IETF Logo Mail Archive

RE: Broadband Forum liaison to IETF on IPv6 security

"Dunn, Jeffrey H." <jdunn@mitre.org> Thu, 05 November 2009 23:34 UTC

Return-Path: <jdunn@mitre.org>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A003528C128; Thu, 5 Nov 2009 15:34:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.449
X-Spam-Level:
X-Spam-Status: No, score=-6.449 tagged_above=-999 required=5 tests=[AWL=-0.151, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EecFkG9eN2SJ; Thu, 5 Nov 2009 15:34:13 -0800 (PST)
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by core3.amsl.com (Postfix) with ESMTP id D221828C13A; Thu, 5 Nov 2009 15:34:12 -0800 (PST)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id nA5NYXAB031360; Thu, 5 Nov 2009 18:34:34 -0500
Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id nA5NYXn0031357; Thu, 5 Nov 2009 18:34:33 -0500
Received: from IMCMBX1.MITRE.ORG ([129.83.29.204]) by imchub1.MITRE.ORG ([129.83.29.73]) with mapi; Thu, 5 Nov 2009 18:34:32 -0500
From: "Dunn, Jeffrey H." <jdunn@mitre.org>
To: "Hemant Singh (shemant)" <shemant@cisco.com>, "Fred Baker (fred)" <fred@cisco.com>, Erik Nordmark <erik.nordmark@sun.com>, Hesham Soliman <hesham@elevatemobile.com>, JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp>, Thomas Narten <narten@us.ibm.com>, "Susan Thomson (sethomso)" <sethomso@cisco.com>, "william.allen.simpson@gmail.com" <william.allen.simpson@gmail.com>
Date: Thu, 05 Nov 2009 18:34:34 -0500
Subject: RE: Broadband Forum liaison to IETF on IPv6 security
Thread-Topic: Broadband Forum liaison to IETF on IPv6 security
Thread-Index: AcpeZtIVuNWrTGm6Rq6EZWyTq8GaggAAFI4gAAI8l1A=
Message-ID: <3C6F21684E7C954193E6C7C4573B762703676D7FCE@IMCMBX1.MITRE.ORG>
References: <AFC1ACFB-FDFA-482C-AAF9-7995F5CEFE1F@broadband-forum.org> <F311A255-3303-4C9D-B270-D1D23DE31E31@cisco.com> <AF742F21C1FCEE4DAB7F4842ABDC511C11D7EE@XMB-RCD-114.cisco.com>
In-Reply-To: <AF742F21C1FCEE4DAB7F4842ABDC511C11D7EE@XMB-RCD-114.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_3C6F21684E7C954193E6C7C4573B762703676D7FCEIMCMBX1MITREO_"
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 05 Nov 2009 15:54:41 -0800
Cc: "6man-ads@tools.ietf.org" <6man-ads@tools.ietf.org>, List <ipv6@ietf.org>, IETF, "savi-ads@tools.ietf.org" <savi-ads@tools.ietf.org>, IPv6 Operations <v6ops@ops.ietf.org>, "v6ops-ads@tools.ietf.org" <v6ops-ads@tools.ietf.org>, SAVI, Robin Mersh <rmersh@broadband-forum.org>, Mailing List <savi@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2009 23:34:14 -0000

Colleagues,

I may be missing something, but it appears that, in the cases described, the two hosts downstream of two separate cable modems are off link to each other. This brings up the question: Do there two cable modems constitute two virtual interfaces, like two VLANs on the same physical router interface? If so, this is an architectural, rather than an implementation, question. Thoughts?

