IETF Logo Mail Archive

Re: [Int-area] Existing use of IP protocol 114 (any 0-hop protocol)

Fernando Gont <fgont@si6networks.com> Thu, 19 September 2019 17:03 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B3F0120289; Thu, 19 Sep 2019 10:03:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y9zMjJkKMrwS; Thu, 19 Sep 2019 10:03:54 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 070D1120834; Thu, 19 Sep 2019 10:03:54 -0700 (PDT)
Received: from [192.168.7.112] (unknown [85.104.108.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 2C7A18638D; Thu, 19 Sep 2019 19:03:49 +0200 (CEST)
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "int-area@ietf.org" <int-area@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
References: <D6BD6D0F-9504-4533-BCFD-A79B2357BC96@cisco.com>
From: Fernando Gont <fgont@si6networks.com>
Openpgp: preference=signencrypt
Message-ID: <7aae6548-9b1b-eb08-2715-656a896bc9ec@si6networks.com>
Date: Thu, 19 Sep 2019 19:53:33 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <D6BD6D0F-9504-4533-BCFD-A79B2357BC96@cisco.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/utbV0SG1mTg_dA7XBVMFkDO0aE4>
Subject: Re: [Int-area] Existing use of IP protocol 114 (any 0-hop protocol)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 17:03:57 -0000

On 19/9/19 18:06, Eric Vyncke (evyncke) wrote:
> The authors of https://tools.ietf.org/id/draft-zhu-intarea-gma-03.txt
> would like to use IP protocol 114 as it is described as “Any 0-hop
> protocol” on the IANA page[1]. Alas, on the IANA page, there is no
> reference to this “Any 0-hop protocol”.
> 
>  
> 
> Obviously, we all understand that this must be a protocol using hop
> limit = 0 (or TTL=0 for the legacy protocol).

Just a (mostly side) comment:

The hop limit thins is tricky:
Some 0-hop (non-routable?) protocols actually use a high (e.g. 255) TTL,
such that it can be enforced ("''''security''''-wise") that the parties
are actually on the same network segment.

Others (was it mld?) employ small hop limit values, such that you can
control how far packets can leak out.

So the protocol might actually use small or large hop limit, depending
on whether you want to make sure that packets cannot be injected, or
that packets cannot leak out.

Thanks!

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email