IETF Logo Mail Archive

Re: RFC3484 destination address selection rule 2 is buggy

Rémi Denis-Courmont <rdenis@simphalempin.com> Thu, 13 March 2008 22:58 UTC

Return-Path: <ipv6-bounces@ietf.org>
X-Original-To: ietfarch-ipv6-archive@core3.amsl.com
Delivered-To: ietfarch-ipv6-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 68D363A6B75; Thu, 13 Mar 2008 15:58:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.145
X-Spam-Level:
X-Spam-Status: No, score=-101.145 tagged_above=-999 required=5 tests=[AWL=-1.004, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_13=0.6, MIME_8BIT_HEADER=0.3, MIME_QP_LONG_LINE=1.396, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U7RqaKZ6q3ry; Thu, 13 Mar 2008 15:58:35 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5DC3C3A6EE5; Thu, 13 Mar 2008 15:58:35 -0700 (PDT)
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 09B2D3A6B75 for <ipv6@core3.amsl.com>; Thu, 13 Mar 2008 15:58:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NyIjWR9Lb82c for <ipv6@core3.amsl.com>; Thu, 13 Mar 2008 15:58:33 -0700 (PDT)
Received: from yop.chewa.net (unknown [IPv6:2001:41d0:1:a0d6::401:1983]) by core3.amsl.com (Postfix) with ESMTP id A13A43A6EE5 for <ipv6@ietf.org>; Thu, 13 Mar 2008 15:58:31 -0700 (PDT)
Received: from leon.remlab.net (unknown [IPv6:2001:df8:0:16:219:d2ff:fe07:5de5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: remi) by yop.chewa.net (Postfix) with ESMTP id 64F22872; Thu, 13 Mar 2008 23:56:13 +0100 (CET)
From: Rémi Denis-Courmont <rdenis@simphalempin.com>
Organization: Remlab.net
To: ipv6@ietf.org
Subject: Re: RFC3484 destination address selection rule 2 is buggy
Date: Fri, 14 Mar 2008 00:56:10 +0200
User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405)
References: <alpine.LRH.1.00.0803140026591.6318@netcore.fi>
In-Reply-To: <alpine.LRH.1.00.0803140026591.6318@netcore.fi>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200803140056.10860.rdenis@simphalempin.com>
Cc: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org>, Iljitsch van Beijnum <iljitsch@muada.com>, Pekka Savola <pekkas@netcore.fi>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org

Le Friday 14 March 2008 00:27:26 Pekka Savola, vous avez écrit :
> This issue was first reported about 5 years ago by Alain Durand et al and
> yet there is no fix yet (and no mention in the default address selection
> problem statement), see section 2 of:
> http://tools.ietf.org/html/draft-ietf-v6ops-v6onbydefault-03
>
> The main problem is destination address selection rule 2 which requires
> that source and destination address scopes must match (which in the case of
> v4 private and global addresses is not a very useful comparison given the
> prevalence of NAT).

Indeed. And this was (inconclusively) discussed at the mike during the last 
v6ops meeting. I had also asked about this a few months ago. Nobody seemed to 
care (winter vacation?):
http://www.ops.ietf.org/lists/v6ops/v6ops.2007/msg01150.html

> Maybe we need a more systematic approach to deal with RFC3484 issues (as
> in, a numbered list of all the problems noted) instead of doing a nice new
> features to have PPT slideshow every IETF meeting.

I think we need to "simplify" RFC3484 section 3.2 through removing the IPv4 
site-local scope there: we'd be left with only global scope (public addresses 
+ RFC1918) and link-local scope (169.254.0.0/16).

I suspect some implementors (at least Windows) already ignore §3.2 for the 
sake of reliability. I know Linux does implement ¼3.2 to the letter of the 
RFC unfortunately. And I have seen people _remove_ AAAA from their server's 
DNS records because of this issue, combined with deficient 6to4 relays.


Another problem involves incomplete implementation of RFC3484: some stacks 
apply RFC3484 for IPv6, in connect() and sendto() socket APIs, but fail to do 
RFC3484 in getaddrinfo(), and simply assume IPv6 is first, and IPv4 second. I 
suspect this applies to OSX and BSDs, and also "embedded" C run-times.

These two issues are different, though they effectively have the same result: 
favor IPv6 over IPv4, when IPv4 should be favored over IPv6 (IMHO).

-- 
Rémi Denis-Courmont
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email