IETF Logo Mail Archive

RE: Dumb question about routing headers

Ron Bonica <rbonica@juniper.net> Mon, 25 May 2020 21:56 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AFC33A0A7E for <ipv6@ietfa.amsl.com>; Mon, 25 May 2020 14:56:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=ZzsTKQW6; dkim=pass (1024-bit key) header.d=juniper.net header.b=irBSZwpK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OoVYanx-I8X7 for <ipv6@ietfa.amsl.com>; Mon, 25 May 2020 14:56:02 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48E513A0A86 for <ipv6@ietf.org>; Mon, 25 May 2020 14:56:02 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04PLtiNa022247; Mon, 25 May 2020 14:56:01 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=UgbGDszhr2MjJJHfpjQJo9pPui4h9PUoMcBclEL/nWc=; b=ZzsTKQW67G8QTEx7aTa8EMTXVkA+Q3hEFQ4xoirCcN6xbMChZH/gYnJ7CE/dyXuxjmIs rOom2ScwTjDzUvuHlIr5YPsDw+mMoRcFcL8TlOE40PM1y+4WW1whKOdFSxA+zlUxzFvo E9kGWS1gaf6dftO4huAGujgxKU8PoCR+96ReqdlwxaWLuAfSLNoCc8NhnWXS0SaGfACR 2WIgqQeWJBP+pyPP4cYPuVGXSZ+opf0hRN/fCqPdd1Uy7flYUZDOZ6UfMVlCHcGJ8d/B mcOpQbxQGiB5ud4vucng4ItTVMtACD/YzJe9/90WN5t14DiAIcq69foMrBfOOpITj0UW aQ==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2100.outbound.protection.outlook.com [104.47.58.100]) by mx0a-00273201.pphosted.com with ESMTP id 31892j0yfw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 May 2020 14:56:01 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n4HSHDVV5I0GjeixLv+vrc9OBnGV69ICwQxxC22Z6Efkzgg6doYw9uejWkzrtDN/sQ6FNBo6aBxh9LPm2djJP1HowEBN9UMI4uor8UNpDe5wwNt8PGuhlz1lq1BEstE0708v+wIRS0BX1uvc+ZojsItHTCHbK6AjmGPY/Vvc+qwkGI+MOk/uhJ3gvR/rC9Oq4BCOW7g6QlHPsRU+pD//4JVDZcu9BuJAp7AR8/pRTQHGP0pweiRKFvfaL/D37LBvg9mvCC1HYTX82V02RVmH0vqdVqhVmn35d67G3Bn0Y0PRpH7g3aTuYa6LIID4TsgGgmoBk82SAY8xghXnevIsxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UgbGDszhr2MjJJHfpjQJo9pPui4h9PUoMcBclEL/nWc=; b=SgD8aRUWF4t5e279akvD+P7wYCJa46rcQAh+uZBoPU4N9kmFYFSkAqeNjPxPpaRKs4WR0KjJgHELuDSi9++vpNk8mcvTP2MCcFqU231qPKR0dMABSmzsQfGH+LzP3ULvL0PAFUHcURAqPp6lqDQHRn4wJe1hSvvCIb8F3pG4ndFFdMLoftmXHoZCW9I+pya7C8avGUg6rM68J1fHhmlJXL/F6KdxSOngm9fLZGP+sa4Pso6onhsD40uSbfDglSAsuYZTPWeXDkX8osAzMe10ZveRPTVw3b+Zm5lttwwVNfps1we0TV3/1yd98RMQmPApmhP5eOli1zbb/K3JzGkD8w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UgbGDszhr2MjJJHfpjQJo9pPui4h9PUoMcBclEL/nWc=; b=irBSZwpKp9BoUGohdGsonb3UjxpKzPBjWWtnxJrT61fBcguxxqfVRT67f77/dOvzxvMM7Sfrbh/Jg5gsPKGOYjQixQ6Il2Gp/JBUsvyAGRmG7OkpebuVADHiHHVVKMfDwWGYMFinQtYO6JriOesZUqyTjUTVk7vnwcbi3WTxg1I=
Received: from DM6PR05MB6348.namprd05.prod.outlook.com (2603:10b6:5:122::15) by DM6PR05MB6571.namprd05.prod.outlook.com (2603:10b6:5:132::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.8; Mon, 25 May 2020 21:55:59 +0000
Received: from DM6PR05MB6348.namprd05.prod.outlook.com ([fe80::c020:3bf5:7230:75e3]) by DM6PR05MB6348.namprd05.prod.outlook.com ([fe80::c020:3bf5:7230:75e3%4]) with mapi id 15.20.3045.014; Mon, 25 May 2020 21:55:59 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Mark Smith <markzzzsmith@gmail.com>
CC: Brian E Carpenter <brian.e.carpenter@gmail.com>, 6man <ipv6@ietf.org>
Subject: RE: Dumb question about routing headers
Thread-Topic: Dumb question about routing headers
Thread-Index: AQHWMg8Z2v4s/pQT+kis0flaeCgFI6i3vo4AgABt65CAASoqgIAAARjg
Date: Mon, 25 May 2020 21:55:58 +0000
Message-ID: <DM6PR05MB634898CDC0BA8C3826C27287AEB30@DM6PR05MB6348.namprd05.prod.outlook.com>
References: <4cf28892-12a9-7376-c378-4af46f7002c2@gmail.com> <CAO42Z2y7qWVMBmhKw4_AmjS8+xCbZJBKJ5q95+VtccaEe1B3Cg@mail.gmail.com> <DM6PR05MB6348D1ED11E539E6EC0176D4AEB30@DM6PR05MB6348.namprd05.prod.outlook.com> <CAO42Z2zt3sdg9pJ9yrr3wf2AaY_1b7eE7y+6DLgN_SntT3BH6w@mail.gmail.com>
In-Reply-To: <CAO42Z2zt3sdg9pJ9yrr3wf2AaY_1b7eE7y+6DLgN_SntT3BH6w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-05-25T21:55:52Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=7e1acd78-1018-4162-8f80-76d35c1825b8; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [108.28.233.91]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 610e297b-ab77-4a7c-0813-08d800f6689e
x-ms-traffictypediagnostic: DM6PR05MB6571:
x-microsoft-antispam-prvs: <DM6PR05MB6571101933427DDE9371F512AEB30@DM6PR05MB6571.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0414DF926F
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: N0WCs08uerTUcjGPia7muybgAO6lNdiaWQ1YC8/mkU+0SFAJY1mJ0/mKEVHJSISuguY8hN5VHqrFbIY1JiR4uBK8SU8fQCFjwkS6RKHJFSNB1EuthY3YnCDHmLewwphGJuIk3h98mE+EyIQwtjZsu8OOscscyBuJXjRl6IHppv0BA2IdzVZ/WYmR90mfLT+dAvmXUbgmItb6L8c9qsZjLgZZT0+TVmrb7/bCZX0PBbfgCJ2H4easIlhVTD2nBTkbrp1qDOC2m72jhEfIDzwLrD+d/U57hlICm3KBtTCZougH7Jb1Jt4DHg6mKRRNXkPF3jJcZgQP6RN5czZldcP2Cg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR05MB6348.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(39860400002)(136003)(346002)(396003)(366004)(186003)(5660300002)(9686003)(33656002)(71200400001)(478600001)(52536014)(6916009)(55016002)(8936002)(66476007)(66946007)(66446008)(66556008)(64756008)(2906002)(7696005)(8676002)(4326008)(6506007)(86362001)(26005)(53546011)(316002)(54906003)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: ycgT4qYrIUkB7pCFhampODQGQA3c6X7rdfYQKoNhFe74bPV1GdqYr5BtQa8sZwkWNov9Z+VyaYgIo1vfrFrB+/jCPjCQBXuFe/i7QAyaQPyvYofzGoWzWd1gbFjzTCxLmCOowQlZnRTR8a2AENOsrlZTDGDf76dBHEnoQzojgY3pavA2Y3gfSz+Sf6tAEPE0t6NAHUoOb1th3SGCOU+KyKVVeAK0tKRQUHlIr6K9ZxeOxwU0Es/d4EtfjLTToT2EvXcfmSakYQ34zvXWCNou5PazhkMqZzoSMWqlXRbQUOX766BiR0y+ITUPOr/A7C/+KSQz8CtHxzpjNWyLCq+n4QWtWUTU3jAFreT313TRb+gF2wO8OIfySmB8BNK8IYDZeuy5Hvs4O4cm9CkJPiQAiLNroeo9CG208FJHCmd0DhRLQ27adJP6vD2Sxs8zq8zhYeRx4Jp65dlQIirY5qAVeKkNEIjQzPtTWE9fniRp9RQhSMH4hjLk5ientbnqquXR
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 610e297b-ab77-4a7c-0813-08d800f6689e
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2020 21:55:58.9007 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eTe0JoM3GzrG7xu/Y6wECQrXn7NGwwJPess56f65LgO8UHuwH9aL7LlLG6X2KVJgUpHAQl6Hg90tsl1QAZYKmA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB6571
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-25_10:2020-05-25, 2020-05-25 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 priorityscore=1501 mlxlogscore=999 spamscore=0 cotscore=-2147483648 bulkscore=0 mlxscore=0 suspectscore=0 impostorscore=0 phishscore=0 clxscore=1015 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005250176
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SyrW6KDyWqc5Crtlq4zFUimQQng>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2020 21:56:05 -0000

