Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

To: IETF IPv6 Mailing List <ipv6 at ietf.org>
Subject: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
From: james woodyatt <jhw at apple.com>
Date: Thu, 26 Apr 2007 17:17:54 -0700
In-reply-to: <017601c78856$6d2b7cc0$47827640$@net>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IP Version 6 Working Group $ipv6$" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <462D4706.4000504@spaghetti.zurich.ibm.com> <462E7AB4.3050807@piuha.net> <m2mz0xp6je.wl%gnn@neville-neil.com> <20070425093402.A30586@mignon.ki.iif.hu> <20070425141336.E95D522875@thrintun.hactrn.net> <462F7005.50700@sri.com> <CE11116E-DF68-481D-AB30-E592C339CEFB@nokia.com> <46307C0E.9060809@zurich.ibm.com> <017601c78856$6d2b7cc0$47827640$@net>

On Apr 26, 2007, at 15:58, Tony Hain wrote:

As I said on V6ops, before you kill this off too quickly, James Woodyatt's proxy redirection is a perfect example of a valid use for Type 0 Routing Headers. He wants the firewall to redirect traffic through a designated point (what this header was designed to do), and the only hammer at his immediate disposal was IPv6/IPv6 nat. What I don't know is if the firewall can insert one that did not exist, because the source wouldn't know about his 'transparent' proxy.

I should make clear that I'm not persuaded that use of the routing extension header gives me a way to do what I've been talking about in both V6OPS and BEHAVE. Moreover, I *really* don't think RH type code **ZERO** is a better hammer than simple IPv6 NAT. (Oh boy... I've just whacked another beehive, haven't I?)

For my immediate purposes, where I only need to redirect inside the routing node between the packet filter and the node's own stack, I can probably define my own internal routing extension header type code. In fact, since the packets aren't going anywhere on the wire, I could just dispense with the extension header altogether and just overwrite the destination address in the IPv6 header while inserting an appropriate state record into the packet filter for the proxy to find. This will be functionally equivalent to using IPv6 NAT, and I'll be doing this in the code that implements the IPv4 NAT and SPI filter, but if it makes everyone feel more warm and fuzzy that no actual NAT is going on, I'll use another word for it. I wouldn't want anybody to lose more sleep.

Where the situation gets a lot more interesting is when the transparent application proxy is not resident on the same node as the filter where the diversion happens. That's where the routing extension header could be necessary. In that case, I still don't think type code *ZERO* is the wrong choice, because something must *remove* the extension header on the return path for the proxy to remain transparent.


--
j h woodyatt <jhw at apple.com>

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Follow-Ups:
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
  - From: james woodyatt

References:
- IPv6 Type 0 Routing Header issues
  - From: Jeroen Massar
- Re: IPv6 Type 0 Routing Header issues
  - From: Jari Arkko
- Re: IPv6 Type 0 Routing Header issues
  - From: George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues
  - From: Mohacsi Janos
- Re: IPv6 Type 0 Routing Header issues
  - From: Rob Austein
- Re: IPv6 Type 0 Routing Header issues
  - From: Ed Jankiewicz
- Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
  - From: Bob Hinden
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
  - From: Brian E Carpenter
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
  - From: Tony Hain

Prev by Date: RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
Next by Date: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
Previous by thread: RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
Next by thread: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
Index(es):
- Date
- Thread

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.