Hi Stig, You said "There is no difference between a tunnel link and any other link media I think."
That is the exact issue in my case for ND messages. If we just send a packet tunneled, the TTL check for ND messages fails as we can send a packet from multiple hops away by just adding another layer of encapsulation. That is the reason I suggested the text "The default behavior SHOULD be to not allow ND packets over tunnels, unless explicitly so configured." Thanks, Vishwas -----Original Message----- From: Stig Venaas [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 1:31 AM To: Vishwas Manral Cc: IPv6 Subject: Re: draft-ietf-ipv6-2461bis-05 On Thu, Nov 17, 2005 at 02:21:01AM -0800, Vishwas Manral wrote: > Hi, > > > > While going through the draft, I noticed there is no talk of tunneled ND > message in the entire draft. > > > > The draft states: - > > > > By setting the Hop Limit to 255, Neighbor Discovery is immune to > off-link senders that accidentally or intentionally send ND messages. > > However if we send a basic ND message in IP-in-IP tunneled packet and > send the packet across, we can easily send ND messages off-link. A > solution I can think of is that by default we SHOULD NOT allow ND > packets inside tunneled packets unless explicitly configured to do so. > > Am I missing the point? I'm wondering if I'm missing the point, because to me it seems obvious. If you have a tunnel, the tunnel is the link, and the packet would not be forwarded off that link. And even if it was, the hop limit is decremented, so it would be discarded since hop limit < 255. There is no difference between a tunnel link and any other link media I think. Stig > > Thanks, > Vishwas > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