Mark,

There might be a use-case for the following Routing header:

- 1st destination: unicast
- 2nd destination: unicast
- final destination: multicast

But the following Routing header might be used as a DoS attack against the final destination:

- 1st destination: unicast
- 2nd destination: multicast
- final destination: unicast

The source sends a single packet. The final destination receives one copy of that packet from each member of the multicast group.

                                                                                     Ron



Juniper Business Use Only

-----Original Message-----
From: Mark Smith <markzzzsmith@gmail.com> 
Sent: Monday, May 25, 2020 5:42 PM
To: Ron Bonica <rbonica@juniper.net>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>; 6man <ipv6@ietf.org>
Subject: Re: Dumb question about routing headers

[External Email. Be cautious of content]


Hi Ron,

On Mon, 25 May 2020 at 13:56, Ron Bonica <rbonica@juniper.net> wrote:
>
> Inlineā€¦..
>
>
<snip>
>
>
>
> A related question is are multicast addresses within the list if hops to visit valid?
>
>
>
> [RB] There is no rule against this, but there certainly should be!
>
>

While I can't think of a use for multicast addresses in a source route, I don't think we should prohibit it yet without more thought.
The multicast source address RPF check during multicast forwarding prevents multicast packets being sent back towards where they came from, so I don't think a forwarding loop using multicast addresses can be formed, even if specified in the routing header.

If source address RPF checks were also universally performed for unicast packets at each forwarding point then I don't think the RFC
5095 attack could have occurred either, because the attack involves creating a path where packets are sent back towards where they came from, creating the forwarding loop.

Regards,
Mark.


<snip>

v2.23.0 | Report a Bug | By Email