IETF Logo Mail Archive

Re: [v6ops] new draft: draft-elkins-v6ops-multicast-virtual-nodes

Nalini Elkins <nalini.elkins@insidethestack.com> Fri, 19 September 2014 19:24 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E5F81A876F for <v6ops@ietfa.amsl.com>; Fri, 19 Sep 2014 12:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.599
X-Spam-Level:
X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KK2fGiJYlov2 for <v6ops@ietfa.amsl.com>; Fri, 19 Sep 2014 12:24:33 -0700 (PDT)
Received: from nm5-vm2.bullet.mail.ne1.yahoo.com (nm5-vm2.bullet.mail.ne1.yahoo.com [98.138.90.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B36DB1A871E for <v6ops@ietf.org>; Fri, 19 Sep 2014 12:24:32 -0700 (PDT)
Received: from [98.138.101.129] by nm5.bullet.mail.ne1.yahoo.com with NNFMP; 19 Sep 2014 19:24:32 -0000
Received: from [98.138.89.194] by tm17.bullet.mail.ne1.yahoo.com with NNFMP; 19 Sep 2014 19:24:32 -0000
Received: from [127.0.0.1] by omp1052.mail.ne1.yahoo.com with NNFMP; 19 Sep 2014 19:24:32 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 3630.88380.bm@omp1052.mail.ne1.yahoo.com
Received: (qmail 81716 invoked by uid 60001); 19 Sep 2014 19:24:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1411154671; bh=M/SlAGpnAKHYX9tYu41DmnTpza2t9d9x/MJFWu7e5Ho=; h=References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=vm80jY7gRNMn5YVUVoQ2usRDhcChvAyndbGtq8yyBiIrViWkS6NG+E2JwUB74VEwgnM8bf5GelEnzJxCh70mGQHcDryB3MhN+hKINX0+MMc48qMiPb3twgLwqKWQHT3AHxqcXik++RlBx6v1A5amkbIMXKAs95MmfWnktwYLHK4=
X-YMail-OSG: d3Ei03kVM1mcqwr5gqz_hbHPa8mL.uDj0vQdwHV4GhoOx7i HgRa6yTpEwHwvZts9TN12AvcJ.Lhd8T0Hwx5ZKmrj0Qv6bmBZCwTrKzvbAHI vedYonT6hMc1PLfWD4DyWemyp4mJUr_8zXHNZoD9vPwlYERmFXDI0bwCzRwD vuySk5_hYHIPuqvJpmJagM3lWRcdA4TUxrGG5hmBexCd.FeTOd6PDyBO6IcP Ub0g1gL43NokAUThon3Lw44tSgHz8zAwFblZTDAuoBLw50sdboP0xtv5Ul4n euokBvKoNUhDHFT7ccZmESLaAQJqJUSbJ.sq4pYF_onfTOwGMWFV1ScgakrK 8X9F8IHqk8VNA3HY0kh_6gLsqa6nXdyV_JgFnJl6tsEE1JNQWTZd.cDGzlQz OKpuGR.6W6DiX6iUcbfmMtQjgWNUG2_SZqQMX8gsajOvO6turQI4pfXoJfua 7vJXlSc5PGxy.XHzMHSIA8WVhBXYgcDWcmVDgdI3GGrymt6W55IQUIaa7lV5 ehow6ZEpoJNbK5FlZRyDrd8ECKbOPte0smfeRSzw5TjEuCam8fTKQ4DgqNkV 1gSV0vQxTBVnXK3yCthz8yGPAtJcbbrqlFXmPe.t.tokiTXZelh7XsB1xok6 eJyQTm8G5OA2pHQQ5JCB0Zt1xhQ_XBel8LUoikaLO957neqGslkJZ44EPvIx iHJcCbjowSiMyPKgCDnVVh5a83nuI_YqiQw--
Received: from [24.130.244.175] by web125102.mail.ne1.yahoo.com via HTTP; Fri, 19 Sep 2014 12:24:31 PDT
X-Rocket-MIMEInfo: 002.001, IAo.QSBkaXJlY3RlZCBicm9hZGNhc3QgcGluZyBvbiBJUHY0IGdpdmVzIHByZXR0eSBtdWNoIHRoZSBzYW1lIHJlc3VsdC4KPkRpZCB5b3UgdGVzdCB0aGUgZWZmZWN0cyBvZiB0aGF0ID8KCkkgaGFkIG5vdC4gIEJ1dCwgc2luY2UgeW91IG1lbnRpb25lZCBpdCwgSSBkaWQgaXQgb24gdHdvIGRpZmZlcmVudCBXaW5kb3dzIG1hY2hpbmVzLiAgVGhlIG9uZSB0aGF0IGlzIHRoZSBzZXJ2ZXIgaW4gcXVlc3Rpb24gaGFkIHRoZSBmb2xsb3dpbmcgcmVzdWx0czoKCkM6XFVzZXJzXEFkbWluaXN0cmF0b3I.cGluZyABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.203.696
References: <201409191147.s8JBl1Fe016458@irp-lnx1.cisco.com> <CAPi140O_WkcS9uFCSK0+tVDF3Z1sB4_UF5Zv9kpNEMh7m94Vww@mail.gmail.com>
Message-ID: <1411154671.21942.YahooMailNeo@web125102.mail.ne1.yahoo.com>
Date: Fri, 19 Sep 2014 12:24:31 -0700
From: Nalini Elkins <nalini.elkins@insidethestack.com>
To: Andrew 👽 Yourtchenko <ayourtch@gmail.com>, "draft-elkins-v6ops-multicast-virtual-nodes@tools.ietf.org" <draft-elkins-v6ops-multicast-virtual-nodes@tools.ietf.org>
In-Reply-To: <CAPi140O_WkcS9uFCSK0+tVDF3Z1sB4_UF5Zv9kpNEMh7m94Vww@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-559651860-586533891-1411154671=:21942"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/eWEBuKCspQ9GTmKINxqIKG4slc0
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] new draft: draft-elkins-v6ops-multicast-virtual-nodes
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Nalini Elkins <nalini.elkins@insidethestack.com>
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2014 19:24:35 -0000

