[ietf78-tech] Admission Control: Just to be completely clear
Randy Bush
randy at psg.com
Mon Jun 28 08:04:11 PDT 2010
> The performance question on the filtering VLAN is still the big one in
> my mind.
now that i think i understand the identity and authentication, i agree.
scaling is a real worry.
> If you toss out the IPV6 requirement for the filtering VLAN
tossing out ipv6 tends not to sell well at the ietf.
> The performance worry on both the 3560's and the Ebtables for me is
> that I believe both of those will devolve to linear search on the
> total number of users on the filtering lan (* some statistical
> average). This is per-packet, linear search on some 1000 rules.
it is midnight here. my sense of humor does not extend that far.
> So my own preference would be IPSET's (IP+MAC) as the control
> mechanism. But this means you also buy off on: no IPV6 on the control
> VLAN, and the DHCP for that VLAN has to be 12 hours at least.
i am not sure what you mean by "control vlan." if you mean no ipv6 for
authenticated users, then i wanna watch you explain that to bob hinden
and brian carpenter and ...
randy
More information about the ietf78-tech
mailing list