IETF Logo Mail Archive

Re: [v6ops] Last Call: <draft-ietf-v6ops-ra-guard-implementation-04.txt> (Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard)) to Best Current Practice

Ran Atkinson <ran.atkinson@gmail.com> Wed, 30 May 2012 21:05 UTC

Return-Path: <ran.atkinson@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE5BD21F865F for <v6ops@ietfa.amsl.com>; Wed, 30 May 2012 14:05:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[AWL=0.350, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4oGbhMWtT5wT for <v6ops@ietfa.amsl.com>; Wed, 30 May 2012 14:05:46 -0700 (PDT)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4F84721F85CD for <v6ops@ietf.org>; Wed, 30 May 2012 14:05:46 -0700 (PDT)
Received: by vcqp1 with SMTP id p1so199795vcq.31 for <v6ops@ietf.org>; Wed, 30 May 2012 14:05:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; bh=v+j1vEuqgJDXxkW6G4pDBKStRsmAmi6SWbR47pOgwQs=; b=TQXng2M1pSQlx9oiWCSqn80IQFziLn27jmTJB4xTJkUBLQS74/pgdAxISZtDx5tW2s XRIRBblS9+ffzU4ArqkUO/Q+uVidDMJPl16OHu5Lmuc/pAY6HaEQCzizh3JQTNoX0rUN GvJqgyiRV8hsDYAmadAwz7nJoenuGVAFadZh7jvIfNFAgTm9SJY2iJdYmRE1Lk7tSD/8 71VFGwjjFShIQsP2FLR7mMXdFKW9qs5hZLIBxFFNlgboYB/xvDRH9DgUvNkKkBMOLTIT /es9W+Fwj1RboPFMDxlt6zEsaDd81mief5XJdGChZq/x37KxT+csa7UCUkmaeF/hL8wz vqNA==
Received: by 10.220.119.147 with SMTP id z19mr18647848vcq.15.1338411945827; Wed, 30 May 2012 14:05:45 -0700 (PDT)
Received: from [10.30.20.11] (pool-96-225-134-175.nrflva.fios.verizon.net. [96.225.134.175]) by mx.google.com with ESMTPS id bv19sm1342885vdc.19.2012.05.30.14.05.44 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 30 May 2012 14:05:45 -0700 (PDT)
From: Ran Atkinson <ran.atkinson@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Wed, 30 May 2012 17:05:43 -0400
Message-Id: <07004891-BB63-4D5A-B858-1069B97CD47F@gmail.com>
To: v6ops@ietf.org
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
X-Mailman-Approved-At: Wed, 30 May 2012 14:21:43 -0700
Subject: Re: [v6ops] Last Call: <draft-ietf-v6ops-ra-guard-implementation-04.txt> (Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard)) to Best Current Practice
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2012 21:05:47 -0000

Fernando wrote:
> It's not a protocol change, but an operational mitigation. -- for
> instance, there is no change in the way the sending router or the
> receiving hosts process RAs.

Nonsense.  


Rule 4 mandates changes to whether certain IPv6 packets get forwarded,
which is a major change to the IPv6 protocol specifications.


Rule 4 is both a protocol change and (misguided) operational mitigation.  
Rule 4 is mandatory according to this document and will cause certain 
perfectly valid IPv6 packets to be dropped instead of forwarded.  The
rule damages IPv6 and impairs utility of IPv6 in the real world.


The comprehensive fix is to update the hosts as Joel Halpern and Ron Bonica
outlined earlier today.  I don't think that change would be controversial,
so likely it could proceed quickly through 6MAN.  In the meantime,
Rule 4 could be edited and cleaned up such that no valid IPv6
packets get dropped by an RA Guard.

Yours,

Ran

v2.23.0 | Report a Bug | By Email