[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: misconfiguring the tunnel source address [mech-v2-04]

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: misconfiguring the tunnel source address [mech-v2-04]
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Fri, 20 Aug 2004 03:00:51 -0700 (PDT)
Cc: Erik Nordmark <Erik.Nordmark@sun.com>, Alex Conta <aconta@txc.com>, v6ops@ops.ietf.org
In-reply-to: "Your message with ID" <Pine.LNX.4.44.0408201224090.8222-100000@netcore.fi>
Reply-to: Erik Nordmark <Erik.Nordmark@sun.com>

> On Fri, 20 Aug 2004, Erik Nordmark wrote:
> > >             Source Address:
> > >                  IPv4 address of outgoing interface of the encapsulator
> > >                  or an administratively specified address as described
> > >                  below.
> [...]
> > 
> > I think it makes sense to do this minor clarification since the current
> > text can be read as the protocol allowing the source address to be
> > configured to be the IPv4 address assigned to some other node.
> > This clearly doesn't work for many reasons such as ICMPv4 errors wouldn't be
> > sent back to the encapsulator.
> 
> My concern with this is that configuring such address (not assigned on 
> the node) is essentially misconfiguration by the administrator of the 
> node.

My concern is that there is nothing in the document which says it would
be a misconfiguration. The document is utterly silent on which addresses
can and can not be configured as the source address of a tunnel.
Thus even though we all know that it must be an address configured on the node
an implementor can not read that in the specification.
That is the thing that needs to be clarified.

> Some implementations will want to check that, no matter whether it
> reads in the spec or not; some others might not want to bother, rather

The way the document is currently written I could argue that an implementation
which decides to check does not conform with the specification.

> If I read correctly what you refer to with "minor clarification", I
> think you would be satisfied with just a hint to the implementors that
> they might want to check that the source addresses belong to the node,
> but add no MAY/SHOULD/MUST terminology.  Correct?

Incorrect.
For the protocol to work the source address of the tunnel must be an IPv4
address assigned to the node. So this sure sounds like a MUST as far as I can
tell.

I think we should ask ourselves what behavior would such a MUST exclude that
we should not exclude because it has some non-zero value for the user.

  Erik

Follow-Ups:
- Re: misconfiguring the tunnel source address [mech-v2-04]
  - From: Pekka Savola <pekkas@netcore.fi>

References:
- misconfiguring the tunnel source address [mech-v2-04]
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: misconfiguring the tunnel source address [mech-v2-04]
Next by Date: Re: IESG evaluation draft-ietf-v6ops-ent-scenarios-05
Previous by thread: misconfiguring the tunnel source address [mech-v2-04]
Next by thread: Re: misconfiguring the tunnel source address [mech-v2-04]
Index(es):
- Date
- Thread