RE: Route Information Options in Redirect Messages (updated)

Mark Smith <> Tue, 07 February 2017 19:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EA4E5129E3E for <>; Tue, 7 Feb 2017 11:38:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.498
X-Spam-Status: No, score=-0.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Q2Kj0SWFOu1A for <>; Tue, 7 Feb 2017 11:38:20 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400c:c08::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5168D129E5E for <>; Tue, 7 Feb 2017 11:38:20 -0800 (PST)
Received: by with SMTP id 96so92774961uaq.3 for <>; Tue, 07 Feb 2017 11:38:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=G3ReoA+Q3hMysE2G/yhL0kVFt1j21GtqD1MjxckBZS4=; b=fcsbauEmtn9Jnj9kNGhgNVSw9soxPuIdUhoI3mqG8tCi+S/fkxuaZpyzvQ0l037qxf bJlgZOvwIutpZJn6cdc6UcXk/85QhpmBt5k344useb4WOQc84cAdwkEFjvktqSDkMKGz qg/pC6CSBcNjreyEpUn+lU5ZmYv7gXx/whOZ3L6UBXt7R7CP+9nj4bKG0cDOXrLIkl7s xiMvqQ/0hQJgtoQEzkIRRX11NbDugLpcVz52brm1VUniewHxy+7MtxnQ48vIgVD7ENs8 6ECr6HTgsnwybFxbaCeSeK4/dE9OuT8JJPoTOtZm+20T2yimbtD+YkkC1lJgED5V6hTD /yIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=G3ReoA+Q3hMysE2G/yhL0kVFt1j21GtqD1MjxckBZS4=; b=GrLs1kLTJDvaK5iG2JQcFi/1nL5hOCxqdYarXlDPtGxr4FA0CUX1J07u83odGwN5Sh 6gyXYis5ctL54Zrt6CfV3ZVktvZ0C/vxpY78r9t5L9x7OPE8cl0epiNGLW2AkLVixe9x hNTk3RvRQsPP3PVLx8bANtbKY0r+luK/zdwTzpONa4nLo9S79ZSybLf7gYCXp38XNuiB OV731xB17rgR/cUh4wyqEGDIpO4+ozyR2rs6yzPByh6IfWxNg0xn2KZoEgEccDM3GIVT JD0Hq8sOd4/U+IFwZODenZhj2uBlqa44jz6qTMGcXfJnFQi6R9J3iJEA89kqUchD0Zlj gnZg==
X-Gm-Message-State: AMke39koZTgtyilWMCyVYkvmevu1HwQD6/+wEjQ5S9OV2CH/VvOeqcbJgngi4YJxHWPzl11ozXvpWJ4+u6FZwg==
X-Received: by with SMTP id k25mr7274471uaf.49.1486496299359; Tue, 07 Feb 2017 11:38:19 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Tue, 7 Feb 2017 11:37:48 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <> <>
From: Mark Smith <>
Date: Wed, 8 Feb 2017 06:37:48 +1100
Message-ID: <>
Subject: RE: Route Information Options in Redirect Messages (updated)
To: "Templin, Fred L" <>
Content-Type: multipart/alternative; boundary=f40304361e12e2887c0547f5e3da
Archived-At: <>
Cc: james woodyatt <>, 6man WG <>, =?UTF-8?B?56We5piO6YGU5ZOJ?= <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Feb 2017 19:38:22 -0000

On 8 Feb. 2017 05:43, "Templin, Fred L" <> wrote:

Hi Jinmei-san,

> Hmm, maybe I'm so dumb but I'm afraid I still don't understand intent
> clearly.  Do you mean an operational assumption of this proposal is to
> use it in a link where RA guard isn't deployed?  If so, it's far
> better (at least to me) to just say so.
> BTW, if this proposal keeps the concept of "unsolicited redirect" and
> also allows the destination address of '::' to bypass the host's
> validity check of whether it's really the first hop router for the
> destination,

No, that is not what we want to have happen. The document doesn't
say this currently, but we want to retain a revised version of the validity
check. The revised version of the check would say:

      - The IP source address of the Redirect is the same as the current
        first-hop router for the specified ICMP Destination Address.

      - The IP source address of the Redirect is the same as the current
        first-hop router for the specified ICMP Destination Address, or
        (when the ICMP Destination Address is '::') the same as the current
        first-hop router for the specified RIOs

Would welcome better wording than this, but we definitely do want
to retain the validity check. Comments?

I think you need to be careful of not effectively reinventing a dynamic
routing protocol that ends up missing the necessary capabilities required
of one to keep this method simple.

When I've thought about this sort of capability, I've thought of it as a
hint from the routing system to the users of the forwarding domain - hosts
and stub routers (default and connected route only routers, possibly with
other static routes) - of a better entry point for their packets into the
forwarding domain.

In the case of a stub router, if it needs or would benefit from more
dynamic network information than just a prefix redirect hint, then I think
that is really saying that the stub router shouldn't be a stub router - it
needs to be a full and proper participant in the routing system (running
dynamic routing protocol, discovering and conveying network topology
information etc.), rather than a user of it via  default route to the
forwarding domain.

That's why I thought the validation should be that these prefix redirects
are only accepted from a default router learned via an RA or static default
router configuration, as a default router has the role of offering an entry
point into the forwarding domain. It would enforce the existing boundary
between the devices that are users of the forwarding domain, and the
devices that are participants in the routing system that decide the paths
through the forwarding domain.