Eric Klein wrote: > I have just noticed that this topic seems to be going on simutaniously > on both the IPv6 and v6OPS mailing lists. > > The two threads are not coordinated, but both seem very concerned with > IPv6 Type 0 Routing Header issues. [..] > It concerns me that the two teams are working seperatly to solve the > same issue.
You misunderstand. These are two separate groups, although some members of them fall under both groups and participate in both. Which is a good thing as without one the other doesn't exist and vice versa, thus feed back from both into both is very important. Unfortunately not everybody can participate in both as some people have networks to run etc ;) To make it a bit clearer: The [EMAIL PROTECTED] list is for IPv6 Operational matters. This list contains folks who have actual have "enable" or "root" on the network routers around the globe and who can take immediate effect on their workings. As such these people have fortunately, where possible, already taken action to resolve this issue by filtering out Routing Header Type 0 from propagating through their networks. Most of them are awaiting a fix from Juniper though, to resolve it for those routers which actually comprise the largest amount of the IPv6 backbones. These people operating them do this for the benefit of their own organization and thus take their decisions based on the simple metric: does it impact revenue or my operating of the network. As it does pose a danger it is a simple equation to resolve it. The general consensus in this community seems to be to filter out IPv6 Routing Headers of Type 0 completely. The only argument raised by some is that it is useful for 'reverse traceroute', but as that doesn't work when a network properly does uRPF (which it should be doing!) this is far from useless in most cases anyway. uRPF in general makes RH0 completely useless anyway. Having uRPF enabled in most cases mitigates this attack already perfectly fine. Unless of course folks have defaults pointing both ways or the RH0 path is following the correct interface direction. Hard but possibly doable. The [email protected] list is for the standardization of the IPv6 protocol. Here is specified how those routers should behave, what the packet data should/must look like etc. There are a lot of different people from a lot of different backgrounds all with different interests in this group, as such, as they don't all have the same goal, not all can be satisfied in one go, unlike the operators who run their network for profit, and consensus have to be reached first amongst all the parties for this to be resolved. Although this group defines the initial RFC, the Operators, next to the Vendors, actually implement them. The standard in the end thus is actually what both groups together come up with. As IPv6 is not a standard yet, we'll just have to write a draft to amend the current IPv6 RFC to resolve this issue. All that said though, as the Operative community is already mostly filtering out RH0, there seems to be little options left where RH0 still is useful... Greets, Jeroen
signature.asc
Description: OpenPGP digital signature
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
