RE: Forwarding Packets With Link Local Destination Addresses

Ron Bonica <rbonica@juniper.net> Thu, 07 January 2021 18:24 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCB483A0983 for <ipv6@ietfa.amsl.com>; Thu, 7 Jan 2021 10:24:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=JGw9zWbN; dkim=pass (1024-bit key) header.d=juniper.net header.b=JfkiGIJ1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3BhBY0sT8p6 for <ipv6@ietfa.amsl.com>; Thu, 7 Jan 2021 10:24:12 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A6973A0981 for <6man@ietf.org>; Thu, 7 Jan 2021 10:24:12 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 107I9TJT006702; Thu, 7 Jan 2021 10:24:12 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=J46ZSQ3+G+nsRux8h3OztXlxj5LDzInv9S8hE1BMhWQ=; b=JGw9zWbN1Pfl3N97Tgu/Q5RCMOy18hS2LNXxJX/fDAalbTcP/EZPaLFmyXXetCjTt3jT Uq9hS9yYHYlrFQ86RB3qMcdG8/9HS+aleVXtDUxkubCNYkgCqIf+MszwjMxBzO5mV0DD LlQ5/y3EFX+vJEWtEALKu6s/7bvStd2wdrVHcLoxsEn9UKXJlf36AOGds/8966u0aRf9 N2+s81Hjfo/urcSm9rLzJn39VpA+oLQmb/XCc7QfgYkaFyvYrL0+sgDrf224tWVwmRbz F9LrxLZ0j6LFOc4PYfPYa5Y4cP9ug/zXBrd576fO0ovxbPGR4K/gGJfFZ7TT3tK4icSs HA==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2174.outbound.protection.outlook.com [104.47.58.174]) by mx0a-00273201.pphosted.com with ESMTP id 35wptb1f72-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 07 Jan 2021 10:24:11 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UkAD7rwqTXo6xsv03xD1/40uHzshfWz/YtknILb2enk97tu+8Fu9M8vfrNalFuri5uokNIw5bfZB+5tAREApQYfAgtvI2FExIWMhCXcQSyinvJkDamr2UzOGujhFvy13gZLTiut1/V9WsZDhdWgjGYpZ1OYIKPYXGEP+CRm2oVEOCVlg4CtSzCBBii4L+SKM2aoL8/iNkgJQsp75qOQA1nwJNAzZekLAnhvhEtMrLExY5e+ANwmHBdx2ZQaw8uXjrOksnvFGi4MevxUFiTFvrpj5f3HVO1wfI/+3DhuwmnOjcEDy7ua1pEB76wN8509ATnWhoEcBnwmBRsoWiONTPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J46ZSQ3+G+nsRux8h3OztXlxj5LDzInv9S8hE1BMhWQ=; b=WUDVszct1IXuBMbH3M+sS3D2OJKCOsFbj5W4/RpTnMn/4Zu02hfrii12VXk0FfGxk4ye/LYSMtwl2yne8FXdswm1F6ntz5cRNvTzKbOm1hKRxcTkAkG9Lhdku8omQMoIwATqcKCXaqa1vfu0pAkte/lu68OtW+djfUlqKXd4G+HuWmbALLiaI211i33ufcacqFA/D97SBxuKYeM3QIIQq3i/3syXRfp0hwclEpDlQIbOUSoRHMFw+BCjCmaQR6kXX3QQppU+P0Wgxpv3FLzzJARfjzzltnuHxmrNMpFB+AWeelzP5Zg6W3hjF3dkWHdWhGShPz6Er9MGtSEjySeLrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J46ZSQ3+G+nsRux8h3OztXlxj5LDzInv9S8hE1BMhWQ=; b=JfkiGIJ1Y/mQ58WvpGTnMNFV0YIw9QE/Bcbe0NkOevJF5wTjuF4ecuLym76gJLR3yxrGEap67cNQ2KVpT7HNkBly1gEI7NxVgKe8hItKfWFuJoWMDxahjIn30HsWGxYF7CL0qH8OW/Xn7YCGokPzb1rOQLVYk+vjYyyPM/g4yDg=
Received: from DM6PR05MB6348.namprd05.prod.outlook.com (2603:10b6:5:122::15) by DM6PR05MB5019.namprd05.prod.outlook.com (2603:10b6:5:34::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.4; Thu, 7 Jan 2021 18:24:10 +0000
Received: from DM6PR05MB6348.namprd05.prod.outlook.com ([fe80::a435:88ed:7e2a:4fe6]) by DM6PR05MB6348.namprd05.prod.outlook.com ([fe80::a435:88ed:7e2a:4fe6%5]) with mapi id 15.20.3763.004; Thu, 7 Jan 2021 18:24:10 +0000
From: Ron Bonica <rbonica@juniper.net>
To: =?utf-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
CC: "6man@ietf.org" <6man@ietf.org>
Subject: RE: Forwarding Packets With Link Local Destination Addresses
Thread-Topic: Forwarding Packets With Link Local Destination Addresses
Thread-Index: AdblHDzlHUUyT5iKRq6/0g3froJALQAA+JYAAAB/6IA=
Date: Thu, 7 Jan 2021 18:24:10 +0000
Message-ID: <DM6PR05MB634852C42F4CCDBFA137EAE2AEAF0@DM6PR05MB6348.namprd05.prod.outlook.com>
References: <DM6PR05MB6348A18046C5DDC7CF2AED76AEAF0@DM6PR05MB6348.namprd05.prod.outlook.com> <CAJE_bqdYv1uO7fZjG8hvD7Zf=f_TL6zH0bcgxxzxHG1ZkA8XGw@mail.gmail.com>
In-Reply-To: <CAJE_bqdYv1uO7fZjG8hvD7Zf=f_TL6zH0bcgxxzxHG1ZkA8XGw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2021-01-07T18:24:08Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=9e4c3bc5-2b06-4ade-89b6-60ec283886c8; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
