Hop Limit in Inner Header (IPv6)
Karen Heron <heron@us.ibm.com> Wed, 15 April 1998 11:36 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id HAA29396 for ipsec-outgoing; Wed, 15 Apr 1998 07:36:30 -0400 (EDT)
From: Karen Heron <heron@us.ibm.com>
To: ipsec@tis.com
Subject: Hop Limit in Inner Header (IPv6)
Message-ID: <5040300014982482000002L022*@MHS>
Date: Wed, 15 Apr 1998 07:49:03 -0400
MIME-Version: 1.0
Content-Type: text/plain
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
In draft-ietf-ipsec-arch-sec-04, 5.1.2.2 IPv6 -- Header Construction for Tunnel Mode, the inner header Hop Limit is decremented. This will cause problems for securing IPv6 NDP traffic. The hop limit is set to 255 in NDP packets and checked in the receiving node to make sure it came from the same link. If this NDP exchange is secured using tunnel mode and the hop limit is decremented before the packet is encapsulated, the receiving node will reject the NDP packet and neighbor discovery will fail, even if the two nodes are on the same link. Should the Hop Limit not be decremented for locally generated traffic? If not, I don't see how NDP traffic can be secured using tunnel mode - maybe I've missed something in the drafts that said this. If this question has already been answered, I'd appreciate a pointer to the discussion (I didn't see it in the archives). Karen Heron Router Development IBM, RTP, NC
- Hop Limit in Inner Header (IPv6) Karen Heron
- Re: Hop Limit in Inner Header (IPv6) Theodore Y. Ts'o
- Re: Hop Limit in Inner Header (IPv6) Steve Bellovin
- Re: Hop Limit in Inner Header (IPv6) Peter Curran
- Re: Hop Limit in Inner Header (IPv6) Robert Moskowitz
- Re: Hop Limit in Inner Header (IPv6) Robert Moskowitz
- Re: Hop Limit in Inner Header (IPv6) Michael Richardson
- Re: Hop Limit in Inner Header (IPv6) Peter Curran
- Re: Hop Limit in Inner Header (IPv6) Michael Richardson