QiufangMa
commented
1 year ago Joe: "I would emphasize this in the document to be clear what hardware ramifications might exist and what operational tradeoffs one would consider."
Closed boucadair closed 11 months ago
QiufangMa
commented
1 year ago Joe: "I would emphasize this in the document to be clear what hardware ramifications might exist and what operational tradeoffs one would consider."
boucadair
commented
11 months ago OK. Reordered the options and added a pointer to the new implem section.
From Joe:
"There was a question asked about needing deep packet inspection to effectively implement this. Quifang said yes, but I don't think it would be necessary. If the controller maintained the state and knew who the user was through other means (e.g., AAA/dot1x), it could program the network elements with standard ACL tuple data (i.e., traditional ACLs) dynamically, thus not putting more logic onto the devices or into the hardware. This was similar to a past comment of mine, and I think the document text addresses this.
It's not to say an implementor couldn't do something fancier within the network, but I don't think additional capabilities are required to make this work. "