Best Regards,

Jeffrey Dunn
Info Systems Eng., Lead
MITRE Corporation.
(301) 448-6965 (mobile)

From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of Hemant Singh (shemant)
Sent: Thursday, November 05, 2009 5:37 PM
To: Fred Baker (fred); Erik Nordmark; Hesham Soliman; JINMEI Tatuya / 神明達哉; Thomas Narten; Susan Thomson (sethomso); william.allen.simpson@gmail.com
Cc: 6man-ads@tools.ietf.org; IETF IPv6 Mailing List; savi-ads@tools.ietf.org; Robin Mersh; v6ops-ads@tools.ietf.org; IPv6 Operations; SAVI Mailing List
Subject: RE: Broadband Forum liaison to IETF on IPv6 security

Yes, in a cable deployment even if two cable modems (CM) in two different homes on the same upstream physical layer to the Cable edge router (CMTS) cannot talk directly to each other – they have to send their data to the CMTS who then forwards the data to the other modem.   Still I am not convinced of any implications for DAD in SLAAC?  Without any loss of generality, I will only refer to a CMTS for the rest of the discussion but the same is applicable to a DSLAM (or whatever L3 router sits upstream of the DLAM as the first-hop IPv6 router).  Since the CMTS sees all DAD messages from client in the downstream, if the CMTS detects a dup, the CMTS sends a NA to the client  - problem solved.   Of course, now the CMTS is doing ND Proxy which is already specified in cable standards and implemented on Docsis 3.0 IPv6 CMTS routers.  What did I miss?

If the BBF has any new multicast architecture for ND that I have not accounted for, please send me your arch doc and I can look at it and reply to that as well.

Hemant

From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On Behalf Of Fred Baker (fred)
Sent: Thursday, November 05, 2009 5:18 PM
To: Erik Nordmark; Hesham Soliman; JINMEI Tatuya / 神明達哉; Thomas Narten; Susan Thomson (sethomso); william.allen.simpson@gmail.com
Cc: SAVI Mailing List; IETF IPv6 Mailing List; IPv6 Operations; savi-ads@tools.ietf.org; v6ops-ads@tools.ietf.org; 6man-ads@tools.ietf.org; Robin Mersh
Subject: Fwd: Broadband Forum liaison to IETF on IPv6 security

Gentlemen:

I'm writing to you as the authors of RFCs 4861 and 4862. In a past meeting, I think the one in March, an issue came up in Savi that has now been brought to our attention in a formal manner. The problem is that in certain access network technologies, notably DSL and I believe Cable Modem, the connectivity between the CPE host or router and the ISP's first hop router is siloed - it looks like an Ethernet to the host but in fact is separated into separate channels. The effect is that while the ISP router can speak to and hear all of the CPEs it is connected to, the CPEs cannot hear each other. This has implications for Duplicate Address Detection in SLAAC.

We look forward to your advice.

Fred Baker
IPv6 Operations

Begin forwarded message:

From: Robin Mersh <rmersh@broadband-forum.org<mailto:rmersh@broadband-forum.org>>
Date: November 6, 2009 1:42:05 AM GMT+08:00
To: fenner@fenron.com<mailto:fenner@fenron.com>, christian.vogt@ericsson.com<mailto:christian.vogt@ericsson.com>, fred.baker@cisco.com<mailto:fred.baker@cisco.com>, kurtis@kurtis.pp.se<mailto:kurtis@kurtis.pp.se>, dromasca@avaya.com<mailto:dromasca@avaya.com>, rbonica@juniper.net<mailto:rbonica@juniper.net>, rdroms@cisco.com<mailto:rdroms@cisco.com>, jari.arkko@piuha.net<mailto:jari.arkko@piuha.net>, Mark Townsley <townsley@cisco.com<mailto:townsley@cisco.com>>
Subject: Broadband Forum liaison to IETF on IPv6 security

Dear colleagues,

For your review, please see the liaison from the Broadband Forum attached below.

Best regards,
Robin Mersh
COO
The Broadband Forum
phone: +1 336 288 8013
cell: +1 303 596 7448
email: rmersh@broadband-forum.org<mailto:rmersh@broadband-forum.org>

v2.23.0 | Report a Bug | By Email