On Wed, 29 Aug 2007, sengottuvelan srirangan wrote: > I could not get the below comments in the draft: > > " > A Routing header is not examined or processed until it reaches the node > identified in the Destination Address field of the IPv6 header. > > There can be at most one RH4 header in any packet. A packet with > more than one RH4 header is discarded. This functionality can be > implemented in a firewall or any other IPv6 node. > : > : > Whereever possible, including the administrative network edge, RPF > check needs to be done. > " > > I have following comments on the draft: > > 1. Draft recommends to implement the stack in the destination nodes > but also says , Whereever possible,including the administrative > network edge, RPF check needs to be done. This functionality can be > implemented in a firewall or any other IPv6 node. > please clarify. > > 2. What if current IPv6 node receives RH4 header?. How do we handle > the RH4 header in the current implementaions? > >
One of the poblems with the current implementation of RH0 (and IPv4 source routed packets) is when packet transits a router that is not one of the source routed hops, it must specially process the packet. In otherword forward the packet in software. Take Host A in the diagram below who wants to send traffic to Host E, but prefers the packet to first visit Router D. -------- ---------- ---------- -------- |Host A|---|Router B|---|Router C|---|Host E| -------- ---------- ---------- -------- \ / \ / ---------- |Router D| ---------- Host A will build a packet with a source address of A, a destination address of D, and loose source hops of D and E. When this packet reaches Router B which is not the destination of the packet, the traffic should be forwarded as normal (in hardware) based on the destination of the packet D. When the packet arrives at Router D, then special processing must occur to support source routing. The problem that someone else pointed out was there is a conflicting requirement to apply firewall filters that match on destination address, to also be capable to match on destinations listed in the loose source hops. This will likely require special handeling (i.e. packet not forwarded in hardware). One approach is to make both of these options configurable. I think possibly the problem is that there is confusion about how source routing affects routers, and how it affects hosts. Routers generally carry lots of transit traffic (not destined for the local router) and hosts do not. In this case (where the host is not acting as a router), the packet should always have a desination of the host. The host receiving a packet that has some other destination would likely only result from a misconfigured network. I suspect the right action in this case is to drop the packet. __Jason -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------