headers
Shin Miyakawa | 1 Jul 2008 03:20
Picon
Favicon

Re: new draft on IPv6 CPE router available for review

Hello,

I have a comment on the transfered message by Wes,

> From: Mikael Abrahamsson [mailto:swmike@...] 
>
>
> In section 5.3 I would definitely like a CPE to work without having a
> WAN address (link local only). 

Actually, this does not work if a CPE use the strong host model implementation
describing in RFC1122 or STD3 : Requirements for Internet Hosts - Communication Layers.

> The rationale behind this is that we would like ISP routers have IPs 
> in a core IP-range (which will be protected from DDOS by ratelimiters or filters) 
> and have customers in their own IP space. 
> The handoff between distribution and CPE should be
> done via something that is not reachable from the internet, ie the CPE
> should never source packets from its WAN IP, instead it should source
> packets destined to the internet from a loopback IP which it should
> allocate to itself from DHCPv6-PD (it could also be a LAN interface IP).
> So behavior would be "get link-local working, do DHCPv6-PD, allocate IP
> to itself from PD range, then use THAT to provision itself further and
> to communicate with everything".

Originally, when we wrote RFC4241 (A Model of IPv6/IPv4 Dual Stack Internet 
Access Service) to start our IPv6/v4 dual stack native ADSL service, 
we also thought about same thing. So we can understand Mikael's will too.

But now Microsoft Vista and Windows 2008 IPv6 implementation are based on
(Continue reading)

Permalink | Reply | 79 comments |
headers
Internet-Drafts | 1 Jul 2008 07:45
Picon
Favicon

I-D Action:draft-ietf-v6ops-ra-guard-00.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 Operations Working Group of the IETF.

	Title           : IPv6 RA-Guard
	Author(s)       : G. Van de Velde, et al.
	Filename        : draft-ietf-v6ops-ra-guard-00.txt
	Pages           : 9
	Date            : 2008-06-30

When using IPv6 within a single L2 network segment it is neccesary to
ensure that all routers advertising their services within it are
valid.  In cases where it is not convinient or possible to use SeND
[RFC3971] a rogue Router Advertisement (RA) [RFC4861] could be sent
by accident due to misconfiguraton or ill intended.  Simple solutions
for protecting against rogue RAs are beneficial in complementing SeND
in securing the L2 domain for ceratin types of devices or in certain
transitional situations.
This document proposes a solution to reduce the threat of rogue RAs
by enabling layer 2 devices to forward only RAs received over
designated ports.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-ra-guard-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mikael Abrahamsson | 1 Jul 2008 08:53
Picon
Favicon

Re: new draft on IPv6 CPE router available for review

On Tue, 1 Jul 2008, Shin Miyakawa wrote:

> to terminate the IPv6 uplink by itself, so from practical point of view, 
> we strongly recommend to assign a global IPv6 address.

Well, my personal opinion is that this makes Vista unfit to be a IPv6 CPE. 
We cannot adjust IPv6 address policy just because of certain design 
decisions on behalf of Microsoft.

It is my belief that customers (at least in the market I am in) will need 
to have a small CPE that is not an end host, and this is what the draft 
should be aimed at. Advocating PPP is also a very bad idea as this cements 
the use of LAC/LNS and tunneling, which is a really bad idea for future 
multicast use, as well as being more expensive than necessary.

My idea of a good IPv6 service is one that is purely IPv6 over ethernet, 
optionally with 1-2 q tags or mac-in-mac in the ISP part of the network, 
but definitely not involving PPP or L2TP anywhere in the path.

At least, how can we make the draft comply so that what I would like to do 
doesn't violate any draft? I can understand if both options are in there, 
but making my proposal a draft violation seems like a bad idea, as we both 
seem to agree that it's the proper thing to do?

--

-- 
Mikael Abrahamsson    email: swmike@...
Permalink | Reply | 78 comments |
headers
Shin Miyakawa | 1 Jul 2008 09:46
Picon
Favicon

Re: new draft on IPv6 CPE router available for review

Mikael,

> > to terminate the IPv6 uplink by itself, so from practical point of view, 
> > we strongly recommend to assign a global IPv6 address.
> 
> Well, my personal opinion is that this makes Vista unfit to be a IPv6 CPE. 

fmmm.

> We cannot adjust IPv6 address policy just because of certain design 
> decisions on behalf of Microsoft.

I use that Vista is just as one example.
The Strong Host Model is defined in RFC1122 or STD3. That's a standard.

best wishes,

Shin Miyakawa
Permalink | Reply | 8 comments |
headers
Mikael Abrahamsson | 1 Jul 2008 09:51
Picon
Favicon

Re: new draft on IPv6 CPE router available for review

On Tue, 1 Jul 2008, Shin Miyakawa wrote:

> I use that Vista is just as one example. The Strong Host Model is 
> defined in RFC1122 or STD3. That's a standard.

But if it's a router (which I think is what is needed for a IPv6 CPE) then 
it should be able to act as one, and use loopback interfaces to source 
traffic.

So if MS is serious about Vista being capable of acting a router/home 
gateway, then they should include capabilties needed for such a device. 
Sourcing traffic from loopback interfaces is important for a router.

