Re: Comments on draft-wbeebee-ipv6-cpe-router-01.txt

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 20 jul 2008, at 15:45, Hemant Singh (shemant) wrote:

> > 3. I disagree with the behavior suggested for "unnumbered" model. I
> > don't think a CPE router should automatically open up a maintenance
> > loopback interface just because it doesn't get a global IP address.

> <hs>

Would you PLEASE use normal quoting techniques? Reading email costs  
enough time as it is without everyone doing stuff in their own  
particular way so automation and habits don't work.

> Not quite.  The unnumbered model is clearly saying the WAN interface
> only acquires on a link-local address.  But the WAN interface of the  
> CPE
> Router has got to have a global IPv6 address.

You are being extremely imprecise. That is one of the reasons your  
draft is in such bad shape.

The INTERFACE doesn't need a global address, but the ROUTER does.

> So what choice does the
> CPE Router have but to automatically spawn a Loopback interface that
> will get assigned a global IPv6 address

When you need to create a packet, use a source address from another  
interface that you have, i.e. a LAN interface. I believe this is  
explained in the base IPv6 specs. Or ask within your company about the  
behavior of "ipv6 unnumbered ..."

> (using SLAAC,

Creating addresses using stateless autoconfig on an interface  
different than the one where the RAs were received is very wrong.

> DHCPv6

Using DHCPv6 address configuration on a router makes no sense in my  
opinion.

> stateless DHCPv6 to acquire an IA_PD).

I don't think prefix delegation is possible in the stateless version  
of DHCPv6.

On 20 jul 2008, at 15:51, Hemant Singh (shemant) wrote:

> The draft clearly says what ICMPv6 errors are returned by the CPE
> Router, so it's not like the CPE Router is not responding to any  
> ICMPv6
> request.

Good.

> Existing IPv4 routers do have a ping disable feature where the
> router is configured to not respond to pings.

You are again using imprecise terminology. What you mean is IPv4 CPEs  
with NAT functionality. That has little to do with routing. For IPv6,  
CPEs do have to be real routers and conform to normal router behavior  
unless we specify exceptions.

It is of course allowed to not return echo replies.

However, since the router MUST generate other ICMPv6 messages under  
other circumstances, not replying to pings doesn't make the router  
invisible so there is little point in not returning ping replies.

> I also said on this
> thread that if the CPE Router does respond to pings, the CPE Router
> needs to rate limit incoming ping reqs.

You say that you want to rate limit INCOMING pings. (Which is useless  
anyway because the LAN bandwidth is much higher than the WAN  
bandwdith.) If you want to do this, it makes no sense to tie that to  
whether or not ping replies are sent. For the router itself this is a  
non-issue because the IPv6 specs mandate that ICMPv6 messages are rate  
limited anyway.

On 20 jul 2008, at 16:43, Hemant Singh (shemant) wrote:

> Please see the complete uRPF thread that we discussed on this mailer -
> they were emails between July 15 - 16th, 2008.

I read it earlier today. It didn't make much sense to me. But now it  
occurs to me that you actually want to run uRPF on the CPE itself. I  
don't see how that's useful. What you want to do is filter out  
outgoing packets on the WAN interface if they don't have a source  
address that is either in the prefix delegated by the ISP or have the  
router's own WAN address as a source address.