On Wed, 29 Aug 2007, sengottuvelan srirangan wrote:
> I could not get the below comments in the draft:
>
> "
> A Routing header is not examined or processed until it reaches the node
> identified in the Destination Address field of the IPv6 header.
>
> There can be at most one RH4 header in any packet. A packet with
> more than one RH4 header is discarded. This functionality can be
> implemented in a firewall or any other IPv6 node.
> :
> :
> Whereever possible, including the administrative network edge, RPF
> check needs to be done.
> "
>
> I have following comments on the draft:
>
> 1. Draft recommends to implement the stack in the destination nodes
> but also says , Whereever possible,including the administrative
> network edge, RPF check needs to be done. This functionality can be
> implemented in a firewall or any other IPv6 node.
> please clarify.
>
> 2. What if current IPv6 node receives RH4 header?. How do we handle
> the RH4 header in the current implementaions?
>
>
One of the poblems with the current implementation of RH0 (and IPv4 source
routed packets) is when packet transits a router that is not one of the
source routed hops, it must specially process the packet. In otherword
forward the packet in software.
Take Host A in the diagram below who wants to send traffic to Host E, but
prefers the packet to first visit Router D.
-------- ---------- ---------- --------
|Host A|---|Router B|---|Router C|---|Host E|
-------- ---------- ---------- --------
\ /
\ /
----------
|Router D|
----------
Host A will build a packet with a source address of A, a destination
address of D, and loose source hops of D and E.
When this packet reaches Router B which is not the destination of the
packet, the traffic should be forwarded as normal (in hardware) based on
the destination of the packet D.
When the packet arrives at Router D, then special processing must occur to
support source routing.
The problem that someone else pointed out was there is a conflicting
requirement to apply firewall filters that match on destination address,
to also be capable to match on destinations listed in the loose source
hops. This will likely require special handeling (i.e. packet not
forwarded in hardware). One approach is to make both of these options
configurable.
I think possibly the problem is that there is confusion about how source
routing affects routers, and how it affects hosts. Routers generally
carry lots of transit traffic (not destined for the local router) and
hosts do not. In this case (where the host is not acting as a router),
the packet should always have a desination of the host. The host
receiving a packet that has some other destination would likely only
result from a misconfigured network. I suspect the right action in this
case is to drop the packet.
__Jason
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
