IETF Logo Mail Archive

Re: [v6ops] [homenet] Tsinghua work on source/destination routing

Owen DeLong <owen@delong.com> Fri, 08 November 2013 02:44 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D90521F9CA5; Thu, 7 Nov 2013 18:44:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.149
X-Spam-Level:
X-Spam-Status: No, score=-2.149 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbA25ofl3BjO; Thu, 7 Nov 2013 18:44:21 -0800 (PST)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 33AEE11E815E; Thu, 7 Nov 2013 18:44:04 -0800 (PST)
Received: from [172.20.72.215] (63-235-172-7.dia.static.qwest.net [63.235.172.7]) (authenticated bits=0) by owen.delong.com (8.14.2/8.14.2) with ESMTP id rA82g25L013739 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 7 Nov 2013 18:42:08 -0800
X-DKIM: Sendmail DKIM Filter v2.8.3 owen.delong.com rA82g25L013739
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=delong.com; s=mail; t=1383878531; bh=/hcgWLX/FyNGeFMpZeF8Wf+gEgo=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Message-Id:References:To; b=z3P5whR+oUL0EpAWKigfrNXryd64FqdSgwPD0dpLGUzMSqCNy6r1wzlG0QrMHQraZ Pq1Wp/2ApWgeHboCjup5Cr+dNlxcG6xI7jF+74HJO43fLGXzKjvSy3FSXRR3EEAmKN 5WRZNQv59sZrpVG+9oyDpdV/u52pyhQLwkqTrUXM=
Content-Type: multipart/alternative; boundary="Apple-Mail=_83FE3C79-55CD-4723-AE10-8E286E15210D"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAJE_bqdJkwiYRrQGAtuhkaPOMFwPM=CHQbQXZBH7_swAKPJ6xA@mail.gmail.com>
Date: Thu, 07 Nov 2013 18:42:02 -0800
Message-Id: <3447189B-394A-429E-A24B-29E6791B9109@delong.com>
References: <F7C18630-1964-4AFD-8549-559D7582B114@cisco.com> <CAFU7BAQT=+B==8pvOYSsWnCvcMEVzy2nh8dAZZXHzYjwmedRpg@mail.gmail.com> <CAJE_bqfU8C+Tc2rQCZ=vpmfTDdOiGz-sd-G4QNBpHdwXDz9bqQ@mail.gmail.com> <27F73F5B-6095-43E1-ADBE-2E05E8071E3F@cisco.com> <CAJE_bqdJkwiYRrQGAtuhkaPOMFwPM=CHQbQXZBH7_swAKPJ6xA@mail.gmail.com>
To: 神明達哉 <jinmei@wide.ad.jp>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0rc1 (owen.delong.com [192.159.10.2]); Thu, 07 Nov 2013 18:42:11 -0800 (PST)
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>, Routing WG <rtgwg@ietf.org>
Subject: Re: [v6ops] [homenet] Tsinghua work on source/destination routing
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 02:44:28 -0000

>> to ensure that the packet is not repeated by a broken router (apart
>> from protocols that ask to have it set to 255 and have the receiving
>> host check for that value). Also, upstream network's BCP 38
> 
> I'd note, from purely architectural point of view, that it's totally
> valid a packet that has a link-local address is forwarded, as long as
> the packet remains in the originating link zone.  That would be a very
> unlikely case in practice, but can still happen, e.g., when a host
> sends all packets to a router, expecting the router to forward it back
> to the same link toward the destination.  RFC 4007 mentions such
> cases.

That is not correct…

RFC 4291 says:

2.5.6.  Link-Local IPv6 Unicast Addresses

   Link-Local addresses are for use on a single link.  Link-Local
   addresses have the following format:

   |   10     |
   |  bits    |         54 bits         |          64 bits           |
   +----------+-------------------------+----------------------------+
   |1111111010|           0             |       interface ID         |
   +----------+-------------------------+----------------------------+

   Link-Local addresses are designed to be used for addressing on a
   single link for purposes such as automatic address configuration,
   neighbor discovery, or when no routers are present.

   Routers must not forward any packets with Link-Local source or
   destination addresses to other links.

It is quite clear that a packet with a link-local address in either field MUST not be forwarded.

>> implementation sounds suspect, and I'm with Jen in wondering why a
>> router forwarded the packet in the first place.
> 
> It's not surprising to me since the source address is not needed as
> long as routing decision is only made based on the destination
> address.  I noticed one popular router vendor didn't implement this
> restriction of RFC 4007 correctly many years ago and even reported it
> to the vendor, but (assuming it's still not fixed) just being "non
> compliant" is probably not convincing enough for them to introduce
> additional overhead in their forwarding logic.

It's surprising to me and it means that the router is, by definition, not compliant with RFC 4291, ergo, the router is broken.

Owen

v2.23.0 | Report a Bug | By Email