You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I would like to discuss more on the behavior of the loopback mode:
I think that there is no real need to collect data on the way back from the duplication node to the source. This can simplify and increase performance of the network as well as the duplicator and the source node. The above includes solving a question: what is being done on the edge of the IOAM, and beyond the edge, assume the source is out of this network.
In addition, there is a question regarding the relation between source and encapsulator, and whether source might be the only one allowed to encapsulate with loopback. One option to protect the source is to force decapsulators to prevent loopback packets from going out of the IOAM domain. This may simplify the the majority of the attack vectors on the source by potential malicious encapsulators.
If agreed, let's fix this draft.
Thanks,
Barak
The text was updated successfully, but these errors were encountered:
Hi,
I would like to discuss more on the behavior of the loopback mode:
I think that there is no real need to collect data on the way back from the duplication node to the source. This can simplify and increase performance of the network as well as the duplicator and the source node. The above includes solving a question: what is being done on the edge of the IOAM, and beyond the edge, assume the source is out of this network.
In addition, there is a question regarding the relation between source and encapsulator, and whether source might be the only one allowed to encapsulate with loopback. One option to protect the source is to force decapsulators to prevent loopback packets from going out of the IOAM domain. This may simplify the the majority of the attack vectors on the source by potential malicious encapsulators.
If agreed, let's fix this draft.
Thanks,
Barak
The text was updated successfully, but these errors were encountered: