RE: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt

"MILES DAVID" <David.Miles@alcatel-lucent.com.au> Mon, 14 July 2008 03:16 UTC

Return-Path: <ipv6-bounces@ietf.org>
X-Original-To: ipv6-archive@megatron.ietf.org
Delivered-To: ietfarch-ipv6-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E6D4E28C14C; Sun, 13 Jul 2008 20:16:08 -0700 (PDT)
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F24F228C13E for <ipv6@core3.amsl.com>; Sun, 13 Jul 2008 20:16:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.547
X-Spam-Level:
X-Spam-Status: No, score=0.547 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, ROUND_THE_WORLD_LOCAL=2.696]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYsCLADTtm-g for <ipv6@core3.amsl.com>; Sun, 13 Jul 2008 20:16:07 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by core3.amsl.com (Postfix) with ESMTP id 1C6F23A693D for <ipv6@ietf.org>; Sun, 13 Jul 2008 20:16:06 -0700 (PDT)
Received: from ihrh1.emsr.lucent.com (h135-1-218-53.lucent.com [135.1.218.53]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id m6E3GUIH004375; Sun, 13 Jul 2008 22:16:30 -0500 (CDT)
Received: from mail.net.alcatel.com.hk (h202-65-2-130.alcatel.com [202.65.2.130]) by ihrh1.emsr.lucent.com (8.13.8/emsr) with ESMTP id m6E3GSGs000162; Sun, 13 Jul 2008 22:16:29 -0500 (CDT)
Received: from sgsinsbhs02.ad4.ad.alcatel.com (sgsinsbhs02.ap.lucent.com [135.254.109.35]) by mail.net.alcatel.com.hk (8.13.7/8.13.7/Alcanet1.0) with ESMTP id m6E33MjH003038; Mon, 14 Jul 2008 11:03:22 +0800
Received: from SGSINSMBS02.ad4.ad.alcatel.com ([135.254.109.30]) by sgsinsbhs02.ad4.ad.alcatel.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 Jul 2008 11:16:26 +0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt
Date: Mon, 14 Jul 2008 11:15:02 +0800
Message-ID: <986DCE2E44129444B6435ABE8C9E424D01861D4D@SGSINSMBS02.ad4.ad.alcatel.com>
In-Reply-To: <mailman.69.1215802811.29651.ipv6@ietf.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt
Thread-Index: AcjjiL2JL7mumBJPQYigdSKP+J0ZSQBzTEQg
References: <mailman.69.1215802811.29651.ipv6@ietf.org>
From: "MILES DAVID" <David.Miles@alcatel-lucent.com.au>
To: <ipv6@ietf.org>, "Hemant Singh \(shemant\)" <shemant@cisco.com>, <erik.nordmark@sun.com>, "Wes Beebee \(wbeebee\)" <wbeebee@cisco.com>
X-OriginalArrivalTime: 14 Jul 2008 03:16:26.0309 (UTC) FILETIME=[00340750:01C8E560]
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
X-Scanned-By: MIMEDefang 2.64 on 202.65.2.130
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org

Wes,

There are implementations that update their routing table on the receipt
of a Neighbour Advertisement which we should consider. One example is
the code developed in the KAME project, which can be found in many
BSD-based distros. On receipt of a valid NS, the neighbour cache is
updated with a stale entry and if a route does not exist for the
destination a host route is created (with flags UHL). 
This behaviour makes sense if we consider the old on-link assumption -
but it opens the security concern I expressed in v6ops. It is quite
possible for an on-link node to create route entries in that may affect
other links (say the target of this were an ISP router). I do not think
this behaviour is desirable in a router.

I would prefer to avoid behaviours that create bogus entries. It seems
that we defiantly need clarification around correct node behaviour, and
if we are clarifying (to be explicit that the receipt of a ND has no
affect on forwarding) then should we go so far as to avoid the bogus
entry?


For interest; in the KAME example will drop a received NA when the
target-address is not in its Neighbour Cache (the NA is discarded).

-David


>>>
Sorry to reopen this, but do you think that the following clarification
could be added to the IPv6 Subnet Models draft to address bullets three
and four of the on-link definition in the Terminology section of RFC
4861:

"Since only the Neighbor Cache is updated with the source address of a
received ND packet or the target of an NA packet, and the Destination
Cache and Prefix List are not updated, an ND packet cannot indicate that
a destination is on-link in the absence of corresponding on-link prefix
information."

What does the WG think?

- Wes

*****
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------