If the node behind the MR obtained its home address from the the mobile router's subnet, then the MN will use this as the source i.e. the MN's home subnet is the MR's subnet.
If the MN is homed from another subnet and is visiting MR's subnet and obtained a COA from the MR's subnet, then the MN will use the COA as the source.
Do you want to discuss care of subnets and address translation or do you want to just assume tunneling to the MRs?
With IPv6's plethora of addresses, I believe you could take your pick; though some might argue that the address translation is "immoral".
I honestly do not feel that way. Machines have no morality only abilities. It seems to me that routing machines could easily and should swap addresses when there is no need for ALG functionality.
Either way (tunneling or subnet translation), the topological correctness is still maintained.
Hope this helps.
Glenn
-----Original Message-----
From: Michael Thomas [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 17, 2001 10:59 AM
To: Thomas Eklund
Cc: Morrow, Glenn [RICH2:C330:EXCH]; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'
Subject: RE: Source addresses, DDoS prevention and ingress filtering
So I have a question about all of this:
What IP address does a stationary host behind a
mobile router put in the source address and how
did it come to know that address if it's not its
home address?
Mike
Thomas Eklund writes:
> Hi Glenn,
>
> > Again I wish to bring up that if a slave has been infected and a root
> > kit installed, any credentials on that node will likely be
> > available to
> > be used by the virus; therefore, any credentials used to pass any AAA
> > and have the ACL filter set up will be available to the root kit.
>
> Yes.
>
> >
> > So I still think we should mandate, at least as a BCP, topological
> > correctness on the source.
> This is how it is today with the home address option and a topological
> correct IPv6 src address.
>
> >
> > Does this make sense to you both?
>
> Yes.
>
> -- thomas
> >
> > Thanks,
> >
> > Glenn
> >
> >
> > -----Original Message-----
> > From: Thomas Eklund [ mailto:[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]> ]
> > Sent: Tuesday, April 10, 2001 8:39 AM
> > To: Morrow, Glenn [RICH2:C330:EXCH]; 'Pekka Nikander';
> > '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> > Subject: RE: Source addresses, DDoS prevention and ingress filtering
> >
> >
> > Hi Pekka,
> > It is an interesting topic you raise.
> >
> > I think though that our AAA v6 draft is a big step forward and would
> > like to
> > stress at a few points.
> >
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page: http://playground.sun.com/ipng
> FTP archive: ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
