Re: [Technical Errata Reported] RFC4443 (4445)
Brian Haberman <brian@innovationslab.net> Mon, 14 September 2015 12:20 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3C031B3463 for <ipv6@ietfa.amsl.com>; Mon, 14 Sep 2015 05:20:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZC6ntTYPgHu for <ipv6@ietfa.amsl.com>; Mon, 14 Sep 2015 05:20:26 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E5FD1B4410 for <ipv6@ietf.org>; Mon, 14 Sep 2015 05:20:19 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 4656C88127 for <ipv6@ietf.org>; Mon, 14 Sep 2015 05:20:19 -0700 (PDT)
Received: from clemson.jhuapl.edu (swifi-nat.jhuapl.edu [128.244.87.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id F0E19328081A for <ipv6@ietf.org>; Mon, 14 Sep 2015 05:20:18 -0700 (PDT)
Subject: Re: [Technical Errata Reported] RFC4443 (4445)
To: "ipv6@ietf.org" <ipv6@ietf.org>
References: <20150816000126.4978D180207@rfc-editor.org>
From: Brian Haberman <brian@innovationslab.net>
Message-ID: <55F6BB81.7020702@innovationslab.net>
Date: Mon, 14 Sep 2015 08:20:17 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150816000126.4978D180207@rfc-editor.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="2gJ8dO6xdBm5LVg11fMex0bb0C5gPAO8u"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/yCezBHi2vua1ZHE1UFrGqGHn9aI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2015 12:20:29 -0000
All, Looking for thoughts on this erratum. Given my understanding of the development of RFC 4443, I am inclined to reject this erratum. It appears to be making a retroactive change to the text to align with current terminology and functionality. That is not the function of the errata system. Does anyone believe this is a valid erratum? Regards, Brian On 8/15/15 8:01 PM, RFC Errata System wrote: > The following errata report has been submitted for RFC4443, > "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=4443&eid=4445 > > -------------------------------------- > Type: Technical > Reported by: Dennis Ferguson <dennis.c.ferguson@gmail.com> > > Section: 3.1 > > Original Text > ------------- > ICMPv6 Fields: > > Type 1 > > Code 0 - No route to destination > [...] > 5 - Source address failed ingress/egress policy > 6 - Reject route to destination > [...] > If the reason for the failure to deliver is lack of a matching entry > in the forwarding node's routing table, the Code field is set to 0. > (This error can occur only in nodes that do not hold a "default > route" in their routing tables.) > [...] > If the reason for the failure to deliver is that the route to the > destination is a reject route, the Code field is set to 6. This may > occur if the router has been configured to reject all the traffic for > a specific prefix. > > Codes 5 and 6 are more informative subsets of code 1. > > > Corrected Text > -------------- > ICMPv6 Fields: > > Type 1 > > Code 0 - No route to destination > [...] > 5 - Source address failed ingress/egress policy > 6 - Destination address failed ingress/egress policy > [...] > If the reason for the failure to deliver is lack of an entry in the > forwarding node's routing table that can be used to reach the > destination, the Code field is set to 0. This error may be reported > by nodes that lack a default route or are the origin of an aggregate > route > [...] > If the reason for the failure to deliver is that the packet with this > destination address is not allowed due to ingress or egress filtering > policies, the Code field is set to 6. > > Codes 5 and 6 are more informative subsets of code 1. > > > Notes > ----- > A router that is the explicit or implicit origin of an aggregate > route prefix in routing must not forward messages to destinations > matching the aggregate prefix using a route with a prefix less specific > than the aggregate route it originated (e.g. a defaut route). This > constraint is necessary to produce correct, loop-free routing. The > parenthetical comment in the current description of the Code 0 error > overlooks the fact that such nodes may lack a route which may be used to > reach a destination matching an aggregate prefix, and may be the only > nodes which could report this lack, even if they do have routes to less > specific matching prefixes. The suggested change to the Code 0 > description attempts to correct this. > > Concerning Code 6, the earliest definition of a "reject route" I've > found in writing is in the RFC 2096 IP Forwarding Table MIB (though > 4.3BSD-Reno kernels supported them in 1990 and there may well be earlier > uses). The updated description of inetCidrRouteType in RFC 4292 says this: > > reject(2) refers to a route that, if matched, discards > the message as unreachable and returns a notification > (e.g., ICMP error) to the message sender. This is used > in some protocols as a means of correctly aggregating > routes. > > In the MIB a reject route is a generic mechanism to indicate that packets > with matching destinations won't be forwarded using less specific routes, > but instead will be discarded if no more specific matching route to use > to forward the packet is known with an error being returned to the > message sender. The reason no specific error is associated with this is > that while the presence of the reject route describes how messages are > forwarded, or not forwarded (i.e. the mechanism), it does not describe why > they are being forwarded like that (i.e. the policy); to know the latter > requires knowing why the reject route was added. Knowing which error > will be reported hence requires knowing the purpose that is being > implemented by the reject route. > > The original use of the mechanism, as indicated above, was to produce > correct forwarding on routers originating aggregate routes. Another use > of the mechanism, to prevent packets with Local IPv6 destination addresses > from being forwarded beyond a site's administrative boundary, was suggested > in Section 4.3 of RFC 4193 (I believe this can only be understood as a > suggestion, rather than an implementation requirement, since the policy > it requires could be indistinguishably implemented with a firewall filter > instead). > > The current definition of Code 6 describes the error being reported > as "Reject route to destination", that is it ascribes the reason for > the error to the mechanism itself rather than the policy the mechanism > was employed to implement. If this was the intent then its discription > is technically inaccurate. A reject route does not necessarily implement > an administrative prohibition nor is its function necessarily to "reject > all traffic for a specific prefix"; the original use of reject routes > for aggregation is inconsistent with both of these. What I believe is > that the intent of Code 6 is to report the error associated with the > RFC 4193 border patrol policy, independent of how that is implemented, and > so I've changed the text to better reflect that. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC4443 (draft-ietf-ipngwg-icmp-v3-07) > -------------------------------------- > Title : Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification > Publication Date : March 2006 > Author(s) : A. Conta, S. Deering, M. Gupta, Ed. > Category : DRAFT STANDARD > Source : IP Version 6 Working Group > Area : Internet > Stream : IETF > Verifying Party : IESG >
- Re: [Technical Errata Reported] RFC4443 (4445) Brian Haberman
- Re: [Technical Errata Reported] RFC4443 (4445) 神明達哉
- Re: [Technical Errata Reported] RFC4443 (4445) Ralph Droms
- Re: [Technical Errata Reported] RFC4443 (4445) Dennis Ferguson
- Re: [Technical Errata Reported] RFC4443 (4445) otroan