Discussion:
IPv4 source routing options and IPv6 Type 0 Routing Header
(too old to reply)
Deepak Jain
2008-06-25 20:43:46 UTC
Permalink
Quite a few times it has been mentioned to me that some peering
agreements require support for the IPv4 source routing options. I was
wondering whether this is still the case for some ISPs, or it is not the
case anymore.
Before we decommissioned our last open peering fabric, source-routing
was important to make sure your peer wasn't pointing default (or
similar) to you. With the advent of private (and far more limited)
bilateral peering as a preference to fabric based peering (at least
among the ones who set peering policies globally) this has become
less of an issue.

RFC 5095 aside.

Deepak
Fernando Gont
2008-06-26 01:44:03 UTC
Permalink
Post by Deepak Jain
Quite a few times it has been mentioned to me that some peering
agreements require support for the IPv4 source routing options. I
was wondering whether this is still the case for some ISPs, or it
is not the case anymore.
Before we decommissioned our last open peering fabric,
source-routing was important to make sure your peer wasn't pointing
default (or similar) to you. With the advent of private (and far
more limited) bilateral peering as a preference to fabric based
peering (at least among the ones who set peering policies globally)
this has become
less of an issue.
Thanks so much for your response!
Post by Deepak Jain
RFC 5095 aside.
Yes, sorry. The question should have been: Has IPv6 Type 0 Routing
Header ever been a requirement in v6 peering agreements?

(In any case, I guess Type 0 Routing Header could still be used, in
the same way that v4 source-routing was still being used even after
many IP implementations had decided to filter it by default?)

Kind regards,

--
Fernando Gont
e-mail: ***@gont.com.ar || ***@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Joe Abley
2008-06-26 02:15:19 UTC
Permalink
Post by Fernando Gont
(In any case, I guess Type 0 Routing Header could still be used, in
the same way that v4 source-routing was still being used even after
many IP implementations had decided to filter it by default?)
Between adjacent, consenting routers, you can surely expect to be able
to do whatever the routers will let you do.


Joe
Randy Bush
2008-06-26 06:44:34 UTC
Permalink
sorry to pick this up so late.

source routing is still requested and sometimes mandated at inter-as
borders. for the reasons deepak stated. note that this does not expose
any vulnerability. source routing is only dangerous to hosts.
Post by Fernando Gont
Yes, sorry. The question should have been: Has IPv6 Type 0 Routing
Header ever been a requirement in v6 peering agreements?
not of which i am aware. imiho, from ops pov extension headers are
unneeded kink.

randy
Fernando Gont
2008-06-29 11:12:02 UTC
Permalink
Post by Randy Bush
source routing is still requested and sometimes mandated at inter-as
borders. for the reasons deepak stated. note that this does not expose
any vulnerability. source routing is only dangerous to hosts.
Well, it can be used as an amplification mechanism for bandwidth
consuption attacks (although it is not as effective as the Type 0
Routing header of v6, because of the limited space in the v4 header).

Thanks!

Kind regards,

--
Fernando Gont
e-mail: ***@gont.com.ar || ***@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Joel Jaeggli
2008-06-25 23:07:23 UTC
Permalink
Hello, folks,
Quite a few times it has been mentioned to me that some peering
agreements require support for the IPv4 source routing options. I was
wondering whether this is still the case for some ISPs, or it is not the
case anymore.
I haven't observed it in the recent past. looking backwards I can see a
handfull of operators that did it (LSR) by policy everywhere in 2002.
I was also wondering if it has ever been the case that IPv6 peering
agreements have required support for Type 0 Routing Header and, if it
has, whether that still happens nowadays. (I guess not, but....)
I think you'd be hardpressed to find an operator that would knowingly
honor rh(0) headers
Thanks so much!
Kind regards,
--
Fernando Gont
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Sam Stickland
2008-06-30 17:35:12 UTC
Permalink
Post by Deepak Jain
Quite a few times it has been mentioned to me that some peering
agreements require support for the IPv4 source routing options. I was
wondering whether this is still the case for some ISPs, or it is not
the case anymore.
Before we decommissioned our last open peering fabric, source-routing
was important to make sure your peer wasn't pointing default (or
similar) to you. With the advent of private (and far more limited)
bilateral peering as a preference to fabric based peering (at least
among the ones who set peering policies globally) this has become
less of an issue.
RFC 5095 aside.
Can someone give an example of how to use source routing to check a
peers routing policy?

Thanks,

Sam
John Osmon
2008-06-30 19:10:46 UTC
Permalink
Post by Sam Stickland
Can someone give an example of how to use source routing to check a
peers routing policy?
Channelling from a similar private conversation I had many years ago:

Seeing if packets directed to prefixes that you're not announcing come
back to you is interesting (and can be an indicator that someone is
pointing default at you). Seeing if packets directed to prefixes you
*are* announcing *do* come back to you is also interesting.


So, an example might be to send a traceroute across a peer's link
via source routing, and watching the result.

Loading...