Re: ICMP6 redirect

Erik Nordmark <nordmark@acm.org> Wed, 25 July 2012 17:36 UTC

Return-Path: <nordmark@acm.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4402B21F86DE for <ipv6@ietfa.amsl.com>; Wed, 25 Jul 2012 10:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.099
X-Spam-Level:
X-Spam-Status: No, score=-103.099 tagged_above=-999 required=5 tests=[AWL=0.500, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P5mdI7KCbFzw for <ipv6@ietfa.amsl.com>; Wed, 25 Jul 2012 10:36:14 -0700 (PDT)
Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by ietfa.amsl.com (Postfix) with ESMTP id BBF2221F86D5 for <ipv6@ietf.org>; Wed, 25 Jul 2012 10:36:14 -0700 (PDT)
Received: from [10.33.22.136] (128-107-239-233.cisco.com [128.107.239.233]) (authenticated bits=0) by a.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id q6PHaA48016985 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Jul 2012 10:36:11 -0700
Message-ID: <50102E8A.5000003@acm.org>
Date: Wed, 25 Jul 2012 10:36:10 -0700
From: Erik Nordmark <nordmark@acm.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: ipv6@ietf.org
Subject: Re: ICMP6 redirect
References: <CC3464CC.26C27%hesham@elevatemobile.com> <1DC7DA96-0DF2-4C79-BDEF-0DD038257B41@gmail.com> <20120725091908.GB14875@spike.0x539.de> <A65CB065-05E7-4276-B6CF-46F31C445408@gmail.com>
In-Reply-To: <A65CB065-05E7-4276-B6CF-46F31C445408@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2012 17:36:15 -0000

On 7/25/12 3:38 AM, Andrew McGregor wrote:

> This originally came in the context of VRRP v3. If you want to run
> some dynamic routing protocol at the same time as VRRP on the same
> VLAN, you need another link-local address to talk to your routing
> peers with, since there's no way for the non-master routers to use
> the VRRP address.  So, you have two (or more) link locals on the same
> VLAN.  Ideally only the VRRP one should be used for sending RAs, of
> course.

Agreed.
Sounds like that is a small implementation matter in the router software.

> I totally agree that RAs should take care of this, and in fact I
> think one way to resolve the conundrum is to craft an RA to
> specifically tell the host it is onlink with that exact destination,
> rather than a redirect, since as I read the RA processing rules, it
> does not matter what source address the router uses in that case.

I guess I don't understand the problem you want to solve. Can you clarify?

I thought the problem  was that the 1st hop was suboptimal, and the 1st 
hop router wants to send a redirect to tell the host to use a different 
1st hop router to get to the offlink destination.
You can't do that by faking an RA.

But above it sounds like the destination is on-link. Is that the problem 
you want to solve?

While you can fake an RA for that, it runs into a issue with NUD should 
the destination ever move off-link. That issue is that the prefix 
information in the RAs time out based on the preferred/valid lifetime, 
and NUD doesn't affect that. Thus if the destination is no longer 
off-link, either the routers have to detect that and send a fake RA with 
the prefix with onlink=0, or communication will be broken until the 
valid lifetime of the prefix expires.

Redirects don't have that issue; NUD knows to ignore/discard the 
redirects when it doesn't get responses to the probes.

    Erik