[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unreachability detection at tunnels servers WAS: RE: Comments on zeroconf draft

Dear All,

An issue of general character has been brought up in connection with the zero-conf work. 
The issue is the following:

MUST Ipv6-in-Ipv4 tunnel servers, as routers, support NUD-like mechanisms that enables
them to send ICMP destination unreachable messages back to origin ?

The initial feedback received in this respect is that - "yes, they MUST".

As some RFCs previously has been silent about this, e.g. 6to4 - RFC 3056,
and the working group currently is standardising a mechanism which also seems
to be silent about this (Teredo) I would very much like to hear if the above is the
general sentiment of the work group.

I should be stressed that adding this to the goals of the zero-conf requirements
document isn't believed to severely limit the solution space - but it requires
implementation of a mechanism which is know to scale very badly and
which in addition is susceptible to the DoS attack described in Section 4.3.2 of RFC 3756.

BR, Karen

> 
> 
> On Thu, 9 Sep 2004, Karen E. Nielsen (AH/TED) wrote:
> > Normally last hops routers performs NUD so that they can send ICMPs
> > back to origin to notify of black holes/unreachability.  Personally
> > I am not sure that this is a MUST requirement on the Tunnel Servers.
> > I have actually thought that we could avoid this, especially since
> > we have no explicit goals as to the nodes being registered as
> > reachable in the DNS using the Ipv6 address - wherefore we are first
> > and foremost looking to support the situation where communication is
> > initiated by the tunnel clients and not from the outside.
> 
> This seems short-sighted to me, because the actual *advantage* of IPv6
> is realized only when *incoming* connectivity is enabled (if it was
> just about outbound connectivity, v4 would work as well). 
 If this
> would imply that the communication between two nodes inside the 3GPP
> network or communication originating from IPv6 internet and coming to
> a 3GPP node could just silently fail.. this would seem to be very 
> undesirable.

Note this is not about the connectivity silently failing, it
is about the node no longer being there/no longer being active. 

But what you're saying is that the destination unreachable ICMPs are a MUST
to support at a Ipv6-in-Ipv4 Tunnel Server ?

- BTW, with the risk of bluring the difference in between
solution space and requirement space - I suppose this in particular applies
to the v6ops accepted "tunnel server" mechanisms, 6to4 and Teredo border routers ?

> 
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> 
>