Re: [v6ops] IPv6 link-local traffic questions
Toerless Eckert <tte@cs.fau.de> Thu, 12 March 2020 21:10 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B7813A0973; Thu, 12 Mar 2020 14:10:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.87
X-Spam-Level:
X-Spam-Status: No, score=-0.87 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8GLY2E2-ET4; Thu, 12 Mar 2020 14:09:59 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 764D03A096E; Thu, 12 Mar 2020 14:09:59 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 6A78454842E; Thu, 12 Mar 2020 22:09:54 +0100 (CET)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 63E52440040; Thu, 12 Mar 2020 22:09:54 +0100 (CET)
Date: Thu, 12 Mar 2020 22:09:54 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Jen Linkova <furry13@gmail.com>
Cc: 6man <6man@ietf.org>, V6 Ops List <v6ops@ietf.org>, bier@ietf.org
Subject: Re: [v6ops] IPv6 link-local traffic questions
Message-ID: <20200312210954.GA34894@faui48f.informatik.uni-erlangen.de>
References: <20200312000016.GO54522@faui48f.informatik.uni-erlangen.de> <CAFU7BAT-LP5TC9dpYw+5j8T8H_8XMF=tcY-Qsbg5=MOgUYNk+A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAFU7BAT-LP5TC9dpYw+5j8T8H_8XMF=tcY-Qsbg5=MOgUYNk+A@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/X9xhQuq11enjD0wNkUGEtsh6bPQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2020 21:10:01 -0000
On Thu, Mar 12, 2020 at 11:33:37AM +1100, Jen Linkova wrote: > I believe it depends what you are trying to achieve. If you want to > make sure that the traffic never leaves the network - then hop limit = > 1 helps. But using link-local sources/destinations would help even > better if the routers comply with RFC4291 Section 2.5.6 Yes, i am assuming 2.5.6 is mandatory given how this is standards track and how abence of RFC2119 langauge does not render "must" into a non standard requirement. > If you want to make sure those packets are not sent by a malicious > party from outside - hop limit shall be 255. > For example, see RFC4861 Section 3.1 > Neighbor Discovery. Ah, nice. I never looked into all those encoding details. Thanks. Preceeding RFC5082 and hence not referring to it, and neither does RFC5082 refer to RFC4861, thats why i couldn't easily find it by sea4rching. > > There is an additional set of consideration re. link-local traffic > > when trying to use it as a HW accelerated tunneling mechanism across links, > > a use we both have in ANIMA, and maybe get the same in BIER (probably > > other WGs too, not sure). > > > > In implementations, i have seen quite a range of issues with > > accelerated forwarding planes across link-local addressed tunnels, > > and when using non-link-local addresses (loopback addresses), > > the HW plane forwarding might have issues doing HW forwarding, because > > usually TTL=1 is only used for control plane traffic. Of course, > > this is not a good architectural argument, but if given architectural > > leeway to even choose 42, maybe GTSM/255 is easier to be supported > > across various HW accelerated forwarding planes than 1. > > > > Opinions and experiences welcome! > > If you control the router I'd say 'link-local source/destination, > HL=255 AND RFC4291 would be the best option. RFC4291 seems redundant given how its mandatory anyhow, but of course helpfull to remind readers of new specs. Given how 4291 is widely deployed it certainly qualifies well as sufficient proof of the mechanism widely deployed - for control plane. So, effectively, architcturally, the sending TTL is a choice of the application, and for control plane apps, we evolved choosing from 1 first and now BCP is 255. Coming from multicast, i kinda grew up with the belief there is a MUST use TTL=1 somewhere for a long time (when using link-local addresses), but never verified that belief. Still hesitant of prescribing 255 for hardware accelerated forwarding plane use case, but given how link-local tunnels aren't really a thing it would be hard to find prior evidence of successful wide deployment. Given how i tinkered with them, i've seen all type of troubles, including TTL ones. > I did see a few devices somewhere far away sending me ICMPv6 (packet > too big) from their link-local addresses but it was not very common > case. Agree. same here. Thanks & Cheers Toerless > > -- > SY, Jen Linkova aka Furry -- --- tte@cs.fau.de
- IPv6 link-local traffic questions Toerless Eckert
- Re: [v6ops] IPv6 link-local traffic questions Jen Linkova
- Re: [v6ops] IPv6 link-local traffic questions Mark Smith
- Re: [v6ops] IPv6 link-local traffic questions Toerless Eckert
- Re: [v6ops] IPv6 link-local traffic questions Toerless Eckert
- Re: [v6ops] IPv6 link-local traffic questions Erik Kline
- Re: [Bier] [v6ops] IPv6 link-local traffic questi… Tony Przygienda
- Re: [Bier] [v6ops] IPv6 link-local traffic questi… Toerless Eckert
- Re: [v6ops] IPv6 link-local traffic questions Gyan Mishra
- Re: [v6ops] IPv6 link-local traffic questions Gyan Mishra
- Re: [v6ops] IPv6 link-local traffic questions Karl Auer
- Re: [v6ops] IPv6 link-local traffic questions Ole Troan
- Re: [v6ops] IPv6 link-local traffic questions Gert Doering
- Re: [v6ops] IPv6 link-local traffic questions Gyan Mishra
- Re: [v6ops] IPv6 link-local traffic questions Gyan Mishra
- Re: [v6ops] IPv6 link-local traffic questions Gyan Mishra
- Re: [v6ops] IPv6 link-local traffic questions Toerless Eckert
- Re: [v6ops] IPv6 link-local traffic questions Stewart Bryant
- Re: [v6ops] IPv6 link-local traffic questions Toerless Eckert
- Re: [v6ops] IPv6 link-local traffic questions Tony Przygienda
- Re: [v6ops] IPv6 link-local traffic questions Gyan Mishra
- Re: [v6ops] IPv6 link-local traffic questions Mark Smith
- Re: [v6ops] IPv6 link-local traffic questions Erik Kline
- Re: [v6ops] IPv6 link-local traffic questions Owen DeLong
- Re: [v6ops] IPv6 link-local traffic questions Brian E Carpenter
- Re: [v6ops] IPv6 link-local traffic questions Owen DeLong
- Re: [v6ops] IPv6 link-local traffic questions Gert Doering
- Re: [v6ops] IPv6 link-local traffic questions Brian E Carpenter
- Re: [v6ops] IPv6 link-local traffic questions Owen DeLong
- Re: [v6ops] IPv6 link-local traffic questions Gert Doering
- Re: [v6ops] IPv6 link-local traffic questions Philip Homburg
- Re: [v6ops] IPv6 link-local traffic questions Brian E Carpenter
- Re: [v6ops] IPv6 link-local traffic questions Jen Linkova