Re: [v6ops] PD to hosts [was: DAD again [was: draft-ietf-v6ops-host-addr-availability discussion] ]
Alexandre Petrescu <alexandre.petrescu@gmail.com> Tue, 17 November 2015 11:09 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D3261B2A9D for <v6ops@ietfa.amsl.com>; Tue, 17 Nov 2015 03:09:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.983
X-Spam-Level:
X-Spam-Status: No, score=-4.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, SPF_SOFTFAIL=0.665] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lkj3qOXdZZj5 for <v6ops@ietfa.amsl.com>; Tue, 17 Nov 2015 03:09:46 -0800 (PST)
Received: from sainfoin-out.extra.cea.fr (sainfoin-out.extra.cea.fr [132.167.192.145]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBAD41B2A03 for <v6ops@ietf.org>; Tue, 17 Nov 2015 03:09:45 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin.extra.cea.fr (8.15.2/8.15.2/CEAnet-Internet-out-2.4) with ESMTP id tAHB9hgF003155 for <v6ops@ietf.org>; Tue, 17 Nov 2015 12:09:43 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 0D3A420A30A for <v6ops@ietf.org>; Tue, 17 Nov 2015 12:16:01 +0100 (CET)
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 0421B20A12D for <v6ops@ietf.org>; Tue, 17 Nov 2015 12:16:01 +0100 (CET)
Received: from [127.0.0.1] (is227335.intra.cea.fr [10.8.34.184]) by muguet1.intra.cea.fr (8.15.2/8.15.2/CEAnet-Intranet-out-1.4) with ESMTP id tAHB9ho5001693 for <v6ops@ietf.org>; Tue, 17 Nov 2015 12:09:43 +0100
To: v6ops@ietf.org
References: <m1ZyNBq-0000HnC@stereo.hq.phicoh.net> <2134F8430051B64F815C691A62D9831832F4CF07@XCH-BLV-504.nw.nos.boeing.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <564B0AF7.4080106@gmail.com>
Date: Tue, 17 Nov 2015 12:09:43 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <2134F8430051B64F815C691A62D9831832F4CF07@XCH-BLV-504.nw.nos.boeing.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/Q3kydXBas3HNVsVYrJipps01z3w>
Subject: Re: [v6ops] PD to hosts [was: DAD again [was: draft-ietf-v6ops-host-addr-availability discussion] ]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 11:09:48 -0000
Le 16/11/2015 18:26, Templin, Fred L a écrit : > Hi Philip, > >> -----Original Message----- >> From: pch-bBB316E3E@u-1.phicoh.com [mailto:pch-bBB316E3E@u-1.phicoh.com] On Behalf Of Philip Homburg >> Sent: Monday, November 16, 2015 9:04 AM >> To: v6ops@ietf.org >> Cc: Templin, Fred L; Hemant Singh (shemant) >> Subject: PD to hosts [was: DAD again [was: draft-ietf-v6ops-host-addr-availability discussion] ] >> >>> This is starting to diverge from the case I originally intended this discussion >>> to >>> examine. The case I am interested in is as follows: >>> >>> - Node N receives a /64 prefix delegation for prefix P over interface eth0. >>> - N assigns P to the lo interface as a /64 route. This is done to black-hole >>> unused portions of P. >>> - N configures address A from prefix P, and assigns it to eth0. >>> - N need not perform DAD for A over eth0, because the delegating router >>> has made sure that the routing system will route all packets with a >>> destination address from P to node N, and not to any other node. >>> >>> In this way, N can function as an ordinary host according to the strong end >>> system model even though it acted as a "requesting router" in procuring a >>> prefix from the delegating router. No other node X on the same link as >>> N can therefore configure an address from P and have the routing system >>> return packets to X. In fact, any node X that configures an address from P >>> can be considered an "attacker", and the use or non-use of DAD has no >>> way of preventing that. In fact, the use of DAD could give X a clue as to >>> which addresses from P are ripe for attacking. So, it is in fact better to >>> NOT do DAD. >> >> I have a two questions about this, sort of unrelated to DAD (so I changed the >> subject). >> >> 1) How do packets reach the host. Is that documented somewhere? > > RFC3633 is largely silent on this, Yes, and the forthcoming DHCPv6 update integrating PD will also be silent I believe (they try pure tex integration, little if any new text). > but when P is delegated to N, it is > implied that the delegating router must somehow inject information > into the routing system that will guide packets with destination > address A to N. Yes, I agree. Alex > >> I assume that in this case a router will send packets with destination >> prefix P to the link local address of N. But is that specified somewhere? > > That is correct, but again RFC3633 is largely silent. > >> 2) If a node M on the same ethernet link wants to communicate with address >> A, it creates a destination cache entry for A picking a default router >> as next hop (because P is not onlink). Later, A can send the reply >> directly to M if M's address is onlink. That is likely to cause a >> neighbor cache entry for A at M, which will not be used because the >> destination cache entry is still in place. > > In this instance, the default router would return a Redirect to M to inform > it that N is a better first hop for reaching address A. The Redirect would > cause M to update its destination cache accordingly. > > Thanks - Fred > fred.l.templin@boeing.com > >> Not good if you ever want to debug something. >> > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops >
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Philip Homburg
- [v6ops] PD to hosts [was: DAD again [was: draft-i… Philip Homburg
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Templin, Fred L
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Templin, Fred L
- Re: [v6ops] PD to hosts sthaug
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Philip Homburg
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Templin, Fred L
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Philip Homburg
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Alexandre Petrescu
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Alexandre Petrescu
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Alexandre Petrescu
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… mohamed.boucadair
- Re: [v6ops] PD to hosts [was: DAD again [was: dra… Templin, Fred L