IETF Logo Mail Archive

Re: [Snac] Router using Ipv6 prefix length = 67

Alexandre Petrescu <alexandre.petrescu@gmail.com> Wed, 07 June 2023 09:05 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: snac@ietfa.amsl.com
Delivered-To: snac@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DE93C151075 for <snac@ietfa.amsl.com>; Wed, 7 Jun 2023 02:05:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.672
X-Spam-Level:
X-Spam-Status: No, score=0.672 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25XfYztNyH-P for <snac@ietfa.amsl.com>; Wed, 7 Jun 2023 02:05:21 -0700 (PDT)
Received: from sainfoin-smtp-out.extra.cea.fr (sainfoin-smtp-out.extra.cea.fr [132.167.192.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6ECC3C14CE27 for <snac@ietf.org>; Wed, 7 Jun 2023 02:05:19 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 35795Gr5047145 for <snac@ietf.org>; Wed, 7 Jun 2023 11:05:16 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 9FDFE2088E0 for <snac@ietf.org>; Wed, 7 Jun 2023 11:05:16 +0200 (CEST)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 94A792022FB for <snac@ietf.org>; Wed, 7 Jun 2023 11:05:16 +0200 (CEST)
Received: from [10.8.32.70] (is156570.intra.cea.fr [10.8.32.70]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 35795GCm040807 for <snac@ietf.org>; Wed, 7 Jun 2023 11:05:16 +0200
Message-ID: <0584129f-775d-0ff4-641c-813eca74e581@gmail.com>
Date: Wed, 07 Jun 2023 11:05:16 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2
Content-Language: fr
To: snac@ietf.org
References: <39BE8173-F4D2-4B8C-A136-A5A7F441B3BF@amazon.com> <10B44E76-01E1-4A09-881D-2228B4E07508@amazon.com> <CAGwZUDvWAnFJO4KJCyd0k_ydxzZaxEZ+D9-WXFCb_gfOHWOPwA@mail.gmail.com> <786.1686096218@localhost> <CAPt1N1mqY=Psp0NN2MRd-UA9rgECiN_y-+NVA_sq=AA6FFLzzw@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
In-Reply-To: <CAPt1N1mqY=Psp0NN2MRd-UA9rgECiN_y-+NVA_sq=AA6FFLzzw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/snac/Kz1FyRJFVNuy5jKjaAucvrM9_Ag>
Subject: Re: [Snac] Router using Ipv6 prefix length = 67
X-BeenThere: snac@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Mailing list for discussing problems relating to the automatic connection of stub networks to existing infrastructure networks. " <snac.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/snac>, <mailto:snac-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/snac/>
List-Post: <mailto:snac@ietf.org>
List-Help: <mailto:snac-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/snac>, <mailto:snac-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2023 09:05:24 -0000


Le 07/06/2023 à 02:12, Ted Lemon a écrit :
> I think it makes sense to have the definition of “usable prefix” specify 
> that the length needs to be 64 bits.

I do not agree.

A usable prefix is specified in the referred text as a prefix with a 
certain lifetime, not a certain length.

If  one would like to specify a 'usable' prefix to be of length 
precisely 64 then there are potentially several RFCs that are impacted.

That said, I generally agree with the WG consensus about the 64bit 
limits in IPv6 addressing, but these limits are rather more complex and 
they have a notion of time to it: today it is that way but we dont about 
know another day.

 >> Otherwise this turns into a DoS
> attack.

I do not disagree that it can be interpreted that way.

Put a router on a link sending a RA PIO plen 67 and so deny the service 
to the Non-Thread Matter Controller.  It's a DoS!

The solution could be to secure that access to that link, i.e. have a 
key necessary before ability to send RAs.

But I do not agree that because of that 67 there is DoS.

Alex

> 
> On Tue, 6 Jun 2023 at 20:03, Michael Richardson <mcr+ietf@sandelman.ca 
> <mailto:mcr%2Bietf@sandelman.ca>> wrote:
> 
> 
>     I couldn't understand all of this thread.
>     Is this WNP3000 receiving a plen=67 prefix from upstream and doing
>     the wrong thing?
> 
>     Or is this WNP3000 receiving a plen=64 prefix from upstream, and then
>     splitting it up into 8 unuseable prefixes of len=67?
>     Or ???
> 
>     I agree that the SNAC Stub router needs to defend against unuseable
>     prefixes.
>     (It seems like it should be a call home and report situation, since
>     nobody
>     local will know what to do.  But that's not subject to standardization)
> 
>     --
>     Michael Richardson <mcr+IETF@sandelman.ca
>     <mailto:mcr%2BIETF@sandelman.ca>>   . o O ( IPv6 IøT consulting )
>                 Sandelman Software Works Inc, Ottawa and Worldwide
> 
> 
> 
> 
>     -- 
>     Snac mailing list
>     Snac@ietf.org <mailto:Snac@ietf.org>
>     https://www.ietf.org/mailman/listinfo/snac
>     <https://www.ietf.org/mailman/listinfo/snac>
> 
>

v2.23.0 | Report a Bug | By Email