Re: RFC3484 destination address selection rule 2 is buggy
Gabi Nakibly <gnakibly@yahoo.com> Tue, 18 March 2008 12:12 UTC
Return-Path: <ipv6-bounces@ietf.org>
X-Original-To: ietfarch-ipv6-archive@core3.amsl.com
Delivered-To: ietfarch-ipv6-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF1E428C59A; Tue, 18 Mar 2008 05:12:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.259
X-Spam-Level:
X-Spam-Status: No, score=-99.259 tagged_above=-999 required=5 tests=[AWL=-0.154, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, HTML_MESSAGE=0.001, J_CHICKENPOX_14=0.6, J_CHICKENPOX_65=0.6, RDNS_NONE=0.1, SARE_UNSUB18=0.131, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmskOgGYZHYN; Tue, 18 Mar 2008 05:12:39 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C1873A6986; Tue, 18 Mar 2008 05:12:39 -0700 (PDT)
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 240C03A67DF for <ipv6@core3.amsl.com>; Tue, 18 Mar 2008 05:12:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BfBZ+Qono2JK for <ipv6@core3.amsl.com>; Tue, 18 Mar 2008 05:12:30 -0700 (PDT)
Received: from n56.bullet.mail.sp1.yahoo.com (n56.bullet.mail.sp1.yahoo.com [98.136.44.52]) by core3.amsl.com (Postfix) with SMTP id 81C6428C4D8 for <ipv6@ietf.org>; Tue, 18 Mar 2008 05:12:30 -0700 (PDT)
Received: from [216.252.122.216] by n56.bullet.mail.sp1.yahoo.com with NNFMP; 18 Mar 2008 12:10:13 -0000
Received: from [69.147.84.107] by t1.bullet.sp1.yahoo.com with NNFMP; 18 Mar 2008 12:10:13 -0000
Received: from [127.0.0.1] by omp202.mail.sp1.yahoo.com with NNFMP; 18 Mar 2008 12:10:13 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 669850.12050.bm@omp202.mail.sp1.yahoo.com
Received: (qmail 49298 invoked by uid 60001); 18 Mar 2008 12:10:13 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Mailer:Date:From:Subject:To:Cc:MIME-Version:Content-Type:Message-ID; b=l7//+Qht/E3/HqFt9MIJy5zBDG9N2uULNgP95Kx4TKJGrkIZWk/KMxhOzwy2TxyvbxCypcXZ1fkFzq6PbltShSJ9ia1TZFgTG1ofif/2cbDvCn9kdadu94djnp6R7uoH0lwXdNDXus2oHjv2OcxQibfUnr/OIz5g30PSc8iNIQ0=;
Received: from [217.132.233.71] by web45515.mail.sp1.yahoo.com via HTTP; Tue, 18 Mar 2008 05:10:13 PDT
X-Mailer: YahooMailRC/902.38 YahooMailWebService/0.7.162
Date: Tue, 18 Mar 2008 05:10:13 -0700
From: Gabi Nakibly <gnakibly@yahoo.com>
Subject: Re: RFC3484 destination address selection rule 2 is buggy
To: Pekka Savola <pekkas@netcore.fi>, ipv6@ietf.org
MIME-Version: 1.0
Message-ID: <477387.44567.qm@web45515.mail.sp1.yahoo.com>
Cc: Iljitsch van Beijnum <iljitsch@muada.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1299467045=="
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org
Pekka, I agree that the scenario that was presented in http://tools.ietf.org/html/draft-ietf-v6ops-v6onbydefault-03 is very problematic. However, I do not think that the root of the problem is the destination address selection rule 2. As you mentioned, the source-destination pair v6:{link-local,global} will most likely not work. Hence, it should not be chosen even if it is the only pair available (it is preferable to give an immediate destination unreachable indication than to try in vain for several seconds to reach the destination). So altering the dest. address preference rules is not the way to go. IMHO, the root problem is the selection of the candidate source addresses (sec. 4 in RFC3484). The candidate set must not include a source address which its zone does not contain the interface identified by the destination address. This is a direct consequence of the forwarding rule in RFC4007 sec. 9 (http://tools.ietf.org/html/rfc4007#section-9) second bullet : "If transmitting the packet on the chosen next-hop interface would cause the packet to leave the zone of the source address, i.e., cross a zone boundary of the scope of the source address, then the packet is discarded." Determining whether the destination address is in the zone of a source address can be tricky. However, it is fairly easy in the common case where the source address is link-local and the destination address is global. If the latter is not on-link, than it is not in the zone of the link-local source address and this source address should not be included in the candidate set. If the above rule will be applied in the scenario of http://tools.ietf.org/html/draft-ietf-v6ops-v6onbydefault-03, the candidate set of the v6 address will be empty and therefore it will be avoided by destination address selection rule 1. Gabi ----- Original Message ---- From: Pekka Savola <pekkas@netcore.fi> To: ipv6@ietf.org Cc: Iljitsch van Beijnum <iljitsch@muada.com> Sent: Friday, March 14, 2008 12:27:26 AM Subject: RFC3484 destination address selection rule 2 is buggy FYI, While the default router "persistence" is an interesting observation, the more interesting one is why the default address selection algorithm pick source,destination pair of v6:{link-local,global} which is almost certain not to work instead of v4:{site-local,global} (ietf-464nat is using private addresses). This issue was first reported