rfc9714v2.txt		rfc9714.txt
	skipping to change at line 482 ¶		skipping to change at line 482 ¶
	As specified in Section 7.1 of [RFC9341], "for security reasons, the		As specified in Section 7.1 of [RFC9341], "for security reasons, the
	Alternate-Marking Method MUST only be applied to controlled domains."		Alternate-Marking Method MUST only be applied to controlled domains."
	This requirement applies when the MPLS performance measurement with		This requirement applies when the MPLS performance measurement with
	Alternate-Marking Method is taken into account, which means the MPLS		Alternate-Marking Method is taken into account, which means the MPLS
	encapsulation and related procedures defined in this document MUST		encapsulation and related procedures defined in this document MUST
	only be applied to controlled domains; otherwise, the potential		only be applied to controlled domains; otherwise, the potential
	attacks discussed in Section 10 of [RFC9341] may be applied to the		attacks discussed in Section 10 of [RFC9341] may be applied to the
	deployed MPLS networks.		deployed MPLS networks.
	As specified in Section 3, the value of a FL MUST be unique within		As specified in Section 3, the value of an FL MUST be unique within
	the administrative domain. In other words, the administrative domain		the administrative domain. In other words, the administrative domain
	is the scope of an FL. The method for achieving multi-domain		is the scope of an FL. The method for achieving multi-domain
	performance measurement with the same FL is outside the scope of this		performance measurement with the same FL is outside the scope of this
	document. The FL MUST NOT be signaled and distributed outside the		document. The FL MUST NOT be signaled and distributed outside the
	administrative domain. Improper configuration that allows the FL to		administrative domain. Improper configuration that allows the FL to
	be passed from one administrative domain to another would result in		be passed from one administrative domain to another would result in
	Flow-ID conflicts.		Flow-ID conflicts.
	To prevent packets carrying FLs from leaking from one domain to		To prevent packets carrying FLs from leaking from one domain to
	another, domain boundary nodes MUST deploy policies (e.g., ACL) to		another, domain boundary nodes MUST deploy policies (e.g., ACL) to
	filter out these packets. Specifically, at the sending edge, the		filter out these packets. Specifically, at the sending edge, the
	domain boundary node MUST filter out the packets that carry the Flow-		domain boundary node MUST filter out the packets that carry the FLI
	ID Label Indicator and are sent to other domains. At the receiving		and are sent to other domains. At the receiving edge, the domain
	edge, the domain boundary node MUST drop the packets that carry the		boundary node MUST drop the packets that carry the FLI and are from
	Flow-ID Label Indicator and are from other domains. Note that packet		other domains. Note that packet leakage is neither breaching privacy
	leakage is neither breaching privacy nor a source of DoS.		nor a source of DoS.
	9. IANA Considerations		9. IANA Considerations
	IANA has assigned the following value in the "Extended Special-		IANA has assigned the following value in the "Extended Special-
	Purpose MPLS Label Values" registry within the "Special-Purpose		Purpose MPLS Label Values" registry within the "Special-Purpose
	Multiprotocol Label Switching (MPLS) Label Values" registry group:		Multiprotocol Label Switching (MPLS) Label Values" registry group:
	+=======+===============================+===========+		+=======+===============================+===========+
	| Value | Description | Reference |		| Value | Description | Reference |
	+=======+===============================+===========+		+=======+===============================+===========+
End of changes. 2 change blocks.
	6 lines changed or deleted		6 lines changed or added
This html diff was produced by rfcdiff 1.48.