Re: Thoughts on address selection

To: Fred Baker <fred at cisco.com>
Subject: Re: Thoughts on address selection
From: Pekka Savola <pekkas at netcore.fi>
Date: Tue, 10 Nov 2009 08:25:07 +0200 (EET)
Cc: draft-ietf-6man-addr-select-sol at tools.ietf.org, draft-ietf-6man-addr-select-considerations at tools.ietf.org, IETF IPv6 Mailing List <ipv6 at ietf.org>, draft-arifumi-6man-addr-select-conflict at tools.ietf.org
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <F25A2D83-2504-4354-90BB-4CD2B0D3D743 at cisco.com>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <F25A2D83-2504-4354-90BB-4CD2B0D3D743 at cisco.com>
User-agent: Alpine 2.00 (LRH 1167 2008-08-23)

On Tue, 10 Nov 2009, Fred Baker wrote:

The simplest solution to (3), if my machine is in an administrative domainfacing an ISP, is to have my DMZ router perform the BCP 38 filter before thedatagram reaches the ISP, and in the failure case reply with some form ofICMP message that says "routing took your datagram to an egress into the ISPwith prefix <mumble>; select an address in prefix <mumble>". That will givethe host the opportunity to select the correct address to traddle ingressfiltering reliably.

Just as a comment: the router might not know why it's doing BCP 38filtering and what the right prefix is. So it's more general andeasier to just say "you're using a wrong source address, try somethingelse" (e.g., if a packet is coming from a source address that's"directly connected" or otherwise do a silent discard.


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Thoughts on address selection
  - From: Fred Baker

Prev by Date: ECMP and flow label
Next by Date: Re: comments on draft-kohno-ipv6-prefixlen-p2p-00.txt
Previous by thread: Re: Thoughts on address selection
Next by thread: RE: Thoughts on address selection
Index(es):
- Date
- Thread

Re: Thoughts on address selection

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.