Re: [v6ops] RFC6459 "IPv6 in 3GPP" - the IID in the LL address

[Alexandre Petrescu <alexandre.petrescu@gmail.com>]

Le 10/07/2017 à 19:09, Gert Doering a écrit :
> Hi,
> 
> On Mon, Jul 10, 2017 at 06:27:47PM +0200, Alexandre Petrescu wrote:
>>> [Med] This is an optimization to avoid DAD.
>>
>> Ok about LL, but how about the GUA?  If the network uses a GUA same as
>> the UE then there should be DAD for that GUA.
> 
> The network is not using addresses out of the /64 assigned to the handset.
> 
>> I dont think there is any spec that tells that the network MUST NOT
>> assign a GUA on its interface towards the UE.
> 
> Do not "think" when 3GPP specs are confirmed - just check.  This is
> (as has been explained before) standardized quite well.

I am not sure what you mean there.

> [..]
>> Some packets with LLs as src have been witnessed in the Internet at large.
> 
> This is a bug in all the forwarding entities on the path and needs to be
> fixed.

That is your oppinion.

There should be nothing wrong in sending packets to the Internet. 
Forwarding is based on the dst address.

Some people say that the src and dst addresses should have the same 
scope, but that is not true either.  Some protocols dont work w/o src 
GUA and dst link-scope multicast.

>> Some times some UE apps may put a link-local address in
>> application-layer payloads.  Some protocols do it too (e.g. OSPF puts
>> LLs in LSAs, DHCP puts interface IDs and LLs in payloads, etc).
> 
> This would be a bug in the application, which would need to be fixed.

Well - I think you dont understand.

Speaking only for DHCP here:

DHCP carries interface IDs in UDP payloads.  They're called "Link-layer 
address" 48bit, in Client Identifier, as an UDP payload in DHCPv6 
Solicit, by the User Terminal.

If the Server is in the operator's network, then one could think that 
there is no more tracking danger than without DHCP.  But if the Server 
and intermediary routers are outside the operator's network then there's 
real risk of tracking.

One could not fix the DHCP protocol to eliminate that Client identifier, 
because if so then DHCP will no longer work.

And we said we want DHCP to work in order to get this DHCPv6 Prefix 
Delegation.

Do you see?

> (Nobody stated, btw, that you'll get the *same* IID on every PDP setup...)

I agree.

>>>    It is guaranteed unique, so it can also be used to track.
>>> [Med] to be tracked by whom?
>> By the operator, and by other parties outside the operator network.
> 
> The operator knows where you are and what you do, without having to refer
> to LLAs.

So why does it mandate an IID on the UE?  What is that protocol?

Alex

> 
> Gert Doering
>          -- NetMaster
>