Re: [76attendees] Rogue IPv6 RA

To: Arifumi Matsumoto <arifumi at nttv6.net>
Subject: Re: [76attendees] Rogue IPv6 RA
From: Erik Kline <ek at google.com>
Date: Tue, 10 Nov 2009 02:27:12 +0000
Cc: Yuji Sekiya <sekiya at wide.ad.jp>, ipv6 at ietf.org
Delivered-to: ipv6 at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1257820035; bh=nfX76JUs222Y1v0kb8SoiDtM3w4=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=EKei0+muVQb5dS2e/hA6CnXEVB6oi8gvYfBT1UaSE8dm9f6eSD9wFMiuE7xwbina+ 2+4dyn+9MhkQ60giJk33w==
Domainkey-signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:content-transfer-encoding:x-system-of-record; b=oEVaE3dQSA20vxR0aHDo6VK5N1KlClJkX/Qr8OTPj4q9b8EPMZy7yem0gVfY/Hz26 fFFKjdXxyWpGLEsUOahbw==
In-reply-to: <8447CD11-7EAB-44A6-BF0B-EC9A92ADD24D at nttv6.net>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <m24op4b94l.wl%sekiya at wide.ad.jp> <66346671-3773-4A08-94CB-7A777C105631 at nttv6.net> <m2my2w9dda.wl%sekiya at wide.ad.jp> <9EC1CCE4-CB5C-4491-8339-A1497475A1D7 at nttv6.net> <2e8c64260911091743u2f33241h5988f3a97f80814a at mail.gmail.com> <8447CD11-7EAB-44A6-BF0B-EC9A92ADD24D at nttv6.net>

2009/11/9 Arifumi Matsumoto <arifumi at nttv6.net>:
> Erik,
>
> On 2009/11/10, at 10:43, Erik Kline wrote:
>
>>> If the latter paragraph only should be executed, the address given
>>> by rogue RA remains, right ?
>>
>> My reading would be that on receipt of a 0-lifetime RA that only the
>> second paragraph would be executed (lifetime timeout).
>
> Second to that.
>
>>  However, all
>> hosts receiving the 0-lifetime RA would then have to recompute the
>> next-hop, which in /some/ cases may require sending a RS (which the
>> rogue RA node would presumably hear and re-answer).  (Of course I
>> haven't verified this against any implementation :)
>
> I fail to get your point.
> Requiring sending a RS leads to ... ?
>
> Even if that RS fails, it does not have any effect on the given
> addressby rogue RA, right ?
>
>

I was contemplating the case where you might want to run a
rogue-ra-killer on a node that listens for RAs, knows which one are
valid, and sends 0-lifetimes for all the rogues.  My point was that if
a node decides it needs to re-RS then the rogue RA node probably
continues to reply (as does the rogue-ra-killer).  Maybe this doesn't
actually happen though because most/all nodes would have also received
the valid RA and would just update next-hop information using that
data.

Just me speculating idly on a weird situation...
-Erik

References:
- Re: [76attendees] Rogue IPv6 RA
  - From: Arifumi Matsumoto
- Re: [76attendees] Rogue IPv6 RA
  - From: Erik Kline
- Re: [76attendees] Rogue IPv6 RA
  - From: Arifumi Matsumoto

Prev by Date: Re: 6MAN WG Last Call: <draft-ietf-6man-text-addr-representation-01.txt>
Next by Date: DVI <-> VGA dongle
Previous by thread: Re: [76attendees] Rogue IPv6 RA
Next by thread: Need Minute Taker
Index(es):
- Date
- Thread

Re: [76attendees] Rogue IPv6 RA

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.