1. At least one of the ETRs authoritative for the
EID-Prefix included in the Map-Request registered with the P-bit set
to 1 |
The Map-Server MUST generate a
LISP-SEC-protected Map-Reply, as
specified in . The
ETR-Cant-Sign E-bit in the
EID Authentication Data (EID-AD) MUST be set to 0. |
2. At least one of the ETRs authoritative for the
EID-Prefix included in the Map-Request registered with the S-bit set
to 1 |
The Map-Server MUST generate a
LISP-SEC-protected Encapsulated
Map-Request (as specified in ) to be sent to
one of the authoritative ETRs that registered with the S-bit set to
1 (and the P-bit set to 0). If there is at least one ETR that
registered with the S-bit set to 0, the ETR-Cant-Sign E-bit of the
EID-AD MUST be set to 1 to signal the ITR that a non-LISP-SEC
Map-Request might reach additional ETRs that have LISP-SEC
disabled. |
3. All the ETRs authoritative for the EID-Prefix
included in the
Map-Request registered with the S-bit set to 0 |
The Map-Server MUST send a Negative
Map-Reply protected with
LISP-SEC, as described in .
The ETR-Cant-Sign
E-bit MUST be set to 1 to signal the ITR that a non-LISP-SEC
Map-Request might reach additional ETRs that have LISP-SEC
disabled. |