment, an application relying on exchange In such controlled environment, an application relying on exchange
and handling of RAO packets (e.g., RSVP) in the network A sites (but and handling of RAO packets (e.g., RSVP) in the network A sites (but
not inside network B) MAY be safely deployed. We refer to such a not inside network B) can be safely deployed. We refer to such a
deployment as a use of Router Alert in a Water-Tight Overlay. deployment as a use of Router Alert in a Water-Tight Overlay.
"Overlay" because Router Alert Option datagrams are used in network A "Overlay" because Router Alert Option datagrams are used in network A
on top of, and completely transparently to, network B. "Water-Tight" on top of, and completely transparently to, network B. "Water-Tight"
because router alert option datagrams from A cannot leak inside because router alert option datagrams from A cannot leak inside
network B. A private enterprise intranet realised as a Virtual network B. A private enterprise intranet realised as a Virtual
Private Network (VPN) over a Service Provider network, and using RSVP Private Network (VPN) over a Service Provider network, and using RSVP
to perform reservations within the enterprise sites for voice and to perform reservations within the enterprise sites for voice and
video flows might be an example of such controlled environment. Such video flows might be an example of such controlled environment. Such
an environment is illustrated in Figure 4. an environment is illustrated in Figure 4.
 End of changes. 4 change blocks. 
9 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/