Pekka,
Pekka Savola wrote:
On Tue, 29 Oct 2002, JINMEI Tatuya / [ISO-2022-JP] 神明達哉 wrote:
(Note: this message is not directly related to the main point of this
thread.)
On Tue, 29 Oct 2002 08:51:12 +0200 (EET),
Pekka Savola <[EMAIL PROTECTED]> said:
I'm not even sure if we could get addrarch to draft standard, have folks
implemented these two:
--8<--
Routers must not forward any packets with site-local source or
destination addresses outside of the site.
--8<--
None of the implementations I use certainly haven't, and this has been
around for a time now, even since RFC1884..
KAME can do this.
I have implemented it as well.
Note that KAME only supports this through manual configuration (and a
fix) -- clarified in off-the-list discussion.
To be compliant with the paragraph:
Routers must not forward any packets with site-local source or
destination addresses outside of the site.
Note: it does not say 'packets from the site' (implying configuration of
the site) but 'with site-local source'. That strongly implies explicit
configuration will not satisfy.
I don't read it that way at all. I interpret that to mean, if the
router is configured as a site-border router it must not forward those
packets out of the site.
The behavior is as defined in Section 5 of the scoped addr arch which
is all interfaces are in the same site, unless explicitly configured
by an administrator.
I expect an implementation must automatically, without any configuration,
drop e.g. packets received under the following steps:
1) a router is configured to advertise a site-local prefix
2) a node configures a site-local address and starts sending out traffic
3) router drops it or forwards it (using some logic).
Or even:
1) node just blindly configures fec0::1 and starts sending traffic using
it, testing how far it will go.
A valid scenario here could be that site-locals would be used inside one
link only -- no config at all in the router -- but the route must disallow
propagation of site-locals through default route if something fails.
That does not follow from the discussion in scoped addr arch. Of
course, this should be clarified in addr arch when we decide on the
SL content of that document.
You may ask: how is this possible? we don't have any site-border
discovery mechanisms?
I say: exactly, that's why the paragraph is so ridiculous!
The only easy and compliant implementation I could think of would be
discarding all site-locals unless some links are explicitly configured to
be part of a site.
From the discussion I have read, it seems that it would be more that
we are assuming that all interfaces are in the same site unless
explicitly configured.
Brian
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
