[ietf78-tech] Admission Control: Just to be completely clear

Bill Jensen wej at doit.wisc.edu
Mon Jun 28 09:22:04 PDT 2010 

Well, we could take a shot at Captivator-gw.  Version 1.01 does IPv4 at 
layer 2 quite well.  You can download it everywhere but often points to 
http://net.doit.wisc.edu/~dwcarder/captivator/captivator-1.01.tar.gz 
which is a link that is to my coworker's site (Dale Carder).  I asked 
Dale about IPv6 support and he said the only item preventing it from 
working has to do with the redirection step in which captivator relies 
on a tidbit of nat reference on the way to iptables.  It sounds like it 
might not be an issue in freebsd and there may otherwise be a workaround 
available for non-freebsd environments.  He is in need of taking a look 
at this anyway and said he would take a look at it this afternoon. 
UMich has also contributed some work to this project and might already 
have this working.


On 6/28/10 10:04 AM, Randy Bush wrote:
>> The performance question on the filtering VLAN is still the big one in
>> my mind.
>
> now that i think i understand the identity and authentication, i agree.
> scaling is a real worry.
>
>> If you toss out the IPV6 requirement for the filtering VLAN
>
> tossing out ipv6 tends not to sell well at the ietf.
>
>> The performance worry on both the 3560's and the Ebtables for me is
>> that I believe both of those will devolve to linear search on the
>> total number of users on the filtering lan (* some statistical
>> average).  This is per-packet, linear search on some 1000 rules.
>
> it is midnight here.  my sense of humor does not extend that far.
>
>> So my own preference would be IPSET's (IP+MAC) as the control
>> mechanism.  But this means you also buy off on: no IPV6 on the control
>> VLAN, and the DHCP for that VLAN has to be 12 hours at least.
>
> i am not sure what you mean by "control vlan."  if you mean no ipv6 for
> authenticated users, then i wanna watch you explain that to bob hinden
> and brian carpenter and ...
>
> randy
> _______________________________________________
> ietf78-tech mailing list
> ietf78-tech at daedelus.com
> http://www.daedelus.com/mailman/listinfo/ietf78-tech

More information about the ietf78-tech mailing list