about 5 years ago by Alain Durand et al and yet there is no fix yet (and no mention in the default address selection problem statement), see section 2 of: http://tools.ietf.org/html/draft-ietf-v6ops-v6onbydefault-03 The main problem is destination address selection rule 2 which requires that source and destination address scopes must match (which in the case of v4 private and global addresses is not a very useful comparison given the prevalence of NAT). Maybe we need a more systematic approach to deal with RFC3484 issues (as in, a numbered list of all the problems noted) instead of doing a nice new features to have PPT slideshow every IETF meeting. ---------- Forwarded message ---------- Date: Thu, 13 Mar 2008 09:55:05 -0400 From: Iljitsch van Beijnum <iljitsch@muada.com> To: IETF discussion list <ietf@ietf.org> Subject: IPv6 router when switching wifi networks I think this is of interest to more people than just the 71attendees and I can't edit the wiki with Safari, so I'm sending it to this list: When I switch from the IPv6-only wifi network to the v4v6v4 NAT network, everything that has an IPv6 address in the DNS stops working. Turns out that my Mac tries to get at these destinations over IPv6, even though it doesn't have an IPv6 address. However, it DOES have an IPv6 default route: $ route get -inet6 default route to: :: destination: :: mask: default gateway: fe80::20b:bfff:fea9:7054%en1 interface: en1 flags: <UP,GATEWAY,DONE,STATIC,PRCLONING> This happens to be the same router that's on the v6only network. And it's reachable on the v4v6v4 nat network, too: $ traceroute6 www.ietf.org traceroute6 to www.ietf.org (2001:1890:1112:1::20) from fe80::21b: 63ff:fe02:3c13%en1, 30 hops max, 12 byte packets 1 fe80::20b:bfff:fea9:7054%en1 1.698 ms 1.431 ms 1.052 ms 2 * * * 3 *^C Further inspection shows it doesn't send out any router advertisements on the v4v6v4 nat network: 09:45:59.414798 IP6 nirrti.local > ff02::2: ICMP6, router solicitation, length 16 09:45:59.508252 IP6 nirrti.local > ff02::2: ICMP6, router solicitation, length 16 09:46:00.903133 IP6 nirrti.local > ff02::2: ICMP6, router solicitation, length 16 09:46:03.714192 IP6 nirrti.local > ff02::2: ICMP6, router solicitation, length 16 09:46:08.374871 IP6 nirrti.local > ff02::2: ICMP6, router solicitation, length 16 09:46:16.406312 IP6 nirrti.local > ff02::2: ICMP6, router solicitation, length 16 09:46:24.581632 IP6 nirrti.local > ff02::2: ICMP6, router solicitation, length 16 But this seems to be the culprit: 09:46:27.945222 IP6 nirrti.local > fe80::20b:bfff:fea9:7054: ICMP6, neighbor solicitation, who has fe80::20b:bfff:fea9:7054, length 32 09:46:27.946167 IP6 fe80::20b:bfff:fea9:7054 > nirrti.local: ICMP6, neighbor advertisement, tgt is fe80::20b:bfff:fea9:7054, length 24 Apparently, MacOS 10.5.2 tries to see if the router from the previous wireless network is still present, and if it is, it will keep the default route up. But because the IPv6 addresses were removed from the system when changing networks and now new prefix was advertised, it doesn't work. _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- RFC3484 destination address selection rule 2 is b… Pekka Savola
- Re: RFC3484 destination address selection rule 2 … Francis Dupont
- Re: RFC3484 destination address selection rule 2 … Alain Durand
- Re: RFC3484 destination address selection rule 2 … Rémi Denis-Courmont
- Re: RFC3484 destination address selection rule 2 … Pekka Savola
- Re: RFC3484 destination address selection rule 2 … Francis Dupont
- Re: RFC3484 destination address selection rule 2 … Mohacsi Janos
- Re: RFC3484 destination address selection rule 2 … Rémi Denis-Courmont
- Re: RFC3484 destination address selection rule 2 … Sebastien Roy
- Re: RFC3484 destination address selection rule 2 … Gabi Nakibly
- Re: RFC3484 destination address selection rule 2 … Sebastien Roy
- Re: RFC3484 destination address selection rule 2 … Fred Baker
- Re: RFC3484 destination address selection rule 2 … Sebastien Roy
- Re: RFC3484 destination address selection rule 2 … Gabi Nakibly
- Re: RFC3484 destination address selection rule 2 … Sebastien Roy
- Re: RFC3484 destination address selection rule 2 … Brian E Carpenter
- Re: RFC3484 destination address selection rule 2 … JINMEI Tatuya / 神明達哉
- Re: RFC3484 destination address selection rule 2 … JINMEI Tatuya / 神明達哉
- Re: RFC3484 destination address selection rule 2 … Pekka Savola
- RE: RFC3484 destination address selection rule 2 … Hemant Singh (shemant)
- Re: RFC3484 destination address selection rule 2 … Pekka Savola
- Re: RFC3484 destination address selection rule 2 … Fred Baker
- Re: RFC3484 destination address selection rule 2 … Bob Hinden
- RE: RFC3484 destination address selection rule 2 … Hemant Singh (shemant)
- Re: RFC3484 destination address selection rule 2 … Fred Baker
- Re: RFC3484 destination address selection rule 2 … Brian E Carpenter
- Re: RFC3484 destination address selection rule 2 … Bob Hinden
- Re: RFC3484 destination address selection rule 2 … Fred Baker