RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt

["Hemant Singh (shemant)" <shemant@cisco.com>]

Please see the complete uRPF thread that we discussed on this mailer -
they were emails between July 15 - 16th, 2008.  Here is one piece of
text snipped from my email on the subject of uRPF on July 16th.  I
wasn't talking about any packet with src-addr as link-local.

"I have a spoofed packet with global src-addr input to the WAN interface
of a standalone CPE Router - the destination of this packet is the
global IPv6 address of a LAN interface.  Strict uRPF check will check if
the src-addr is reachable by a path thru the input interface which is
the WAN interface. The WAN interface, which is also a routed port has
only a link-local address.  So how can the global address have a path
thru the WAN interface that is assigned only a link-local address?"

Hemant 

-----Original Message-----
From: Iljitsch van Beijnum [mailto:iljitsch@muada.com] 
Sent: Sunday, July 20, 2008 8:25 AM
To: Hemant Singh (shemant)
Cc: Ole Troan; Stark, Barbara; v6ops@ops.ietf.org; Antonio Querubin
Subject: Re: Comments on draft-wbeebee-ipv6-cpe-router-01.txt

On 16 jul 2008, at 1:54, Hemant Singh (shemant) wrote:

> RPF (Reverse Path Forwarding) will fail and if RPF fails for a router,

> due to security concerns, the router should drop the incoming packet. 
> If the WAN interface of the CPE Router does not have a global IPV6 
> address, how is RPF going to work?

If you run unicast RPF (uRPF, RPF itself is for multicast) on the ISP
router then this whill work regardless of the interface the CPE uses to
source packets because all the address space delegated to the user is
obviously routed towards the CPE so it will pass the uRPF check.

> RPF needs global IPv6 addresses.

Link local addresses can't be forwarded by routers anyway, so uRPF and
link locals are orthogonal.

Where is the packet with a link local source address supposed to go to?