IETF Logo Mail Archive

Re: [v6ops] IPv6 link-local traffic questions

Owen DeLong <owen@delong.com> Wed, 25 March 2020 02:20 UTC

Return-Path: <owen@delong.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC6793A086F; Tue, 24 Mar 2020 19:20:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.099
X-Spam-Level:
X-Spam-Status: No, score=-1.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iyX8k_UCHKJj; Tue, 24 Mar 2020 19:20:07 -0700 (PDT)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 2EC923A0755; Tue, 24 Mar 2020 19:20:05 -0700 (PDT)
Received: from kiev.delong.com (kiev.delong.com [IPv6:2620:0:930:0:0:0:200:5]) (authenticated bits=0) by owen.delong.com (8.15.2/8.15.2) with ESMTPSA id 02P2K3s6724010 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2020 19:20:03 -0700
From: Owen DeLong <owen@delong.com>
Message-Id: <FB64BB72-800E-41AB-B02A-3AC15D700C28@delong.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7C00DED7-18DF-4CB8-9FA6-8C6848C52082"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Subject: Re: [v6ops] IPv6 link-local traffic questions
Date: Tue, 24 Mar 2020 19:20:02 -0700
In-Reply-To: <b34e19a1-0ae4-b419-b7df-2c4a893ac9a3@gmail.com>
Cc: Erik Kline <ek.ietf@gmail.com>, V6 Ops List <v6ops@ietf.org>, 6man <6man@ietf.org>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
References: <20200312000016.GO54522@faui48f.informatik.uni-erlangen.de> <CAFU7BAT-LP5TC9dpYw+5j8T8H_8XMF=tcY-Qsbg5=MOgUYNk+A@mail.gmail.com> <CABNhwV1uCFHCO9r3NK7QeqZ4gvrquoD_534LXoykaf59S48rpA@mail.gmail.com> <1584173474.2857.102.camel@biplane.com.au> <CABNhwV3VCPmcaGNyf=9dX4vcrsSreRGgkRDh0zQD+VLqG-g63Q@mail.gmail.com> <CABNhwV0D71380ZPWTLHu-LM=sz1OK6aB0du=g7uW-gxLdfGvsg@mail.gmail.com> <CA+wi2hMPk6init=1Q1+S0SzTCzOqSDbMNpsD4rUBB0VEo1BkfA@mail.gmail.com> <CABNhwV3Z=YPvU3=X4WOxF1+JRBMovucOdVDa67g1Tv4Yo7+G+A@mail.gmail.com> <CAMGpriVoOufyFhn8tzYvO5S3jJ5=eJz324=3jPJQmK1MiyPQ2g@mail.gmail.com> <5D374DA6-15B2-47AD-97B4-2BCC120859D1@delong.com> <b34e19a1-0ae4-b419-b7df-2c4a893ac9a3@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (owen.delong.com [IPv6:2620:0:930:0:0:0:200:2]); Tue, 24 Mar 2020 19:20:03 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/EIw-7suRFDuuGpJfDA0wShShCpw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2020 02:20:10 -0000


> On Mar 24, 2020, at 19:03 , Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> Owen,
> 
> On 25-Mar-20 11:51, Owen DeLong wrote:
>>> 
>>>        TTL security is a necessity for ND with limited risk of run away ND packets as it’s  minimal bandwidth usage.
>>> 
>>> 
>>>       With a multicast stream the risk is much greater if forwarded multiple hops past the BFER PE as stated and maybe a high data rate stream so undesirable to ever happen.
>>> 
>>>     ND is the only protocol I know of that uses TTL security.  
>>> 
>>>    I would go with TTL=1.
>> 
>> If you think this through, it depends on which problem you are trying to solve.
>> 
>> If you are looking to make sure that your packet won’t get accidentally forwarded by a non-malicious router, then a hop limit of 1 works best.
>> If you are looking to make absolutely certain that the packet didn’t come from a non-local source, then a hop limit of 255 is the only choice.
>> 
>> If you use a hop limit of 1, then a remote attacker only needs to craft a packet with the correct initial hop limit to ensure that it arrives on
>> your link what the appropriate remaining hop limit of 1.
> 
> Only if the router violates the spec:
> "  Routers must not forward any packets with Link-Local source or
>   destination addresses to other links." [RFC4291]
> Do we have any evidence of routers that are broken in this way?

Point is I don’t see how a TTL of 1 is better regardless of this… A TTL of 255 guarantees that the packet doesn’t get through, even if it doesn’t
have LL Source or destination. (Imagine a poorly crafted host that doesn’t check NA or RA packets to ensure LL addresses in header?).

Don’t really want the data from those packets in the neighbor table, do you?

Owen

v2.23.0 | Report a Bug | By Email