[v6ops] draft-ietf-v6ops-ipv6rtr-reqs: ICMP considerations

Fernando Gont <fgont@si6networks.com> Tue, 06 March 2018 01:51 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13680124217 for <v6ops@ietfa.amsl.com>; Mon, 5 Mar 2018 17:51:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rg3iUW6tpd4y for <v6ops@ietfa.amsl.com>; Mon, 5 Mar 2018 17:51:00 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8D76127286 for <v6ops@ietf.org>; Mon, 5 Mar 2018 17:51:00 -0800 (PST)
Received: from [192.168.3.68] (unknown [186.138.211.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 8093D86367; Tue, 6 Mar 2018 02:50:58 +0100 (CET)
To: "v6ops@ops.ietf.org" <v6ops@ietf.org>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <8cee137e-9f24-d816-2424-9fc4b7a5f35b@si6networks.com>
Date: Mon, 05 Mar 2018 22:38:58 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/zj2WnkM9PReuYsOufzTAI9aRJBc>
Subject: [v6ops] draft-ietf-v6ops-ipv6rtr-reqs: ICMP considerations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2018 01:51:02 -0000

Folks,

Couple of comments:

>    Internet Control Message Protocol (ICMP) is described in [RFC0792]
>    and [RFC4443].  ICMP is often used to perform a traceroute through a
>    network (normally by using a TTL expired ICMP message), for Path MTU
>    discovery, and, in IPv6, for autoconfiguration and neighbor
>    discovery.  ICMP is often blocked by middleboxes of various kinds
>    and/or ICMP filters configured on the ingress edge of a provider
>    network, most often to prevent the discovery of reachable hosts and
>    network topology.

I don't disagree with this comment. Although I'd say that because of
rate-limiting it's more reliable to fire TCP segment for network recon
(e.g., by TCP dstport=80, and wait for SYN/ACK or RST).


  Routers implementing IPv6:
> 
>    o  Should rate limit the generation of ICMP echo and echo responses
>       by default (for instance, using a token bucket method as described
>       in [RFC4443]).  The device should support the configuration of not
>       generating ICMP echo and echo response packets to prevent topology
>       discovery.

I'd s/topology discovery/node discovery/

Me, I'd associate *Time Exceeded Message* (traceroute) with topology
discovery.

Thanks!

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492