IETF Logo Mail Archive

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Jeroen Massar <jeroen@unfix.org> Tue, 01 May 2007 11:17 UTC

Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HiqMK-0007RB-4B; Tue, 01 May 2007 07:17:28 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HiqMI-0007R4-4C for ipv6@ietf.org; Tue, 01 May 2007 07:17:26 -0400
Received: from purgatory.unfix.org ([213.136.24.43]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1HiqMG-0007ek-I2 for ipv6@ietf.org; Tue, 01 May 2007 07:17:26 -0400
Received: from [IPv6:2001:770:100:9e::2] (cl-159.dub-01.ie.sixxs.net [IPv6:2001:770:100:9e::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen) by purgatory.unfix.org (Postfix) with ESMTP id 87160140C19F; Tue, 1 May 2007 13:17:21 +0200 (CEST)
Message-ID: <463721C1.1030100@spaghetti.zurich.ibm.com>
Date: Tue, 01 May 2007 12:17:21 +0100
From: Jeroen Massar <jeroen@unfix.org>
Organization: Unfix
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070221 Thunderbird/1.5.0.10 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Eric Klein <ericlklein.ipv6@gmail.com>
References: <462D4706.4000504@spaghetti.zurich.ibm.com> <462E7AB4.3050807@piuha.net> <m2mz0xp6je.wl%gnn@neville-neil.com> <20070425093402.A30586@mignon.ki.iif.hu> <20070425141336.E95D522875@thrintun.hactrn.net> <462F7005.50700@sri.com> <CE11116E-DF68-481D-AB30-E592C339CEFB@nokia.com> <20070426105836.GA67535@walton.maths.tcd.ie> <18d24aa20704301124r26112198y152ff79d2f94815d@mail.gmail.com>
In-Reply-To: <18d24aa20704301124r26112198y152ff79d2f94815d@mail.gmail.com>
X-Enigmail-Version: 0.94.3.0
OpenPGP: id=333E7C23
X-Virus-Scanned: ClamAV 0.90.1/3188/Tue May 1 12:24:57 2007 on purgatory.unfix.org
X-Virus-Status: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
Subject: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0251923239=="
Errors-To: ipv6-bounces@ietf.org

Eric Klein wrote:
> I have just noticed that this topic seems to be going on simutaniously
> on both the IPv6 and v6OPS mailing lists.
>  
> The two threads are not coordinated, but both seem very concerned with
> IPv6 Type 0 Routing Header issues.
[..]
> It concerns me that the two teams are working seperatly to solve the
> same issue.

You misunderstand. These are two separate groups, although some members
of them fall under both groups and participate in both. Which is a good
thing as without one the other doesn't exist and vice versa, thus feed
back from both into both is very important. Unfortunately not everybody
can participate in both as some people have networks to run etc ;)

To make it a bit clearer:

The ipv6-ops@lists.cluenet.de list is for IPv6 Operational matters. This
list contains folks who have actual have "enable" or "root" on the
network routers around the globe and who can take immediate effect on
their workings. As such these people have fortunately, where possible,
already taken action to resolve this issue by filtering out Routing
Header Type 0 from propagating through their networks. Most of them are
awaiting a fix from Juniper though, to resolve it for those routers
which actually comprise the largest amount of the IPv6 backbones. These
people operating them do this for the benefit of their own organization
and thus take their decisions based on the simple metric: does it impact
revenue or my operating of the network. As it does pose a danger it is a
simple equation to resolve it. The general consensus in this community
seems to be to filter out IPv6 Routing Headers of Type 0 completely. The
only argument raised by some is that it is useful for 'reverse
traceroute', but as that doesn't work when a network properly does uRPF
(which it should be doing!) this is far from useless in most cases
anyway. uRPF in general makes RH0 completely useless anyway.

Having uRPF enabled in most cases mitigates this attack already
perfectly fine. Unless of course folks have defaults pointing both ways
or the RH0 path is following the correct interface direction. Hard but
possibly doable.



The ipv6@ietf.org list is for the standardization of the IPv6 protocol.
Here is specified how those routers should behave, what the packet data
should/must look like etc. There are a lot of different people from a
lot of different backgrounds all with different interests in this group,
as such, as they don't all have the same goal, not all can be satisfied
in one go, unlike the operators who run their network for profit, and
consensus have to be reached first amongst all the parties for this to
be resolved. Although this group defines the initial RFC, the Operators,
next to the Vendors, actually implement them. The standard in the end
thus is actually what both groups together come up with. As IPv6 is not
a standard yet, we'll just have to write a draft to amend the current
IPv6 RFC to resolve this issue.


All that said though, as the Operative community is already mostly
filtering out RH0, there seems to be little options left where RH0 still
is useful...

Greets,
 Jeroen


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email