[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
- To: "Hemant Singh \(shemant\)" <shemant@cisco.com>
- Subject: RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
- From: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
- Date: Mon, 21 Jul 2008 02:46:04 -0700 (PDT)
- Cc: IPv6 Operations <v6ops@ops.ietf.org>, Iljitsch van Beijnum <iljitsch@muada.com>
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Message-ID; b=wL4FWmwTo4rT+VSU0UHMDp7S3zVTwrdg9UX8nv7c1yiHrUrSO0+aRZXwDe//Ov+6HjVm9RFaQhHSZAAOvYr9M1ACVv6SxjDZWXDWEWAdvi42jcoEfh/r/MgChTmEkF5A9/ZZR6oNmwRdhowMob8Gc69+w9LKDgseRFlQuwzPya4=;
- In-reply-to: <B00EDD615E3C5344B0FFCBA910CF7E1D04E41FC4@xmb-rtp-20e.amer.cisco.com>
You say "Also, the virtual Loopback interface is in the same link-local domain as the WAN interface."
I don't understand your architecture. bridge? no bridge?
Can you make a diagram of the WAN side ?
Francois-Xavier
--- On Sun, 7/20/08, Hemant Singh (shemant) <shemant@cisco.com> wrote:
> From: Hemant Singh (shemant) <shemant@cisco.com>
> Subject: RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
> To: "Iljitsch van Beijnum" <iljitsch@muada.com>
> Cc: "IPv6 Operations" <v6ops@ops.ietf.org>
> Date: Sunday, July 20, 2008, 9:41 PM
> We are NOT adding any uRPF check feature to the CPE Router
> WAN on LAN
> interface(s) nor any ping throttle feature for ping reqs or
> responses.
> These are just topics being discussed. uRPF was only given
> as an
> example to say why CPE Router cannot work with just a
> link-local on the
> WAN interface.
>
> We want to focus first on getting a complete set of
> requirements from
> DSL folks and then see what does the draft shape out to be.
> In our -00
> version of the draft, the draft was complete for cable
> deployment
> because cable has completed docsis 3.0 standards for IPv6
> as of two
> years back and also an embedded CPE Router cable modem
> standard
> completed in May 2007.
>
>
> We have clearly said to this mailer early on, that till we
> get a common
> consensus between DSL providers like AT&T, NTT,
> DSLForum folks like
> David Miles, and a Mikael A., nothing in this draft is
> concrete. Of
> course, I and Wes gave our cable recommendation to the DSL
> guys in -00
> version but they didn't like it. Our cable
> recommendation in the -00
> version has nothing to do with IA_PD and stateless DHCPv6,
> or a Loopback
> interface, or a WAN interface with only a link-local
> address.
>
> During the course of -01 and -02 versions we were
> attempting to fold in
> requirements from DSL and that has caused some problems in
> the draft.
> The DSL requirements from NTT, AT&T, and a Mikael have
> been varied. You
> guessed correctly. The Loopback interface cannot ask for
> IA_PD using
> stateless DHCPv6 if the Loopback interface hasn't
> acquired a global IPv6
> address. The RFC for stateless DHCPv6 in RFC3736 clearly
> says the
> following in the Abstract section.
>
> [A node that uses stateless DHCP must have obtained its
> IPv6 addresses
> through some other mechanism, typically stateless address
> autoconfiguration.].
>
> So the Loopback solution for DSL guys in our -02 version
> doesn't look
> good even though Mikael A., and David Miles suggested this
> path to us.
> As you can see we are still analyzing the solution and
> questioning
> requirements. The Loopback interface would need to acquire
> a global
> IPv6 address first using stateful DHCPv6 (a MUST, because
> SLAAC doesn't
> support getting IA_PD). Also during stateful DHCPv6, the
> IA_PD is doled
> out to the interface and the interface also gets an IA_NA.
> Since the
> interface already got a global address in the IA_NA, then
> what's the
> point of assigning the interface an IPv6 address out of the
> IA_PD? So
> will one release the IA_NA, and then configure an address
> on the
> interface from the IA_PD? I don't like such
> machinations. Clearly, the
> DSL requirements are not flushed out yet for us.
>
> Also, you can keep arguing about router vs. interface and
> who's correct
> or not. If the CPE Router needs a global address, the next
> question
> folks will ask is what interface on the CPE Router does the
> global
> address gets assigned to? We are describing such details.
