source route reversal
Tony Li <tli@cisco.com> Thu, 02 February 1995 20:03 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa09549; 2 Feb 95 15:03 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa09545; 2 Feb 95 15:03 EST
Received: from venera.isi.edu by CNRI.Reston.VA.US id aa13154; 2 Feb 95 15:03 EST
Received: from lager.cisco.com by venera.isi.edu (5.65c/5.61+local-20) id <AA29155>; Thu, 2 Feb 1995 11:29:15 -0800
Received: (tli@localhost) by lager.cisco.com (8.6.8+c/CISCO.SERVER.1.1) id LAA05395; Thu, 2 Feb 1995 11:29:14 -0800
Date: Thu, 02 Feb 1995 11:29:14 -0800
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Tony Li <tli@cisco.com>
Message-Id: <199502021929.LAA05395@lager.cisco.com>
To: bmanning@isi.edu
Cc: sob@newdev.harvard.edu, rreq@isi.edu
In-Reply-To: bmanning@ISI.EDU's message of Thu, 2 Feb 1995 04:27:15 -0800 (PST) <199502021227.AA02779@zed.isi.edu>
Subject: source route reversal
> A question on the current rr draft (I don't know the answer) > > A number of places the current draft says that if there is a source > route in the packet and any response (ICMP etc) has to be generated, > the source route MUST be reversed and used to direct the return packet. > The issue of doing this sort of thing came up in the IPv6 source route > discussions and some people like Tony Li had strong thoughts that this type of > behavior should not be required. > > Is this something that should be brought up for specific discussion? Well maybe. I expect that the draft wording correctly reflects the general agreement of the group and the intent of source routes. Tony, What does SDR have to say on this matter? I dunno. I don't speak for the group. I fully understand and support the intent of reversing the source route. My understanding is that the goal here is to have path symmetry. However, in an environment which supports policy routing, this is perhaps not optimal. I believe that the author's intent was to disallow wholesale removal of the source route by lazy implementations. I believe that there is a "strong" vs. "weak" source routing argument, where the existing text represents the "strong" side. The result of the "strong" argument in a policy routing environment means that if the reply packet would violate policy by having a source route not matching policy, that the packet MUST be dropped. Note that the originator may have no mechanism for determining a source route that is acceptable to the destination's outbound policy. This effectively means that source routing to the destination is effectively useless, as it severs connectivity. This in turn implies that much of the initial work with policy routing is likely to be futile as we are not able to deploy anything until we have a coherent mechanism for global policy distribution and calculation. In other words, never. The "weak" source routing argument would say that connectivity is paramount, and that the source should never have any need to know about the destination's outbound policy, which should, in fact, be private. The intent of the source route reversal is to provide path symmetry wherever possible, but is not to provide security. Thus, asymmetric paths are preferable to disconnection. Accordingly, I recommend that the text be changed to reflect the following: - If the node is unaware of outbound policy constraints, then the node MUST reverse the source route. - If the node is aware of outbound policy constraints then the node is free to return the packet using appropriate mechanisms within the bounds of those constraints. I would appreciate having this resolved quickly. Tony
- source route reversal Scott Bradner
- Re: source route reversal bmanning
- source route reversal Tony Li
- Re: source route reversal Bill Manning
- Re: source route reversal Scott Bradner
- Re: source route reversal Fred Baker