 
>A directed broadcast ping on IPv4 gives pretty much the same result.
>Did you test the effects of that ?

I had not.  But, since you mentioned it, I did it on two different Windows machines.  The one that is the server in question had the following results:

C:\Users\Administrator>ping x.x.x.255

Pinging x.x.x.255 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for x.x.x.255:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Arp cache was not updated.   I did a packet trace in the background and indeed no ICMP replies were seen.   

I did the same ping x.x.x.255 on one of my client PCs and saw:

Pinging x.x.x.255 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

But this time the packet trace showed that actually ICMP replies were sent.

>Of course, private VLANs or (if we are talking VMs) or just using p2p
>links with /128s would help this in the environments where the hosts
>can not be trusted - and this of course is not virtual/physical
>specific.

Yes.  We wanted to bring up the topic of isolation of nodes for discussion.

>If we're talking specifically virtual environment, here's an approach
>on how to use ebtables to isolate the hosts:

>ebtables -P FORWARD DROP
>ebtables -F FORWARD
>ebtables -A FORWARD -i $uplinkPort -j ACCEPT # let the traffic flow
>from uplink to any ports
>ebtables -A FORWARD -o $uplinkPort -j ACCEPT # let the traffic flow
>from any ports to uplink

>(source:http://serverfault.com/questions/388544/is-it-possible-to-enable-port-isolation-on-linux-bridges)

I think this is very good.  But, unfortunately not very well known.   Also, is this possible for all platforms or just Linux?

>So looks like the question at hand is:

>"Should IPv6 nodes respond to Ping to FF0x::1?"

>Which can be rephrased differently to ease the start of the discussion:

>"What are the legitimate uses of a ping to ff0x::1 ?"

>Right ?

Yes.

--a


On 9/19/14, fred@cisco.com <fred@cisco.com> wrote:
> A new draft has been posted, at
> http://tools.ietf.org/html/draft-elkins-v6ops-multicast-virtual-nodes.
> Please take a look at it and comment.
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email