Document: draft-melsen-mac-forced-fwd-03.txt Trigger: IESG Tele-chat, 3 February 2005 Reviewer: Elwyn Davies AD: Thomas Narten Review Date: 31 January 2005 Intended status: Informational (Private Submission) Review: As a document, this draft is in excellent shape and I would have few qualms about it being accepted as an Informational RFC. The target networks are (broadband) access networks using Ethernet as a transport. The document seeks to provide a form of VPN somewhere between L2 and L3 by combining Proxy ARP and specially adapted filtering Ethernet bridges, with the object a providing a more readily provisioned and more scalable form of VLAN on such Ethernet networks without requiring the use of Ethernet VLAN tags. The filtering bridges serve to constrain the Ethernet traffic to travel between customer premises and an Access Router which can then act as a security, access and routing controller for all traffic in the access network, ensuring that traffic from different customers is separated and is not visible to all connected hosts as it would be in a conventional bridged Ethernet environment. I have two concerns, one technical and the other regarding existing IETF work: - (technical) Further thought ought to be given to limiting the dissemination of multicast traffic - other customers could potentially join a multicast group intended for a particular customer - this is obviously a general issue with multicast, but the accessibility of the common AR makes it relatively easy in the suggested network. Additional authorization may be needed. - (IETF VPN work) There is some overlap with existing VPN work in the IETF although it is addressing a somewhat different scenario and does not propose the use of MPLS. Personally I don't see this as a big problem and the solution seems eminently useful in the particular scenario envisioned (primarily SOHO/branch office situations, probably over limited geographic areas).