authentication-results: wide.ad.jp; dkim=none (message not signed) header.d=none;wide.ad.jp; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [173.79.115.7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: cfb14d98-a00c-499e-25ba-08d8b3396d5a
x-ms-traffictypediagnostic: DM6PR05MB5019:
x-microsoft-antispam-prvs: <DM6PR05MB50191EC0151C6CD577DC2BCCAEAF0@DM6PR05MB5019.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZJB86KxjqKYDW93Fvq5X4N0XyCIoFtMOmg194AErvBYSyVmseGbJUUWW8y8nNMHy4gIjnJvtp/plJK3Cq81Vo/Kd/kQb9tAi+JKp01ZdVefABF9orVR/X3LEIeDp0OY+HyUPjLBxomfkRkHAJPCR5SVw8/YwOBCmvoVyv+xY59mCoFkUP1hX9YnJCzOLJ0vAIu7U+VF5rblgtmNx9zUZQZv3d94LdU9/C272Ai+iCWSyTdEmB9wAf31NPQBGfHG1yd7R6d1cmepC8za6WF3qHwsDFjf9/I0Ui4ZmHXmG4Ai8+AlZW/wqFihumT7KLQyXEqiL6QwKgEiwOU49LsmDSVKWprtkyzvc33d7WIbsbv6Owk+2OhR44Ltiv3rp/k06WLpASJsJmAbD7KNqnq9z9Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR05MB6348.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(376002)(366004)(346002)(136003)(396003)(8676002)(71200400001)(64756008)(316002)(66556008)(76116006)(26005)(9686003)(66946007)(52536014)(2906002)(66446008)(186003)(66476007)(33656002)(53546011)(55016002)(6916009)(86362001)(83380400001)(6506007)(8936002)(478600001)(5660300002)(7696005)(4326008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?K2tGY2tBamN3SjdwZVhFYWxhenRqM2VKVytBdlFCWUR3c1l4TkE5Nk9KZjR2?= =?utf-8?B?WklldkpjMVhobDNSK2h0TllnWDYrdHphSWtCMnNBdTAzVjd4N0ZWRFAvaito?= =?utf-8?B?Umh1OWhjQmxlb3lQNzlwOHp3T2tocXhXM3o3eDBWNFNpTmliQ3IvVjVUYndE?= =?utf-8?B?OVY5Yjc3LzNjQkpTbm85b0xBanlNUzhYTit0RGRMTXdvcVlEcGhkYkFSRi9S?= =?utf-8?B?bStYeGRCd2pvRzNhZzVXRFhOemxsa0lkamRXS1NlSENDdUY4Si96WEJOZURy?= =?utf-8?B?MVpCNzRoSkxlaVNEWjk0RFh0NHlwZXFlVVdIRGpTOWZTVnlwK1JTQm10UTZS?= =?utf-8?B?aVVVVE5LQnZJMGhKVWJtdXdvU3dBb0VOaUF6UkJIa3NyUmFQNFVqQ1JYSHBP?= =?utf-8?B?M25ZUUZCVCtWdUpHeGsvR2VjMDBVSGpkaW4wOHFzMTlzTW5jSWFmWXpGZjRZ?= =?utf-8?B?aXd3aFlac2tia0FBNXBhYitvS1R5WFVvYzhVOFRnb1hjUThRQzVCK2Z5cFpW?= =?utf-8?B?K2NlK2dHeWVVTEtLOGhtZk05KzRkdEhiNE5NWmloR0NNRlJqQ25yVXFPdXZU?= =?utf-8?B?VGFNTWNmVzFtN2psdjIzdXNETEtIQjVSemZqV25obkNQdjJUME1ncnE5K2t0?= =?utf-8?B?OXNicFVVcU5laVRiQXA0VXc3MS9hT3ZkTnlXbURTV3FoMTIvRERsQ05oZkpy?= =?utf-8?B?b3UwMjZrL0lPUkk2dTMzSHo1V0lyRlR4M0VBWlFqMEorWWpteEJFZEVCemEz?= =?utf-8?B?U3Qwc2pTN1FUa1pjNXFwNWZYZVlLWUtrMjV1L2MxeFY1Rm1Mbkxqa0l2VjBp?= =?utf-8?B?SjhYd1cvNmVHendkVE9vRkliMUp1RExCNkFaOHQ2bkNvNjQ5UXgzSGtPVndB?= =?utf-8?B?ZW9KTDNTdjlnNHJRY2RNTS9WdVphTEp1bUQ3R1JPQUY5L21vZU04dHdjUkYy?= =?utf-8?B?bjcvRE1ORkt0TmpUZVYyZkN0bTgxZ0cxQTA1bS9FUE5iS0wrNXp4SFA5Y2c3?= =?utf-8?B?aWg0aEdNcUppd1d5QlNOeFE5ZEt0K0ROVE1JZitXVGh4UXFSMzRlNzcrWUx5?= =?utf-8?B?T3JwenBSeHpqL0FpUHNsMFZNTTNyVDYrd0ZENHN6MU9EdWxzMWRsM1FXa3pG?= =?utf-8?B?RHNHMU9NMjU3YU5FSlBlTVFROGZFamQzOWV1SVIrOTVsS1hzWTMxcG92bE5p?= =?utf-8?B?d2p1RjR1WHVGbTc2Tk9lT0dSUGFJMUhYZEhYY3k0TitVeW5GTEI5c3YxODVY?= =?utf-8?B?bVdFVWhHWkIxbHIxa3lMYjk4QXB3WGtoTTVNQTBTTklLNE1GY0R3SzhrdGZo?= =?utf-8?Q?XI47RA9C8+f2U=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR05MB6348.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cfb14d98-a00c-499e-25ba-08d8b3396d5a
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jan 2021 18:24:10.1397 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ecdojJ6qmSYtC62+TodarvqVQGYpWj+CBFW2gMqpP+nwHz0KdESKG2EFncpqCBPgaODKNzw6YuqYuWwWmZ8q/A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB5019
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-07_07:2021-01-07, 2021-01-07 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 adultscore=0 spamscore=0 lowpriorityscore=0 bulkscore=0 clxscore=1011 mlxlogscore=999 priorityscore=1501 suspectscore=0 mlxscore=0 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2101070107
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/51PmNnTrUxYBLnculSpAU8nadOU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2021 18:24:14 -0000