--

-- 
Mikael Abrahamsson    email: swmike@...
Permalink | Reply | 7 comments |
headers
Shin Miyakawa | 1 Jul 2008 10:03
Picon
Favicon

Re: new draft on IPv6 CPE router available for review

Mikael,

Let us forget about how Microsoft is doing :-)

> > I use that Vista is just as one example. The Strong Host Model is 
> > defined in RFC1122 or STD3. That's a standard.
> 
> But if it's a router (which I think is what is needed for a IPv6 CPE) then 
> it should be able to act as one, and use loopback interfaces to source 
> traffic.

Even in this case, some software which is going to send a packet to the network
from CPE, according to RFC3484 "Default Address Selection for IPv6",
there is a certain reason why the WAN I/F's IP address should be used as
its source address like follows.

   ---------------- from RFC3484 ----------------
   It is RECOMMENDED that the candidate source addresses be the set of
   unicast addresses assigned to the interface that will be used to send
   to the destination.  (The "outgoing" interface.)  On routers, the
   candidate set MAY include unicast addresses assigned to any interface
   that forwards packets, subject to the restrictions described below.

      Discussion:  The Neighbor Discovery Redirect mechanism [14]
      requires that routers verify that the source address of a packet
      identifies a neighbor before generating a Redirect, so it is
      advantageous for hosts to choose source addresses assigned to the
      outgoing interface.  Implementations that wish to support the use
      of global source addresses assigned to a loopback interface should
      behave as if the loopback interface originates and forwards the
(Continue reading)

Permalink | Reply | 6 comments |
headers
Mikael Abrahamsson | 1 Jul 2008 10:16
Picon
Favicon

Re: new draft on IPv6 CPE router available for review

On Tue, 1 Jul 2008, Shin Miyakawa wrote:

> Even in this case, some software which is going to send a packet to the network
> from CPE, according to RFC3484 "Default Address Selection for IPv6",
> there is a certain reason why the WAN I/F's IP address should be used as
> its source address like follows.
>   ---------------- from RFC3484 ----------------
>   It is RECOMMENDED that the candidate source addresses be the set of
>   unicast addresses assigned to the interface that will be used to send
>   to the destination.  (The "outgoing" interface.)  On routers, the
>   candidate set MAY include unicast addresses assigned to any interface
>   that forwards packets, subject to the restrictions described below.

What is the reason for this recommendation?

--

-- 
Mikael Abrahamsson    email: swmike@...
Permalink | Reply | 5 comments |
headers
Shin Miyakawa | 1 Jul 2008 10:26
Picon
Favicon

Re: new draft on IPv6 CPE router available for review

From: Mikael Abrahamsson <swmike@...>
Subject: Re: new draft on IPv6 CPE router available for review
Date: Tue, 1 Jul 2008 10:16:45 +0200 (CEST)

> On Tue, 1 Jul 2008, Shin Miyakawa wrote:
> 
> > Even in this case, some software which is going to send a packet to the network
> > from CPE, according to RFC3484 "Default Address Selection for IPv6",
> > there is a certain reason why the WAN I/F's IP address should be used as
> > its source address like follows.
> >   ---------------- from RFC3484 ----------------
> >   It is RECOMMENDED that the candidate source addresses be the set of
> >   unicast addresses assigned to the interface that will be used to send
> >   to the destination.  (The "outgoing" interface.)  On routers, the
> >   candidate set MAY include unicast addresses assigned to any interface
> >   that forwards packets, subject to the restrictions described below.
> 
> What is the reason for this recommendation?

Let's wait for the RFC author's answer :-)

Shin Miyakawa
Permalink | Reply | 0 comments |
headers
Remi Denis-Courmont | 1 Jul 2008 11:36

Re: new draft on IPv6 CPE router available for review


On Mon, 30 Jun 2008 13:14:22 -0400, "Wes Beebee (wbeebee)"

<wbeebee@...> wrote:

> Please review this draft.

>  

> http://www.ietf.org/internet-drafts/draft-wbeebee-ipv6-cpe-router-00.txt

Section 6.1 seems to be a reinvention of RFC4605. I am also confused as to

how multicast should be forwarded (or not) between the multiple LAN

interfaces, if there are more than one.

Also, IMHO, the document lacks (adequate) guidance on the chaining of CPEs.

This is a real life problem, which in IPv4 is typically "solved" through

layering of NATs. It might not be wise to ignore the issue in IPv6. I guess

one solution is to have the CPE revert to bridging (but loops may occur),

while another solution is to _mandate_ support for prefix sub-delegation.

--

-- 

RĂ©mi Denis-Courmont
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ole Troan | 1 Jul 2008 12:28
Favicon

Re: new draft on IPv6 CPE router available for review

>> Even in this case, some software which is going to send a packet to the
>> network
>> from CPE, according to RFC3484 "Default Address Selection for IPv6",
>> there is a certain reason why the WAN I/F's IP address should be used as
>> its source address like follows.
>>  ---------------- from RFC3484 ----------------
>>  It is RECOMMENDED that the candidate source addresses be the set of
>>  unicast addresses assigned to the interface that will be used to send
>>  to the destination.  (The "outgoing" interface.)  On routers, the
>>  candidate set MAY include unicast addresses assigned to any interface
>>  that forwards packets, subject to the restrictions described below.
>
> What is the reason for this recommendation?

increased chance of path symmetry for one.
check the ipng thread from 1999 "simple source address selection".
e.g Message-Id: 	<v04204e00b34e3e78cc17 <at> [171.69.116.90]>

if an implementation handles unnumbered links (links without global
addresses) or loopback interfaces then it has to implement the
semi-strong or weak host model. are there router implementation which
implements the strong host model?

/ot
Permalink | Reply | 3 comments |

Gmane