IETF Logo Mail Archive

Re: [BEHAVE] I-D Action:draft-ietf-behave-v6v4-xlate-06.txt

Xing Li <xing@cernet.edu.cn> Wed, 27 January 2010 13:31 UTC

Return-Path: <xing@cernet.edu.cn>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF4493A6A81 for <behave@core3.amsl.com>; Wed, 27 Jan 2010 05:31:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.097
X-Spam-Level:
X-Spam-Status: No, score=0.097 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HAS_XAIMC=2.696]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSDYUC0L9gMp for <behave@core3.amsl.com>; Wed, 27 Jan 2010 05:31:17 -0800 (PST)
Received: from cernet.edu.cn (sea.net.edu.cn [202.112.3.66]) by core3.amsl.com (Postfix) with SMTP id 82F6D3A67DA for <behave@ietf.org>; Wed, 27 Jan 2010 05:31:16 -0800 (PST)
Received: from [192.168.1.101]([125.34.54.114]) by cernet.edu.cn(AIMC 3.2.0.0) with SMTP id jm54b6079fe; Wed, 27 Jan 2010 21:31:28 +0800
Message-ID: <4B60402C.1010705@cernet.edu.cn>
Date: Wed, 27 Jan 2010 21:31:24 +0800
From: Xing Li <xing@cernet.edu.cn>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <20100125101503.20B5F3A68A3@core3.amsl.com> <4B5D7167.4050801@cernet.edu.cn> <049501ca9df6$8dc787e0$c2f0200a@cisco.com>
In-Reply-To: <049501ca9df6$8dc787e0$c2f0200a@cisco.com>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-AIMC-AUTH: xing
X-AIMC-MAILFROM: xing@cernet.edu.cn
X-AIMC-Msg-ID: hF4zHaXB
Cc: behave@ietf.org, 'Behave Chairs' <behave-chairs@tools.ietf.org>
Subject: Re: [BEHAVE] I-D Action:draft-ietf-behave-v6v4-xlate-06.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2010 13:31:18 -0000

Hi, Dan,

Dan Wing 写道:
> (off-list.)
>
> See below. 
>
>   
>
> The new text is this, and is in the "Translating from IPv4 to IPv6" section:
>
>       If the translator gets an illegal source address (e.g. 0.0.0.0,
>       127.0.0.1, etc.), the translator SHOULD silently drop the packet.
>
> I suggest adding "(as discussed in Section 5.3.7 of [RFC1812])" to the end of
> that sentence.
>   

Modified as in version 07.
>
> Can similar text be added to the "Translating from IPv6 to IPv4" section of
> behave-v6v4-xlate?  Currently regarding stateless translation it says only:
>
>    Source Address:  In the stateless mode, which is to say that if the
>       IPv6 source address is within the range of a configured IPv6
>       translation prefix, the IPv4 source address is derived from the
>       IPv6 source address per [I-D.ietf-behave-address-format] section
>       2.1.  Note that the original IPv6 source address is an IPv4-
>       translatable address.
>
> We probably want to also list IPv6 'martian addresses' (::1, for sure; perhaps
> others?) should be simply dropped (no ICMP response), as was added for IPv4.
>
>
>   
Agree. Modified as in version 07.

> A question:  for debugging/troubleshooting, it seems useful to send an ICMP
> when the source IPv6 address is outside the range of configured IPv6
> translation prefix(es).  That is, add a sentence like this to the quoted
> paragraph above:
>
>   If the IPv6 source address is not within the range of configured IPv6
> prefix(es), 
>   the translator SHOULD respond with an ICMPv6 Type=1, Code=5 (Destination 
>   Unreachable, Source address failed ingress/egress policy).
>
> Thoughts on that idea?
>
>   

Agree. Modified as in version 07.

So the new text reads,

    Source Address:  In the stateless mode, which is to say that if the
      IPv6 source address is within the range of a configured IPv6
      translation prefix, the IPv4 source address is derived from the
      IPv6 source address per [I-D.ietf-behave-address-format] section
      2.1.  Note that the original IPv6 source address is an IPv4-
      translatable address.  If the translator only supports stateless
      mode and if the IPv6 source address is not within the range of
      configured IPv6 prefix(es), the translator SHOULD drop the packet
      and respond with an ICMPv6 Type=1, Code=5 (Destination
      Unreachable, Source address failed ingress/egress policy).

      In the stateful mode, which is to say that if the IPv6 source
      address is not within the range of any configured IPv6 stateless
      translation prefix, the IPv4 source address and transport-layer
      source port corresponding to the IPv4-related IPv6 source address
      and source port are derived from the Binding Information Bases
      (BIBs) as described in [I-D.ietf-behave-v6v4-xlate-stateful].

      In stateless and stateful modes, if the translator gets an illegal
      source address (e.g. ::1, etc.), the translator SHOULD silently
      drop the packet.

Regards,

xing, congxiao

v2.23.0 | Report a Bug | By Email