[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LIN6 and multihoming (+sec)

To: <multi6@ops.ietf.org>
Subject: LIN6 and multihoming (+sec)
From: Pekka Savola <pekkas@netcore.fi>
Date: Sat, 18 Aug 2001 11:26:20 +0300 (EEST)

[http://www.ietf.org/internet-drafts/draft-teraoka-ipng-lin6-01.txt]

As LIN6 was presented at multi6, and I don't know of a better place to
comment on this, I guess I'll just post these here..

The fact is that the multihoming support of LIN6 is only limited to single
nodes, clearly made cellular mobiles in mind:

3.9.  Multi-Homing Support

    Figure 6 shows multi-homing support in LIN6.  In the figure, Node-B is a
    multi-homing host which has two network interfaces.  Node-A and Node-B
    have the LIN6 generalized ID, "LIN6_P+ID_A" and "LIN6_P+ID_B",
    respectively, where "LIN6_P" is the LIN6 Prefix, and "ID_A" and "ID_B"
    are the identifiers of Node-A and Node-B, respectively.  Node-A has the
    LIN6 address, "P_A+ID_A", where "P_A" is the network prefix of Node-A.
    Node-B has two LIN6 addresses, "P_B1+ID_B" and "P_B2+ID_B", where "P_B1"
    and "P_B2" are the network prefixes of Node-B corresponding to the two
    network interfaces.
[...]


I don't think people generally want to multihome every node, rather
multihome a router and provide multihomed connection that way.  ID's based
on EUI64 aren't possible with this mechanism if there is only one
interface on end-nodes (you could just make up the other ID, I suppose,
but that would be .. dirty, and no effective means of tracking them unless
using some mapping function to generate them).  The fact remains that this
mechanism does not seem to be fit for real multihoming.

Also:


[...]
       2. Assume that Path_A crashes due to some reason, and ICMP Unreach is
          returned to Node-A.

       3. Node-A knows that Path_A is unavailable and selects "P_B2" as the
          network prefix of Node-B.

Does ICMP Unreachable trigger you to retry connection using a different
destination address?  IIRC ICMP unreaches are soft errors, and affect
nothing.


I don't comment on non-multihoming issues, except for the fact that there
are no "Security Considerations" in the text.  It appears to me that if
you use generalized network prefix as e.g. TCP/UDP endpoints, capturing
traffic, hijacking connections etc. are bound to be at least potentially
easier (as the generalized LIN6 namespace is flat); this puts even more
responsibility for the security of DNS and mapping agent functions.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

Prev by Date: RE: MHTP draft (draft-py-multi6-mhtp-00.txt)
Next by Date: Re: LIN6 and multihoming (+sec)
Prev by thread: Re: draft minutes from London multi6 session
Next by thread: Re: LIN6 and multihoming (+sec)
Index(es):
- Date
- Thread