>
> Also, the virtual Loopback interface is in the same
> link-local domain as
> the WAN interface. Therefore any RA sent to the WAN
> interface has to be
> also seen by the Loopback interface (CPE Router internals
> have to take
> care of this). So then it is legal for the Loopback to use
> the RA seen
> by the WAN interface and the proceed to get a global IPv6
> address for
> the Loopback address using SLAAC or DHCPv6.
>
> Hemant
>
>
> -----Original Message-----
> From: Iljitsch van Beijnum [mailto:iljitsch@muada.com]
> Sent: Sunday, July 20, 2008 3:39 PM
> To: Hemant Singh (shemant)
> Cc: IPv6 Operations
> Subject: Re: Comments on
> draft-wbeebee-ipv6-cpe-router-01.txt
>
> On 20 jul 2008, at 15:45, Hemant Singh (shemant) wrote:
>
> >> 3. I disagree with the behavior suggested for
> "unnumbered" model. I
> >> don't think a CPE router should automatically
> open up a maintenance
> >> loopback interface just because it doesn't get
> a global IP address.
>
> > <hs>
>
> Would you PLEASE use normal quoting techniques? Reading
> email costs
> enough time as it is without everyone doing stuff in their
> own
> particular way so automation and habits don't work.
>
> > Not quite. The unnumbered model is clearly saying the
> WAN interface
> > only acquires on a link-local address. But the WAN
> interface of the
> > CPE Router has got to have a global IPv6 address.
>
> You are being extremely imprecise. That is one of the
> reasons your draft
> is in such bad shape.
>
> The INTERFACE doesn't need a global address, but the
> ROUTER does.
>
> > So what choice does the
> > CPE Router have but to automatically spawn a Loopback
> interface that
> > will get assigned a global IPv6 address
>
> When you need to create a packet, use a source address from
> another
> interface that you have, i.e. a LAN interface. I believe
> this is
> explained in the base IPv6 specs. Or ask within your
> company about the
> behavior of "ipv6 unnumbered ..."
>
> > (using SLAAC,
>
> Creating addresses using stateless autoconfig on an
> interface different
> than the one where the RAs were received is very wrong.
>
> > DHCPv6
>
> Using DHCPv6 address configuration on a router makes no
> sense in my
> opinion.
>
> > stateless DHCPv6 to acquire an IA_PD).
>
> I don't think prefix delegation is possible in the
> stateless version of
> DHCPv6.
>
> On 20 jul 2008, at 15:51, Hemant Singh (shemant) wrote:
>
> > The draft clearly says what ICMPv6 errors are returned
> by the CPE
> > Router, so it's not like the CPE Router is not
> responding to any
> > ICMPv6
> > request.
>
> Good.
>
> > Existing IPv4 routers do have a ping disable feature
> where the router
> > is configured to not respond to pings.
>
> You are again using imprecise terminology. What you mean is
> IPv4 CPEs
> with NAT functionality. That has little to do with routing.
> For IPv6,
> CPEs do have to be real routers and conform to normal
> router behavior
> unless we specify exceptions.
>
> It is of course allowed to not return echo replies.
>
> However, since the router MUST generate other ICMPv6
> messages under
> other circumstances, not replying to pings doesn't make
> the router
> invisible so there is little point in not returning ping
> replies.
>
> > I also said on this
> > thread that if the CPE Router does respond to pings,
> the CPE Router
> > needs to rate limit incoming ping reqs.
>
> You say that you want to rate limit INCOMING pings. (Which
> is useless
> anyway because the LAN bandwidth is much higher than the
> WAN
> bandwdith.) If you want to do this, it makes no sense to
> tie that to
> whether or not ping replies are sent. For the router itself
> this is a
> non-issue because the IPv6 specs mandate that ICMPv6
> messages are rate
> limited anyway.
>
> On 20 jul 2008, at 16:43, Hemant Singh (shemant) wrote:
>
> > Please see the complete uRPF thread that we discussed
> on this mailer -
>
> > they were emails between July 15 - 16th, 2008.
>
> I read it earlier today. It didn't make much sense to
> me. But now it
> occurs to me that you actually want to run uRPF on the CPE
> itself. I
> don't see how that's useful. What you want to do is
> filter out outgoing
> packets on the WAN interface if they don't have a
> source address that is
> either in the prefix delegated by the ISP or have the
> router's own WAN
> address as a source address.