Re: [Int-area] IP-in-IP, TTL decrementing when forwarding and BITW
"Charles E. Perkins" <charliep@iprg.nokia.com> Fri, 02 June 2006 19:34 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FmFPQ-0003Oz-Sb; Fri, 02 Jun 2006 15:34:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FmFPP-0003N8-NY for int-area@ietf.org; Fri, 02 Jun 2006 15:34:11 -0400
Received: from darkstar.iprg.nokia.com ([205.226.5.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FmFPO-0002Yh-4c for int-area@ietf.org; Fri, 02 Jun 2006 15:34:11 -0400
Received: (from root@localhost) by darkstar.iprg.nokia.com (8.11.0/8.11.0-DARKSTAR) id k52IukM01831; Fri, 2 Jun 2006 11:56:46 -0700
X-mProtect: <200606021856> Nokia Silicon Valley Messaging Protection
Received: from danira-pool04827.americas.nokia.com (10.241.48.27, claiming to be "[127.0.0.1]") by darkstar.iprg.nokia.com smtpdevVhWX; Fri, 02 Jun 2006 11:56:43 PDT
Message-ID: <44809298.7020302@iprg.nokia.com>
Date: Fri, 02 Jun 2006 12:33:44 -0700
From: "Charles E. Perkins" <charliep@iprg.nokia.com>
Organization: Nokia Research Center, Mtn. View
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Joe Touch <touch@ISI.EDU>
Subject: Re: [Int-area] IP-in-IP, TTL decrementing when forwarding and BITW
References: <Pine.LNX.4.64.0606020830220.12705@netcore.fi> <4480438F.6030206@isi.edu> <44808B3F.6080904@iprg.nokia.com>
In-Reply-To: <44808B3F.6080904@iprg.nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c83ccb5cc10e751496398f1233ca9c3a
Cc: int-area@ietf.org
X-BeenThere: int-area@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/int-area>
List-Post: <mailto:int-area@lists.ietf.org>
List-Help: <mailto:int-area-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@lists.ietf.org?subject=subscribe>
Errors-To: int-area-bounces@lists.ietf.org
Hello again folks, Sorry for my typo -- I meant to say that there was NO BITW in sight at that time. Regards, Charlie P. Charles E. Perkins wrote: > > Hello Joe, > > I can verify that these two cases were not part of the discussion > that motivated the production of RFC 2003. In fact, there was > BITW in sight when the document was first discussed, and IP > security was completely different than it is today. I'd have to > go back and look to even remember the details about pre IPsec > security details. > > If anyone is interested in the details about why the document > was written (aside from the fact that it was needed for Mobile IP) > I can try to remember but it was a long time ago. Joel Halpern > was the AD whom I was working with. > > Regards, > Charlie P. > > Joe Touch wrote: > >> FWIW, there are two cases I considered where tunnel decrementing might >> not occur: >> >> 1) BITW >> typically this is for IPsec tunnels, which are >> spec'd in 4301, but which in spirit ought to follow >> 2003 >> >> they might also be used for range-extenders >> >> 2) host-host tunnels >> in this case, there is no forwarding step, >> i.e., packets generated at the same node >> as the tunnel encapsulator and destined >> for the same node as the tunnel decapsulator >> >> Joe >> >> Pekka Savola wrote: >> >> >>> Hi, >>> >>> In TCPM WG, while discussing draft-ietf-tcpm-tcp-antispoof section >>> 3.2.1, we came across something that may or may not be an issue in >>> IP-in-IP tunneling spec (RFC 2003). The spec says (see below) "[inner >>> header TTL is decremented], if the tunneling is being done as part of >>> forwarding the datagram, ..." >>> >>> Joe's interpretation is that BITW implementations of IP-in-IP need not >>> decrement inner header TTL. Personally, I don't think RFC 2003 was >>> even >>> intended to cover BITW implementations. >>> >>> This may become important if you want to apply GTSM (i.e. TTL=255 >>> checking) to encapsulated packets between the two endpoints of the >>> tunnel. If BITW implementation is acceptable, the topological area >>> where TTL=255 applies expands slightly. >>> >>> Does anyone recall the intent of the RFC? >>> Is anyone aware of BITW implementations of RFC 2003? >>> Or do folks have strong feelings what the intent should be? >>> >>> Joe Touch said: >>> >>> >>>> RFC2003, sec 3.1, third-to-last (emphasis mine): >>>> >>>> When encapsulating a datagram, the TTL in the inner IP header is >>>> decremented by one **if the tunneling is being done as part of >>>> forwarding the datagram**; **otherwise, the inner header TTL is not >>>> changed during encapsulation**. If the resulting TTL in the inner IP >>>> header is 0, the datagram is discarded and an ICMP Time Exceeded >>>> message SHOULD be returned to the sender. An encapsulator MUST NOT >>>> encapsulate a datagram with TTL = 0. >>>> >>>> If that packet is generated at that node, or if the packet is sent to >>>> the tunnel in a non-forwarding (BITW) step, that decrement would not >>>> happen. >>>> >>>> The TTL in the inner IP header is **not changed when decapsulating**. >>>> If, after decapsulation, the inner datagram has TTL = 0, the >>>> decapsulator MUST discard the datagram. If, after decapsulation, the >>>> decapsulator forwards the datagram to one of its network interfaces, >>>> **it will decrement the TTL as a result of doing normal IP >>>> forwarding**. >>>> See also Section 4.4. >>>> >>>> The decapsulator decrements only if forwarding - again, if the packet >>>> stops at the destination or if the device isn't a forwarder (BITW), >>>> that >>>> wouldn't happen. >>>> >>> >> >> >> > > _______________________________________________ Int-area mailing list Int-area@lists.ietf.org https://www1.ietf.org/mailman/listinfo/int-area
- [Int-area] IP-in-IP, TTL decrementing when forwar… Pekka Savola
- Re: [Int-area] IP-in-IP, TTL decrementing when fo… Joe Touch
- Re: [Int-area] IP-in-IP, TTL decrementing when fo… Pekka Savola
- Re: [Int-area] IP-in-IP, TTL decrementing when fo… Joe Touch
- Re: [Int-area] IP-in-IP, TTL decrementing when fo… Charles E. Perkins
- Re: [Int-area] IP-in-IP, TTL decrementing when fo… Charles E. Perkins
- Re: [Int-area] IP-in-IP, TTL decrementing when fo… Joe Touch
- Re: [Int-area] IP-in-IP, TTL decrementing when fo… Bill Fenner
- Re: [Int-area] IP-in-IP, TTL decrementing when fo… Joe Touch