Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
Jeroen Massar <jeroen@unfix.org> Tue, 01 May 2007 11:17 UTC
Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HiqMK-0007RB-4B; Tue, 01 May 2007 07:17:28 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HiqMI-0007R4-4C for ipv6@ietf.org; Tue, 01 May 2007 07:17:26 -0400
Received: from purgatory.unfix.org ([213.136.24.43]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1HiqMG-0007ek-I2 for ipv6@ietf.org; Tue, 01 May 2007 07:17:26 -0400
Received: from [IPv6:2001:770:100:9e::2] (cl-159.dub-01.ie.sixxs.net [IPv6:2001:770:100:9e::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen) by purgatory.unfix.org (Postfix) with ESMTP id 87160140C19F; Tue, 1 May 2007 13:17:21 +0200 (CEST)
Message-ID: <463721C1.1030100@spaghetti.zurich.ibm.com>
Date: Tue, 01 May 2007 12:17:21 +0100
From: Jeroen Massar <jeroen@unfix.org>
Organization: Unfix
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070221 Thunderbird/1.5.0.10 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Eric Klein <ericlklein.ipv6@gmail.com>
References: <462D4706.4000504@spaghetti.zurich.ibm.com> <462E7AB4.3050807@piuha.net> <m2mz0xp6je.wl%gnn@neville-neil.com> <20070425093402.A30586@mignon.ki.iif.hu> <20070425141336.E95D522875@thrintun.hactrn.net> <462F7005.50700@sri.com> <CE11116E-DF68-481D-AB30-E592C339CEFB@nokia.com> <20070426105836.GA67535@walton.maths.tcd.ie> <18d24aa20704301124r26112198y152ff79d2f94815d@mail.gmail.com>
In-Reply-To: <18d24aa20704301124r26112198y152ff79d2f94815d@mail.gmail.com>
X-Enigmail-Version: 0.94.3.0
OpenPGP: id=333E7C23
X-Virus-Scanned: ClamAV 0.90.1/3188/Tue May 1 12:24:57 2007 on purgatory.unfix.org
X-Virus-Status: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
Subject: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0251923239=="
Errors-To: ipv6-bounces@ietf.org
Eric Klein wrote: > I have just noticed that this topic seems to be going on simutaniously > on both the IPv6 and v6OPS mailing lists. > > The two threads are not coordinated, but both seem very concerned with > IPv6 Type 0 Routing Header issues. [..] > It concerns me that the two teams are working seperatly to solve the > same issue. You misunderstand. These are two separate groups, although some members of them fall under both groups and participate in both. Which is a good thing as without one the other doesn't exist and vice versa, thus feed back from both into both is very important. Unfortunately not everybody can participate in both as some people have networks to run etc ;) To make it a bit clearer: The ipv6-ops@lists.cluenet.de list is for IPv6 Operational matters. This list contains folks who have actual have "enable" or "root" on the network routers around the globe and who can take immediate effect on their workings. As such these people have fortunately, where possible, already taken action to resolve this issue by filtering out Routing Header Type 0 from propagating through their networks. Most of them are awaiting a fix from Juniper though, to resolve it for those routers which actually comprise the largest amount of the IPv6 backbones. These people operating them do this for the benefit of their own organization and thus take their decisions based on the simple metric: does it impact revenue or my operating of the network. As it does pose a danger it is a simple equation to resolve it. The general consensus in this community seems to be to filter out IPv6 Routing Headers of Type 0 completely. The only argument raised by some is that it is useful for 'reverse traceroute', but as that doesn't work when a network properly does uRPF (which it should be doing!) this is far from useless in most cases anyway. uRPF in general makes RH0 completely useless anyway. Having uRPF enabled in most cases mitigates this attack already perfectly fine. Unless of course folks have defaults pointing both ways or the RH0 path is following the correct interface direction. Hard but possibly doable. The ipv6@ietf.org list is for the standardization of the IPv6 protocol. Here is specified how those routers should behave, what the packet data should/must look like etc. There are a lot of different people from a lot of different backgrounds all with different interests in this group, as such, as they don't all have the same goal, not all can be satisfied in one go, unlike the operators who run their network for profit, and consensus have to be reached first amongst all the parties for this to be resolved. Although this group defines the initial RFC, the Operators, next to the Vendors, actually implement them. The standard in the end thus is actually what both groups together come up with. As IPv6 is not a standard yet, we'll just have to write a draft to amend the current IPv6 RFC to resolve this issue. All that said though, as the Operative community is already mostly filtering out RH0, there seems to be little options left where RH0 still is useful... Greets, Jeroen
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- IPv6 Type 0 Routing Header issues Jeroen Massar
- Re: IPv6 Type 0 Routing Header issues Jari Arkko
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Mohacsi Janos
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: IPv6 Type 0 Routing Header issues Remi Denis-Courmont
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino
- Re: IPv6 Type 0 Routing Header issues Paul Vixie
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino
- Re: IPv6 Type 0 Routing Header issues Rob Austein
- Re: IPv6 Type 0 Routing Header issues Tim Enos
- Question for IPv6 w.g. on [Re: IPv6 Type 0 Routin… Bob Hinden
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Perry Lorier
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… David Malone
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… David Malone
- Re: IPv6 Type 0 Routing Header issues Ed Jankiewicz
- Re: IPv6 Type 0 Routing Header issues Gert Doering
- Re: IPv6 Type 0 Routing Header issues Gert Doering
- RE: IPv6 Type 0 Routing Header issues Manfredi, Albert E
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Tony Hain
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… james woodyatt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… james woodyatt
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Alun Evans
- Re: IPv6 Type 0 Routing Header issues Jeroen Massar
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: IPv6 Type 0 Routing Header issues Ebalard, Arnaud
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Ignatios Souvatzis
- itojun2.0 (RE: IPv6 Type 0 Routing Header issues) Jun-ichiro itojun Hagino 2.0
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jari Arkko
- RE: IPv6 Type 0 Routing Header issues Manfredi, Albert E
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Dave Thaler
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Tim Hartrick
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- RE: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Theo de Raadt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Bob Hinden
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Pekka Savola
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Pars Mutaf
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Theo de Raadt
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Dave Thaler
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: IPv6 Type 0 Routing Header issues james woodyatt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Roger Jorgensen
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jeroen Massar
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Paul Vixie
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Ebalard, Arnaud
- Re: IPv6 Type 0 Routing Header issues gnn
- Re: IPv6 Type 0 Routing Header issues Mini
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jeroen Massar
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: Question for IPv6 w.g. on Kenjiro Cho
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino 2.0