draft-hain-ipv6-rpf-icmp-00.txt
Arifumi Matsumoto <arifumi@nttv6.net> Mon, 01 November 2010 02:21 UTC
Return-Path: <arifumi@nttv6.net>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 28EC63A6878 for <ipv6@core3.amsl.com>; Sun, 31 Oct 2010 19:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.001
X-Spam-Level:
X-Spam-Status: No, score=-100.001 tagged_above=-999 required=5 tests=[AWL=-0.001, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5GYeZFgZq4PU for <ipv6@core3.amsl.com>; Sun, 31 Oct 2010 19:21:56 -0700 (PDT)
Received: from mail.nttv6.net (mail.nttv6.net [IPv6:2001:fa8::25]) by core3.amsl.com (Postfix) with ESMTP id B717A3A6862 for <ipv6@ietf.org>; Sun, 31 Oct 2010 19:21:55 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by mail.nttv6.net (8.14.4/8.14.3) with ESMTP id oA12LrJm057051 for <ipv6@ietf.org>; Mon, 1 Nov 2010 11:21:54 +0900 (JST) (envelope-from arifumi@nttv6.net)
Subject: draft-hain-ipv6-rpf-icmp-00.txt
From: Arifumi Matsumoto <arifumi@nttv6.net>
Content-Type: multipart/alternative; boundary="Apple-Mail-10-1033268515"
Message-Id: <45FA975D-D834-457D-8140-39D41723B7D5@nttv6.net>
Date: Mon, 01 Nov 2010 11:21:53 +0900
To: 6man <ipv6@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1081)
X-Mailer: Apple Mail (2.1081)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.6 (mail.nttv6.net [IPv6:::1]); Mon, 01 Nov 2010 11:21:54 +0900 (JST)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2010 02:21:57 -0000
Tony, thank you for your draft. IIRC, now that the address selection design team reached conclusion, the 6man chairs have decided that the next step is to start discussion at 6man ML, and to compare each solution for the address selection problems. I think this is a good start to look at Tony draft of ICMP error based address selection mechanism. Regarding the mechanism itself, I find a lot of resemblance with the proposals discussed before: http://tools.ietf.org/html/draft-matsuoka-multihoming-try-and-error-00 So, some parts of the analysis of section 3.3 can be applied to this proposal, too. http://tools.ietf.org/html/draft-ietf-6man-addr-select-sol-03#section-3.3 Other than that, several issues occurred to me. - the destination address of the ICMP error message. ISP's PE perform this rpf check and it may try to send an ICMP error message. But, if the source address is not on the routing table, or the route to the source address is not the path from which the packet comes from, the PE router cannot/may not send an ICMP error message. So, it will restrict the use-case to something like a home network attached to multiple ISPs via one home gateway device, and the device returns this error message for incorrectly source-addressed packets. - notification of a correct prefix. if a correct prefix means /64 prefix, an ISP PE router is usually not able to return ICMP error message that notifies a correct prefix, as far as the PE and a user host is not in the same subnet. Notification of a correct prefix is also not feasible at the ISP routers located upperstream of PE. This is because they usually have only aggregated routes, and do not have per-user prefix information. - security impact Another concern is security risk. It will be possible to inject an ICMP error message from remote host. This may lead to a new security attack. Regards, On 2010/10/22, at 3:37, Tony Hain wrote: > http://www.ietf.org/id/draft-hain-ipv6-rpf-icmp-00.txt
- draft-hain-ipv6-rpf-icmp-00.txt Arifumi Matsumoto