Pekka, On Mon 26 Sep '05 at 14:05 Pekka Nikander <[EMAIL PROTECTED]> wrote: > > Avun, > >> but I think it would be preferable if this section: >> >> ,---- >> | 3. Routing Considerations >> | >> | Keyed Hash Identifiers are designed to serve as identifiers rather >> | than locators. Therefore, routers SHOULD NOT forward any packets >> | containing a KHI as a source or a destination address. If the >> | destination address is a KHI but the source address is a valid >> | unicast source address, an ICMP Destination Unreachable, >> | Administratively Prohibited message MAY be generated. >> | >> | Note that while KHIs are designed to be non-routable at the IP layer, >> | there are ongoing research efforts for creating overlay routing for >> | these kinds of identifiers. For example, the Host Identity >> | Indirection Infrastructure (Hi3) proposal outlines a way for using a >> | Distributed Hash Table to forward HIP packets based on the Host >> | Identity Tag. >> `---- >> >> was rewritten a lot more like RFC3849 (IPv6 Docu Prefix), Section 3 >> Operational Implications. > > I am really open to changing the wording; please provide a ready > thought suggestion. > >> Placing a requirement directly on routers is a lot tougher than placing a >> requirement on the operators. To support the current wording, every router >> vendor would have to update their code, and then every customer would have >> to upgrade every single router. This of course, would then have to be >> possibly undone come January 1st 2009. > > What comes this concern, I tried to write the text in such a way that > a simple configuration change would be sufficient, i.e., configure > the router not to forward the packets, and possibly have it return > ICMP unreachable. I certainly didn't intend to require routers to be > changed; that is unrealistic.
Excellent! That was the concern I'd had about the wording. c.f. the RFC 3513 (Address Arch) loop-back and unspecified checks which are hard-coded in. > Indeed, if the prefix was allocated from 1000::/4 as suggested, then I think > most router configurations would already now do the right thing. But I may > also be way off here; I'm mostly out of touch with current IPv6 operational > matters. I think you are almost correct. Following Gert's rules [http://www.space.net/~gert/RIPE/ipv6-filters.html] 1000::/4 would certainly be non-routeable. However, that would only result in an ICMPv6 Destination Unreachable, No Route. As for the source address, I think it's likely the operator would be using RPF, which is a silent drop for us. You could just pull in the text from the Documentation Prefix RFC: 3. Routing Considerations Keyed Hash Identifiers are designed to serve as identifiers rather than locators. Therefore, IPv6 network operators SHOULD add the KHI prefixes to the list of non-routeable IPv6 address space, and if packet filters are deployed, then this address prefix should be added to packet filters. Thus if the router generating the default route has a packet filter, you'd get the desired behaviour with respect to the Admin Prohibited message. However, I'd think it unlikely that packet filters are deployed, I think operators tend to rely on Forward and Reverse lookups. A. -- Alun Evans IOS Software Engineer, cisco Systems. http://www.cisco.com/go/ipv6/ -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
