[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-multi6-multihoming-requirements-06.txt



Le jeu 19/06/2003 à 08:10, Pekka Savola a écrit :
> > Also, what about the interaction between (srcaddr,dstaddr) selection &
> > anti-spoofing-type filtering?  The routers do the filtering, but the host
> > does the address selection.  How does that work?  I don't want to have more
> > spoofed attacks with IPv6 than we have now with IPv4.
> 
> At the moment, there is no interaction.  The routers have to allow both.  
> But that's one field that in particular should be worked at.
> 
There IS interaction between src address selection and
anti-spoofing-type filtering, at least in the multiaddressing solution.
Suppose a site has 2 providers : ISPA and ISPB. Each provider delegates
one prefix (PA and PB) to the hosts. When sending a packet, if a hosts
choose PA as src address, then the packet must be routed through ISPA,
not through ISPB, to avoid anti-spoofing-type filtering.

A general principle would be :

  IF a host receives prefix PA in a router advertisement coming from 
  router RA THEN choose src address PA if the host sends a packet with 
  RA as the first hop toward the destination (i.e. the packet is sent
  through ISPA).

I would insert this rule just after the 7th rule in RFC3484.