IETF Logo Mail Archive

Re: [v6ops] [homenet] Tsinghua work on source/destination routing

Jen Linkova <furry13@gmail.com> Thu, 07 November 2013 16:59 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CFB811E81CF; Thu, 7 Nov 2013 08:59:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.544
X-Spam-Level:
X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.056, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mFD7hSJxATaM; Thu, 7 Nov 2013 08:59:22 -0800 (PST)
Received: from mail-qa0-x231.google.com (mail-qa0-x231.google.com [IPv6:2607:f8b0:400d:c00::231]) by ietfa.amsl.com (Postfix) with ESMTP id F31DA11E819E; Thu, 7 Nov 2013 08:59:21 -0800 (PST)
Received: by mail-qa0-f49.google.com with SMTP id cm18so657195qab.8 for <multiple recipients>; Thu, 07 Nov 2013 08:59:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=E6In2s4X0lJ4eSm+mhds+DubXv78BpYk2pyjpkrwmyo=; b=ctMeitCKZ8TbbL+9oJw1SmmbvTKcBI0lkcSORji2Hj8k1OMf0VY67d78WAMLm++LCN kT0sk/I7uw8MNp84l/u3Y/4e6ByYN8rIuwjSPL+3FubT8BuW4ohw+E9TMQhVkVxvXERW PRIkYADMSg1DSsJvL3GyxH4NWeP5f/oHwx7vCm4rm+/+ReuuyWWbBLMV4JschQq0K3XF 6NyXGEdogSeme+Qyun5s0bOzZda+JZnZ9JeWRQvwcIfQGnK5RHf6yYILkDukvCUzBa+3 umWRojvwrx//W4pElx60A5yy673ScRcj6o4QVQ1QVCWOSHvMEaPEWL5tG6IZfkenn2vp AScw==
X-Received: by 10.224.121.198 with SMTP id i6mr16184619qar.52.1383843556903; Thu, 07 Nov 2013 08:59:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.224.100.195 with HTTP; Thu, 7 Nov 2013 08:58:56 -0800 (PST)
In-Reply-To: <F7C18630-1964-4AFD-8549-559D7582B114@cisco.com>
References: <F7C18630-1964-4AFD-8549-559D7582B114@cisco.com>
From: Jen Linkova <furry13@gmail.com>
Date: Thu, 07 Nov 2013 17:58:56 +0100
Message-ID: <CAFU7BAQT=+B==8pvOYSsWnCvcMEVzy2nh8dAZZXHzYjwmedRpg@mail.gmail.com>
To: "Fred Baker (fred)" <fred@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>, Routing WG <rtgwg@ietf.org>
Subject: Re: [v6ops] [homenet] Tsinghua work on source/destination routing
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 16:59:23 -0000

On Thu, Nov 7, 2013 at 5:45 PM, Fred Baker (fred) <fred@cisco.com> wrote:
> Examples of use cases are generally around multi-prefix campus networks. There is a security use case that could be of value; at IETF 87, George Michaelson of APNIC reported on ULAs seen in his darknet. The short report is that he sees a fair bit of traffic with a ULA source address on the backbone. An interesting potential use of source/destination routing would counter that, and perhaps mitigate the need for ISP BCP 38 if generally deployed; in a case where a network is using a ULA and a global prefix (e.g., is not multihomed but has two prefixes, one of which is intended to only be used within its network), the default route to the network egress would use the global prefix as a source, and as a result traffic sent outside the network with a ULA source prefix would in effect have no route. The network could literally only emit traffic from its correct prefix.

Looks like we (finally) have a chance to enforce the requirement from
RFC4007, Section9:

"If transmitting the packet on the chosen next-hop interface
would cause the packet to leave the zone of the source
address, i.e.,
cross a zone boundary of the scope of the
source address, then the packet is discarded. "

I'm seeing plenty of packets from link-local sources to global
destinations which means that:
1) there are hosts with broken default address selection
AND
2) routers on the Internet do forward such packets (violating the rule
mentioned above).
Fixing #2 actually requires making forwarding decision based on src
and dst (which is not happening now).

More data (sorry, shameless plug :))
https://ripe67.ripe.net/presentations/288-Jen_RIPE67.pdf

-- 
SY, Jen Linkova aka Furry

v2.23.0 | Report a Bug | By Email