Jinmei,

Thanks! I think that the following text from RFC 4007 covers the issue:

"   A node that receives a packet addressed to itself and containing a
   Routing Header with more than zero Segments Left (Section 4.4 of [3])
   first checks the scope of the next address in the Routing Header.  If
   the scope of the next address is smaller than the scope of the
   original destination address, the node MUST discard the packet. "

                                                                   Ron



Juniper Business Use Only

-----Original Message-----
From: 神明達哉 <jinmei@wide.ad.jp> 
Sent: Thursday, January 7, 2021 1:09 PM
To: Ron Bonica <rbonica@juniper.net>
Cc: 6man@ietf.org
Subject: Re: Forwarding Packets With Link Local Destination Addresses

[External Email. Be cautious of content]


At Thu, 7 Jan 2021 17:53:51 +0000,
Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:

> According to RFC 4291, "routers must not forward any packets with Link-Local source or destination addresses to other links".
>
> I interpret this statement to include packets that contain routing headers. For example, it forbids an SRv6 packet whose final segment has a locator that begins with FE80.
>
> Does everyone share this interpretation? If so, do RFC 4291 or RFC 8200 make this sufficiently clear?

I believe Section 9 of RFC4007 answers the question.  In short, you're
*basically* correct.

I said *basically* because there can be an exception that makes it legitimate, but I suspect that usually doesn't apply in practice.

--
jinmei