Re: [v6ops] IPv6 LL-only as WG document - feedback requested
"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Tue, 14 August 2012 21:08 UTC
Return-Path: <cpignata@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BA3721F8630; Tue, 14 Aug 2012 14:08:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.465
X-Spam-Level:
X-Spam-Status: No, score=-110.465 tagged_above=-999 required=5 tests=[AWL=-0.467, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZTgI5zy2-+i; Tue, 14 Aug 2012 14:08:58 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 398E221F861E; Tue, 14 Aug 2012 14:08:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=cpignata@cisco.com; l=8395; q=dns/txt; s=iport; t=1344978538; x=1346188138; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=4XoNrR/vSmcCOEsvQbCFpWgLcOcYiz0Rh2MW9xu+aJ4=; b=C6ZwB61KVoTNFcc5emGlA2LewbWjB9wla/zOTj/Xy57/CqLubRCDFwXk 7+Kh6zYYRMNHZcL+ssqmQt9jEJnTBYKgkxHBQEudL+hlzd1ZAqRyUmkAZ pAYdoA1Jd+EFrCbPSA6xq1ZngsSqFqvKgvHeV1Ea2mOAzylg5733kHsvX 4=;
X-Files: signature.asc : 203
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkUFABS+KlCtJV2d/2dsb2JhbABFsVwBiEuBB4IgAQEBAwEBAQEPAVsLBQsCAQgYLicLJQEBBA4FDg0Hh2UGC5gXoGuLBYVRYAOOWoEghVGBFI0WgWaCXw
X-IronPort-AV: E=Sophos; i="4.77,769,1336348800"; d="asc'?scan'208,217"; a="111615365"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-3.cisco.com with ESMTP; 14 Aug 2012 21:08:57 +0000
Received: from xhc-aln-x04.cisco.com (xhc-aln-x04.cisco.com [173.36.12.78]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id q7EL8vRX008199 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 14 Aug 2012 21:08:57 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.72]) by xhc-aln-x04.cisco.com ([173.36.12.78]) with mapi id 14.02.0298.004; Tue, 14 Aug 2012 16:08:57 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: [v6ops] IPv6 LL-only as WG document - feedback requested
Thread-Index: Ac1zsaLKu65hBuxGQ1mVPU9TRZLT7QALZhOAAarsawA=
Date: Tue, 14 Aug 2012 21:08:56 +0000
Message-ID: <724010AF-C8BA-4D97-BE5D-48A53AAB960A@cisco.com>
References: <67832B1175062E48926BF3CB27C49B24068549@xmb-aln-x12.cisco.com> <501F8D5F.5000805@gmail.com>
In-Reply-To: <501F8D5F.5000805@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.81.8.2]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19114.001
x-tm-as-result: No--37.489300-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/signed; boundary="Apple-Mail=_D2B117C1-4AC3-4D54-BD4B-52CA24B79CEC"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Cc: "'draft-behringer-lla-only@tools.ietf.org' (draft-behringer-lla-only@tools.ietf.org)" <draft-behringer-lla-only@tools.ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "v6ops v6ops WG (v6ops@ietf.org)" <v6ops@ietf.org>
Subject: Re: [v6ops] IPv6 LL-only as WG document - feedback requested
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 21:08:59 -0000
Michael, Brian, Should "The Suggested Approach" http://tools.ietf.org/html/draft-behringer-lla-only-01#section-2.1 also include some prescriptiveness or specific recommendation regarding the use of RFC 5837, instead of including that solution to interface identification as a "Caveats and Possible Workarounds" only? Thanks, -- Carlos. On Aug 6, 2012, at 5:24 AM, Brian E Carpenter wrote: > Hi, > >> o Management plane traffic, such as SSH, Telnet, SNMP, ICMP echo >> request ... can be addressed to loopback addresses of routers with >> a global scope address. Router management can also be done over >> out-of-band channels. >> >> o ICMP error message can also be sourced from the global scope >> loopback address. > > These statements seem too weak. Using GUAs for ICMP in particular > needs to have a normative MUST somewhere (preferably in a BCP). In the > context of this Informational draft, the language needs to state a requirement > ("must" not "can") even if you don't use RFC 2119 terminology. > > This matters because packets with a LL source address MUST NOT be forwarded, > so a router that is misconfigured to send ICMP replies with a LL source > address breaks both ping and traceroute. > > I think the rule is that any packet that is *not* sent to a LL address must > have a GUA as the source address. That takes care of ICMP, and everything else > as well. > > Furthermore, that GUA needs to be associated with a prefix that belongs to > the organisation operating the router in question. Otherwise the traceroute > results can be very confusing. We discussed that on v6ops back in March. > > Regards > Brian Carpenter > > > > > On 06/08/2012 10:03, Gunter Van de Velde (gvandeve) wrote: >> (distributed to OPSEC WG and in cc v6ops) >> >> Dear all, >> >> During the OPSEC WG meeting last Wednesday there was consensus to adopt the draft http://tools.ietf.org/html/draft-behringer-lla-only-01 as working group document with Informational status. >> >> Please read the draft, and if there is no violent objection on the list, the document will be requested to be submitted as WG document in 7 days. >> >> Ciao, >> G/, KK & Warren >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> v6ops mailing list >> v6ops@ietf.org >> https://www.ietf.org/mailman/listinfo/v6ops > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops >
- [v6ops] IPv6 LL-only as WG document - feedback re… Gunter Van de Velde (gvandeve)
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Brian E Carpenter
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Gunter Van de Velde (gvandeve)
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Brian E Carpenter
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Gunter Van de Velde (gvandeve)
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Brian E Carpenter
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Gunter Van de Velde (gvandeve)
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Michael Behringer (mbehring)
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Carlos Pignataro (cpignata)
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Brian E Carpenter
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Mark ZZZ Smith
- Re: [v6ops] IPv6 LL-only as WG document - feedbac… Michael Behringer (mbehring)
- Re: [v6ops] [OPSEC] IPv6 LL-only as WG document -… Eric Vyncke (evyncke)