Hi Hesham: In case that helps, we've found practical in some experimentations to allow a MR to autoconf addresses on its ingress interfaces, and install the associated connected routes. Note that if a MR listens to itself from a different interface, it will not install the prefix.
Anyway, once the router has installed autoconf'ed address, the result is that source addresses are always topologically correct. But of course there comes a new set of problems: - potential attacks by rogue routers - redistribution: if such a connected route is redistributed over MIP explicit prefix, then an attack may be propagated. If not, then ingress filtering at the HA will discard the packet. - multiple ingress interfaces Xconnected via wireless. Only one installs the connected route so the trick fails for other interfaces. Note that Nemo is a bit unclear about that ingress filtering at HA and I proposed some text recently that's not in draft 02. Pascal > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Soliman Hesham > Sent: jeudi 11 mars 2004 08:08 > To: Jari Arkko; Tim Chown; Mattias Pettersson L (KI/EAB) > Cc: [EMAIL PROTECTED] > Subject: RE: Multiple DRs on a link > > > > Right. In addition, the SEND WG had an issue about this as well, when > > they debated the semantics of prefixes in router certificates. (They > > decided to stick with the IPv6 RA semantics. That is, SEND hopes > > someone else, maybe multi6, will make it clearer what the rules are.) > > > > I have also seen the RFC 3484 rules, and I agree with others that > > they are somewhat vague. In any case, multi6 is already discussing > > this so eventually there will be a spec that will guide us. However, > > in any case when there are multiple routers with different prefixes > > on the same link, currently implemented IPv6 hosts may make the > > wrong decision. Certainly at least those nodes that predate RFC 3484. > > => I think even the nodes that implement 3484 may make the > wrong decision. The text that Alper sent is not "standards text" > and I suspect there are implementations (e.g. BSD) that don't > follow this. > > > > > But I have a question about the NEMO case. I had assumed that mobile > > routers move around and attach their egress interface to various > > place in the internet. And that their ingress interface serves > > a number of hosts, unaware of the movements. I don't see the > > default router selection as an issue in this scenario, as the > > hosts will stick to the same mobile router all the time, and > > the mobile router acts like a host on its egress interface. So > > if the visited link works for hosts, it should work for mobile > > routers. > > => The problem is when you have 2 MRs, each advertising a different > prefix (i.e. different home prefix). > > Hesham > > > > > But perhaps you are considering a situation where the ingress > > interface of two mobile routers may be shared, or that a mobile > > router's ingress interface may suddenly appear on some stationary > > network. If we allow this, there could be problems. Do we really > > need it? > > > > --Jari > > > > > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > [EMAIL PROTECTED] > > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 > > -------------------------------------------------------------------- > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [EMAIL PROTECTED] > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
