IETF Logo Mail Archive

Re: [v6ops] IPv6 link-local traffic questions

Jen Linkova <furry13@gmail.com> Thu, 12 March 2020 00:34 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE3793A09C5; Wed, 11 Mar 2020 17:34:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yRPpqfIrKHRI; Wed, 11 Mar 2020 17:34:05 -0700 (PDT)
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D40643A09A4; Wed, 11 Mar 2020 17:33:49 -0700 (PDT)
Received: by mail-qt1-x836.google.com with SMTP id d22so3095217qtn.0; Wed, 11 Mar 2020 17:33:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dIyaa8t3gKEoC+477Xp4r3We6qoEzSi/aiKeQTh9xWY=; b=eKAQnecTeBN9pu6+FLjH9ulWOms4ogmPp6grVDKMaqO0KQ9s8JYlOC9/aC/PhsE/AV JFaCA7kT3OzD1dfXUuUOtDaOLZ27Wmos/tXfvUH0JECKUp70iDLW5Ic9FX+cHJMkkttD XA0NI+V8jvgWhw8o7c76NfwXgJLlML2A6fc7c3pHj95IKIS86TFgd1bCZiADI4+ogWhU rSUVuqjj2GQXMaaE3tpTcgcTwhThUNt+O39K6Z+Br87QBVeubr591PCE8L5wXZ2V8gK7 nsGxgcgHqkSP7mgG8y1u8r+vKzPIkoLg0MmMTlLdjX+Dmatvj26beB82ZfYWFPmn2EK3 sgGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dIyaa8t3gKEoC+477Xp4r3We6qoEzSi/aiKeQTh9xWY=; b=jyFwjlH0tPH07Wot/buhN0vfkmUSYnW31xVvw/nM4IWHEO5HtvuKnX92odWyZN50Pd 0NzoTD5/23DI/ZEyO2K3Fh1ZiujrVNMXRKjxyRADtzCjy0McCFkJz8MdJBmUdqIpkpJg sA9LWGlJD2uIvet3pTifBOZINwhCmMGQy88qjyAoRyvVPyAhXdO4xuIxS8BV6QTrnXEs TSo/Ghh1v2HKwkqu4ZLQsp072xp2B/GUomYXrGev0DuC6ZDMhiIAyZxAmSk1pzVr2yxF opVC8ybM5cDWzWHO50247AFQUDD5P4sKNiMtEWmRstsRyL4cPFo0iy0DuoK5ejV6tQ1Z 9SAg==
X-Gm-Message-State: ANhLgQ1hp0aK24VqhJGYniPhEYq7/hfMrFisC/IGT23wUMV+vFWdJ1yu rhFpNoGHrVUmch8+yBOAR5AnpGjmLP5TQU605Tw=
X-Google-Smtp-Source: ADFU+vuUizjGFkocdrcIBfjaLVUaOpvi+cN4IJPaQeos+02CPGIn9SwXPoEPTdEpgyQ6eQ4GeMvisHds2F/GveYd2FU=
X-Received: by 2002:ac8:a8b:: with SMTP id d11mr4940031qti.94.1583973228094; Wed, 11 Mar 2020 17:33:48 -0700 (PDT)
MIME-Version: 1.0
References: <20200312000016.GO54522@faui48f.informatik.uni-erlangen.de>
In-Reply-To: <20200312000016.GO54522@faui48f.informatik.uni-erlangen.de>
From: Jen Linkova <furry13@gmail.com>
Date: Thu, 12 Mar 2020 11:33:37 +1100
Message-ID: <CAFU7BAT-LP5TC9dpYw+5j8T8H_8XMF=tcY-Qsbg5=MOgUYNk+A@mail.gmail.com>
Subject: Re: [v6ops] IPv6 link-local traffic questions
To: Toerless Eckert <tte@cs.fau.de>
Cc: 6man <6man@ietf.org>, V6 Ops List <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/pvGHUoCSOTeNHkeVIduqsCxrEQ0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2020 00:34:07 -0000

On Thu, Mar 12, 2020 at 11:01 AM Toerless Eckert <tte@cs.fau.de> wrote:
>
> Sorry for cross posting, but this is both ops and arch questions.
>
> I was trying to find any generic description that/if link-local IPv6
> traffic MUST/SHOULD use Hop-count 1, but could not find one in
> rfc8200 or rfc4291 and its updates. Instead, text like
> MUST set Hop-limit to 1 is repeated in various RFCs using link-local
> IPv6 traffic.

I believe it depends what you are trying to achieve. If you want to
make sure that the traffic never leaves the network - then hop limit =
1 helps. But using link-local sources/destinations would help even
better if the routers comply with RFC4291 Section 2.5.6
If you want to make sure those packets are not sent by a malicious
party from outside - hop limit shall be 255.
For example, see RFC4861 Section 3.1

> Am i overlooking something ? Or is this intentional in the IPv6 architecture ?
>
> If intentional, i guess it means: Any RFC introducing some type of link-local
> traffic can specify Hop-limit requirements for its traffic. As in
> "our WG likes 42 as the Hop-limit" (silly to me, but should be fine with
> IPv6 architecture then, right ?).
>
> In one of my draft document reviews using such link-local IPv6 traffic,
> EricV brought up the Q if that traffic shouldn't use RFC5082 instead
> of Hop-Count 1 too. But given how we do not seem to have architectural
> recommendations for TTL=1 (unless, quite likely i overlook something),
> and given how i am not aware of any actual use of GTSM, i am quite
> weary to go down that route. Aka: Would like learn of actual uses of
> GTSM with IPv6.

Neighbor Discovery.

> There is an additional set of consideration re. link-local traffic
> when trying to use it as a HW accelerated tunneling mechanism across links,
> a use we both have in ANIMA, and maybe get the same in BIER (probably
> other WGs too, not sure).
>
> In implementations, i have seen quite a range of issues with
> accelerated forwarding planes across link-local addressed tunnels,
> and when using non-link-local addresses (loopback addresses),
> the HW plane forwarding might have issues doing HW forwarding, because
> usually TTL=1 is only used for control plane traffic. Of course,
> this is not a good architectural argument, but if given architectural
> leeway to even choose 42, maybe GTSM/255 is easier to be supported
> across various HW accelerated forwarding planes than 1.
>
> Opinions and experiences welcome!

If you control the router I'd say 'link-local source/destination,
HL=255 AND RFC4291 would be the best option.

I did see a few devices somewhere far away sending me ICMPv6 (packet
too big) from their link-local addresses but it was not very common
case.

-- 
SY, Jen Linkova aka Furry

v2.23.0 | Report a Bug | By Email