IETF Logo Mail Archive

Re: IPv6 Type 0 Routing Header issues

David Malone <dwmalone@maths.tcd.ie> Wed, 25 April 2007 08:31 UTC

Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HgcuD-0008AC-Vj; Wed, 25 Apr 2007 04:31:17 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HgcuC-0008A7-Ny for ipv6@ietf.org; Wed, 25 Apr 2007 04:31:16 -0400
Received: from salmon.maths.tcd.ie ([2001:770:10:300::86e2:510b]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1HgcuB-0000z3-6k for ipv6@ietf.org; Wed, 25 Apr 2007 04:31:16 -0400
Received: from walton.maths.tcd.ie ([134.226.81.10] helo=walton.maths.tcd.ie) by salmon.maths.tcd.ie with SMTP id <aa75003@salmon>; 25 Apr 2007 09:31:13 +0100 (BST)
Date: Wed, 25 Apr 2007 09:31:12 +0100
From: David Malone <dwmalone@maths.tcd.ie>
To: Mohacsi Janos <mohacsi@niif.hu>
Message-ID: <20070425083112.GA47411@walton.maths.tcd.ie>
References: <462D4706.4000504@spaghetti.zurich.ibm.com> <462E7AB4.3050807@piuha.net> <m2mz0xp6je.wl%gnn@neville-neil.com> <20070425093402.A30586@mignon.ki.iif.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20070425093402.A30586@mignon.ki.iif.hu>
User-Agent: Mutt/1.5.6i
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: v6ops@ops.ietf.org, ipv6@ietf.org, IPv6 Ops list <ipv6-ops@lists.cluenet.de>
Subject: Re: IPv6 Type 0 Routing Header issues
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Errors-To: ipv6-bounces@ietf.org

On Wed, Apr 25, 2007 at 09:41:09AM +0200, Mohacsi Janos wrote:
> I think this is not a solution. The problems of routing header type 0 well 
> know by the community since long time. This has been documented for more 
> than 2-3 years know (raised 4 years ago). Are there any consensus, that 
> type 0 routing header should be deprecated? Until that it is documented to
>  be filtered if there is no need for it. The current patch provided by 
> OpenBSD/FreeBSD makes *BSD IPv6 implemenation non-conformant to standard. 
> I would rather focus on pf changes - allow filtering based on the routing 
> header type. Currently you can filter based existence/non-existence of 
> routing header type.

It seems to me that there are at least two questions here. One is,
"Should IPv6 nodes process type 0 routing headers by default?" The
second is, "should the network allow type 0 routing headers to pass?"

This is a bit like they choice you have for blocking a smurf attack.
You can block it by turning off directed broadcasts (on the edge)
or you can block it by blocking ICMP packets throughout the network.

I think it may actually be that we do not want nodes to process
type 0 routing headers by default, but the network should pass them.
The reason for this is that the type 0 headers have useful applications
which could be secured by end hosts without getting the network
involved at all. Then end hosts that want to use the routing header
can, and those that don't are secure by default.

I could easily be wrong though...

	David.

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email