Hi Mark, Stig,
On 25 Jul 2005, at 15:50, Mark Smith wrote:
On Mon, 25 Jul 2005 10:29:42 +0200 Stig Venaas <Stig.Venaas@uninett.no> wrote:
On Mon, Jun 27, 2005 at 06:22:17PM +0930, Mark Smith wrote:It looks like a /128 prefix length is not permitted on an interface,
according to draft-ietf-ipv6-addr-arch-v4-04.txt, which I think means
most of the issues I was concerned about described disappear.
Some of the arguments against /127s on point-to-point links in RFC3627 "Use of /127 Prefix Length Between Routers Considered Harmful" may be worth considering in the context of /128s on loopbacks.
I'm still not sure exactly how host routing would work from the end-nodes point of view
The way I see it the hosts would have physical interfaces connected to a
physical link and have addresses for those doing ND etc as usual. In
addition they would have some kind of virtual interface with some / 128
addresses and somehow inject host routes for those on the physical
interfaces so that next-hop would be the (e.g. /64) addresses on the
physical links. This is how I believe it works today when you use
loopbacks with /128 for routers.
I think that would work. However, even if it is accepted to run some
form of routing protocol on the end-nodes to push host routes into the
routing cloud, there would still have to be a manual address assignment
process for the /128s on the loopback interfaces, because as you
mentioned before, the loopback interfaces probably won't receive any ND
protocol messages such as RAs. That could arguably be considered an
impractical solution "in this day and age", because staticly configured
addresses on hosts in IPv6 is so pre-DHCP IPv4 :-)
To hide the network topology from nodes external to this network domain,
then I'd think the /64s assigned to the links would have to be ULAs,
although I think the link-local addresses might be enough to support
forwarding the packets from the edge of the routing domain to the host
within it and vice-versa.
The problem there though is that any ICMP messages generated by routers, targeted towards external nodes, such as
Destination Unreachables, Packet Too Big would have "private" source
addresses, and would likely to be dropped by the routers at the edge
that are using source address filtering to prevent things like SYN
attacks. IOW, the same problems that occur now if somebody uses RFC1918
private addresses on their internal links.
I suppose as long as all the routers as well had /128s on loopback
addresses (not a bad idea at all), and as long as the ICMP messages used
the loopback addresses as the source addresses, that problem might not
occur.
regards,
Mark/
-- Dr Mark K. Thompson Electronics and Computer Science a School of the University of Southampton, UK