Re: New Consensus call on RH0 Deprecation

Mon, 27 Aug 2007 11:29:47 -0700 

On Aug 27, 2007, at 9:29 AM, Tim Enos wrote:
Good point. This would be true even in the face of a company on the JP side and a company on the US side (of the JP-US link) agreed together to accept source-routed traffic from each other. 


Just having the RH0 traffic transit the intervening ISP(s) would  
make the link susceptible to the attacks outlined in the draft.



Can you (and others) clarify your position on what you consider to be  
valid traffic?  I do not work for a commercial ISP, so I'm trying to  
understand the current thinking / policy on this.



Suppose you have 4 providers, where A and B are in the US and C and D  
are in Japan (the B -- C link is the US-JP link).


A - B - - C - D


Assume A and D are interested in supporting source routing, but B and  
C are not.  Further assume that, due to A and D's support for source  
routing, they are susceptible to the kind of oscillation DOS attack  
we have been discussing.  The B - - C link is managed / protected by  
B and C - that is, they have ultimate control over what traffic  
transits this US - JP link.



In the event of an oscillation DOS attack between A and D, do B and C  
care that the traffic they are transiting is DOS traffic vs. other  
traffic?  In other words, hasn't the capacity available to A (from B)  
and the capacity available to D (from C) already been arranged?  If  
this capacity is consumed due to DOS, is it not A and D (and their  
customers) who pay the cost?



This is not to say we shouldn't think about the global aspects of  
resource use and DOS - I'm just trying to understand whether the  
approach to source routing requires a global consensus.  Several  
recent comments seem to imply that it is unacceptable even to transit  
RH0 traffic (rather than simply choose not to act on RH0 headers) -  
have I interpreted this position correctly?  If so, it would seem to  
have implications for both RH0 (as is being discussed) and any new  
source routing approach RHx.



Is DOS protection / mitigation an assumed (or explicit) service  
provided by ISPs to customers?


Thanks,
Dow



--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------























					Reply via email to