Mališa Vučinić <[email protected]> wrote: > At the interim today, we discussed the need of tagging join traffic at > the Join Proxy (JP). The problem is that JP forwards into the network > traffic that originates from untrusted pledges, which can cause the > exchange of 6P commands at intermediate nodes on the path from JP to > 6LBR.
> A malicious pledge is therefore able to affect scheduling of
> intermediate nodes in the network which could potentially result in
> resource exhaustion. A bandwidth cap at JP, that is currently
> recommended in minimal-security draft, limits but doesn’t completely
> solve the problem. An attacker with access to multiple JPs could inject
> enough traffic to disturb the network.
> Pascal proposed using ToS bits in the IPv6 header to tag join
> traffic. As part of the JP behavior in minimal-security draft, we would
> specify that each forwarded packet must be tagged. Then, it would be up
> to individual SFs to determine what to do with this traffic.
To be specific, I think that the JP should set the DSCP bits in the packet
as per rfc2597 section 6, we want AF43 (0b100110).
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
