Christian --
I sent a note a while ago while the mip list was
suffering melt down which brought up two other
issues with RPF checks. The first one is that
stationary hosts behind a mobile router would
naively place their home address in the source and
assumedly fail RPF checks as well. The second
thing I brought up is that an RSVP reservation in
the direction of MN->CN on a change of CoA would
require that the filterspec for the reservation be
propogated clear back to CN rather than the
converging locally as you would hope for.
For these reasons, I think that it is worth
considering whether the Home Address destination
option and most especially RPF checks as currently
constituted are such a great idea. There is,
perhaps, the larger issue of host identity to
consider as well.
Mike
Christian Huitema writes:
> This conversation originated in Sigtran, but this is really about the
> IPv6 routing architecture, so I bring it to IPNGWG. The initial context
> was the handling of a site with multiple "6to4" routers.
>
> > From: Vladislav Yasevich [mailto:[EMAIL PROTECTED]]
> >...
> > However, I still don't see a need for a special address for
> > 6to4 routers. The DSTM mechanism can provide the TEP and
> > it might as well provide the 6to4 address of the router (not
> > any speciall address).
>
> If there is a need, this need is independent of 6to4. It relates to
> "egress control" and v6 multi-homing. Suppose that a site is
> multi-homed. Each station gets several IPv6 addresses. For a given TCP
> connection, it picks one of them as source addresses. As packets are
> sent, the egress router is chosen as a function of the destination
> address, independent of the source address. This means that we can see
> packets flowing through ISP-A, using a source address allocated by
> ISP-B.
>
> The only problem with that is, what happens if ISP-A, in the name of
> protection against source-address spoofing, rejects these packets?
>
> -- Christian Huitema
>
> > May be DSTM might be extended to privide multiple TEPs and
> > let the implementation choose one (or cycle through them)?
> > Just a thought. This way we don't have to reserve a speciall
> > address.
> >
> > -vlad
> >
> > George Tsirtsis wrote:
> > >
> > > -----Original Message-----
> > > From: Christian Huitema [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, March 23, 2001 10:50 AM
> > > To: [EMAIL PROTECTED]
> > > Cc: Vladislav Yasevich; George Tsirtsis; NGTRANS List
> > > Subject: RE: (ngtrans) Sites with multiple 6to4 border routers
> > >
> > > > >> I believe that's what Brian Carpenter, Tony Hain, and Dave
> Thaler
> > > were
> > > > >> saying the meeting. You have to use a globaly IPv4 address to
> > > > >> create a 6to4 prefix. I don't beleave you can assign the same
> IPv4
> > > > >> address to 2 independent devices...
> > > > >Uh? There is nothing impossible there. Suppose that we have a
> > > > >multi-homed site that connects to the Internet through multiple
> > > routers,
> > > > >both of which advertise the same IPv4 prefix, say 123.123.1/23.
> > > >
> > > > i guess you are talking about different thing from Vladislav
> > > said:
> > > >
> > > > > /-------\ /------
> > > > > | | +-+ |
> > > > > | +-+A+---------------+
> > > > > | | +-+ |
> > > > > | Site | | Internet
> > > > > | | +-+ |
> > > > > | +-+B+---------------+
> > > > > | | +-+ |
> > > > > \-------/ \-----
> > >
> > > No. When I say that "It is quite natural to reserve a single IPv4
> > > address for the 6to4 routing service", I mean that A and B both use
> > > 2002:xxxx:xxxx::/48; both A and B use x.x.x.x. They advertise
> different
> > > addresses in the IPv6 cloud; they advertise the same IPv4 prefix
> (say
> > > x.x.x/24) to the Internet; the routing of outward bound packets is
> > > determined by IPv6 routing inside the site, e.g. RIPng; the routing
> of
> > > packets from the Internet is determined by Internet routing
> protocols
> > > (e.g. BGP).
> > >
> > > GT> Indeed! The requirement for 2 or more 6to4 gates to be able to
> use
> > the
> > > same 6to4 prefix is that they advertise the same ipv4 prefix in the
> IPv4
> > > Internet. Up to now it has been assumed that they only advertise a
> > single
> > > IPv4 address but this is clearly not necessary.
> > >
> > > GT> In this case, mechanisms that require outgoing and incoming
> paths to
> > be
> > > using the same 6to4 gate could make use of Alain's 6to4 designated
> > address.
> > >
> > > George
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page: http://playground.sun.com/ipng
> FTP archive: ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
