IETF Logo Mail Archive

Re: draft-ietf-ipngwg-p2p-pingpong-00.txt vs RFC4443

JINMEI Tatuya / 神明達哉 <jinmei@isc.org> Tue, 17 August 2010 18:09 UTC

Return-Path: <jinmei@isc.org>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 629FB3A6ADC for <ipv6@core3.amsl.com>; Tue, 17 Aug 2010 11:09:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.276
X-Spam-Level: ***
X-Spam-Status: No, score=3.276 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sspLpZokcxmV for <ipv6@core3.amsl.com>; Tue, 17 Aug 2010 11:09:30 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by core3.amsl.com (Postfix) with ESMTP id 120BF3A6869 for <ipv6@ietf.org>; Tue, 17 Aug 2010 11:08:15 -0700 (PDT)
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id 677E3C942D; Tue, 17 Aug 2010 18:08:36 +0000 (UTC) (envelope-from jinmei@isc.org)
Received: from jmb.jinmei.org (99-105-57-202.lightspeed.sntcca.sbcglobal.net [99.105.57.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by farside.isc.org (Postfix) with ESMTP id E6817E6030; Tue, 17 Aug 2010 18:08:35 +0000 (UTC) (envelope-from jinmei@isc.org)
Date: Tue, 17 Aug 2010 11:08:35 -0700
Message-ID: <m21v9xjen0.wl%jinmei@isc.org>
From: JINMEI Tatuya / 神明達哉 <jinmei@isc.org>
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: draft-ietf-ipngwg-p2p-pingpong-00.txt vs RFC4443
In-Reply-To: <4C6A6C2F.1060409@gont.com.ar>
References: <4C68F1E1.2090003@gont.com.ar> <4C68FD84.80905@unfix.org> <4C6920F8.7010505@gont.com.ar> <84600D05C20FF943918238042D7670FD36D708817A@EMBX01-HQ.jnpr.net> <alpine.LRH.2.00.1008171116150.1433@netcore.fi> <4C6A6C2F.1060409@gont.com.ar>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.1 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Cc: "v6ops@ops.ietf.org" <v6ops@ops.ietf.org>, Olivier Vautrin <ovautrin@juniper.net>, "ipv6@ietf.org" <ipv6@ietf.org>, Pekka Savola <pekkas@netcore.fi>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2010 18:09:32 -0000

At Tue, 17 Aug 2010 08:02:07 -0300,
Fernando Gont <fernando@gont.com.ar> wrote:

> >> It is clear that there is one more action done on the packet with 
> >> RFC4443. But this has no impact on shipping ASIC based routers. It
> >> is difficult to say though if some smaller routers could be
> >> impacted.
> > 
> > This, and what Ole Troan wrote on interface lookup, is interesting.
> > 
> > RFC4443 requires checking that destination address matches the subnet
> >  prefix.  Is this the hot issue?
> > 
> > Note that pingpong-00 document did not have this requirement;
> 
> AFAICT, it does. It says: "....and the destination address on the packet
> seems to be on-link (in terms of Neighbor Discovery) on the
> point-to-point interface". Or am I missing something?

(Aside from what is actually documented in the RFC/draft) the
additional check about on-link-ness or subnet matching was
intentionally added and that's what we implemented for KAME/*BSDs.

See, e.g.,
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ip6_forward.c?rev=1.68&content-type=text/x-cvsweb-markup
(around the comment beginning with "If the incoming interface is equal...")

As commented, we wanted to separate an inevitable loop with a valid
configuration from loops due to
configuration/operational/implementation errors (most typically a
temporary routing loop).  We'd rather catch the latter type of error
easily with usual diagnostic tools such as traceroute so that we can
find and fix it quickly.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.

v2.23.0 | Report a Bug | By Email