Hi, Dow Street <[EMAIL PROTECTED]> writes:
> On Aug 30, 2007, at 2:40 PM, Arnaud Ebalard wrote: > >>> In your opinion, is it sufficient to describe potential uses of an >>> IPv6 source routing mechanism? Or is it also necessary to have the >>> commitment of a large organization / commercial entity who intends to >>> deploy IPv6 source routing in a specific timeframe and according to a >>> specific use? >> >> No. IMHO, if someone comes with a good idea and other people find it >> useful and want to have that in their laptop/network/pda/phone ... it >> seems you have support and should start working on it. > > Is that "no" to the first or second question? Respectively, the answers are "necessary" and "no". >> In that particular case, people put the most powerful source routing >> mechanism in the specification, which then got implemented on all >> routers and even some hosts. > > Do you mean the case of RH0? Yes. >> During the _huge_ threads after CanSecWest during the discussions on >> the >> ietf ML, we asked many times if someone had a use or had already used >> it. >> >> I can remember one person who knew someone that uses the mechanism for >> some firewalling stuff (correct me if i'm wrong). I don't remember >> if I >> asked about the tools that allowed to use RH0: I know only ping6 and >> scapy6 (again, correction appreciated). >> >> What i try to show is that the mechanism has been _proven_ useless >> by a >> past decade of full availability: you can bearly find users and tools >> (at least on IETF IPv6 WG ML). > > RH0 may have been fully available from the perspective of IPv6 > implementations, but given the limited deployment of IPv6, I don't > think lack of current use is *proof* that IPv6 RH0 is not useful, or > would not be useful in the future. It's not useful, it's funny and dangerous, hence the deprecation. At some point, you will probably come to the conclusion that having a source routing mechanism that does not potentially hinder others requires that (at the very least) : 1) The forwarding routers trust you for providing them a new target (destination) for the packet and are ok spending time in slow path doing that. 2) The destination is ok with receiving source-routed traffic: note that this is not what 2460 mandates (i.e. RH* extension header with 0 value in segleft should simply be skipped to process the next header, w.r.t. the specification). But this is how serious people handle RH0 (and future RH* traffic) on end entities (except for those for which you have a local need, like RH2 or yours). Best example is what the ISC has done for F Root DNS instances: try and send requests to them including RH0. It will be dropped. As a conclusion, having RH* deployed requires to have _processing_ of RH* performed by consenting routers, and that the packets end up on a consenting host. The other routers will simply forward traffic based on IPv6 header content. Other hosts will simply drop the traffic. (Please, note the use of hosts and routers in previous sentences). And yes, this limits your ability to bounce your traffic on every router in the internet but this will obviously be the case (if not already from threads on v6ops) as soon as operators get their IPv6 BCP in sync with the IPv4 ones, i.e. as soon as "no ipv6 source route" is the default or is forced by admins. Cheers, a+ -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
