Hello, folks,
Quite a few times it has been mentioned to me that some peering agreements require support for the IPv4 source routing options. I was wondering whether this is still the case for some ISPs, or it is not the case anymore.
I was also wondering if it has ever been the case that IPv6 peering agreements have required support for Type 0 Routing Header and, if it has, whether that still happens nowadays. (I guess not, but....)
Thanks so much!
Kind regards,
Quite a few times it has been mentioned to me that some peering agreements require support for the IPv4 source routing options. I was wondering whether this is still the case for some ISPs, or it is not the case anymore.
I was also wondering if it has ever been the case that IPv6 peering agreements have required support for Type 0 Routing Header and, if it has, whether that still happens nowadays. (I guess not, but....)
I have never seen such a requirement for IPv6.
Note also that type-0 routing headers were deprecated in RFC 5095, last year.
The functionality provided by IPv6's Type 0 Routing Header can be exploited in order to achieve traffic amplification over a remote path for the purposes of generating denial-of-service traffic. This document updates the IPv6 specification to deprecate the use of IPv6 Type 0 Routing Headers, in light of this security concern.
Joe
Quite a few times it has been mentioned to me that some peering agreements require support for the IPv4 source routing options. I was wondering whether this is still the case for some ISPs, or it is not the case anymore.
Before we decommissioned our last open peering fabric, source-routing was important to make sure your peer wasn't pointing default (or similar) to you. With the advent of private (and far more limited) bilateral peering as a preference to fabric based peering (at least among the ones who set peering policies globally) this has become
less of an issue.
RFC 5095 aside.
Deepak
Fernando Gont wrote:
Hello, folks,
Quite a few times it has been mentioned to me that some peering agreements require support for the IPv4 source routing options. I was wondering whether this is still the case for some ISPs, or it is not the case anymore.
I haven't observed it in the recent past. looking backwards I can see a handfull of operators that did it (LSR) by policy everywhere in 2002.
I was also wondering if it has ever been the case that IPv6 peering agreements have required support for Type 0 Routing Header and, if it has, whether that still happens nowadays. (I guess not, but....)
I think you'd be hardpressed to find an operator that would knowingly honor rh(0) headers
Quite a few times it has been mentioned to me that some peering agreements require support for the IPv4 source routing options. I was wondering whether this is still the case for some ISPs, or it is not the case anymore.
Before we decommissioned our last open peering fabric, source-routing was important to make sure your peer wasn't pointing default (or similar) to you. With the advent of private (and far more limited) bilateral peering as a preference to fabric based peering (at least among the ones who set peering policies globally) this has become
less of an issue.
Thanks so much for your response!
RFC 5095 aside.
Yes, sorry. The question should have been: Has IPv6 Type 0 Routing Header ever been a requirement in v6 peering agreements?
(In any case, I guess Type 0 Routing Header could still be used, in the same way that v4 source-routing was still being used even after many IP implementations had decided to filter it by default?)
Kind regards,
Between adjacent, consenting routers, you can surely expect to be able to do whatever the routers will let you do.
Joe
sorry to pick this up so late.
source routing is still requested and sometimes mandated at inter-as
borders. for the reasons deepak stated. note that this does not expose
any vulnerability. source routing is only dangerous to hosts.
Yes, sorry. The question should have been: Has IPv6 Type 0 Routing
Header ever been a requirement in v6 peering agreements?
not of which i am aware. imiho, from ops pov extension headers are
unneeded kink.
randy
Well, it can be used as an amplification mechanism for bandwidth consuption attacks (although it is not as effective as the Type 0 Routing header of v6, because of the limited space in the v4 header).
Thanks!
Kind regards,
Deepak Jain wrote:
Quite a few times it has been mentioned to me that some peering agreements require support for the IPv4 source routing options. I was wondering whether this is still the case for some ISPs, or it is not the case anymore.
Before we decommissioned our last open peering fabric, source-routing was important to make sure your peer wasn't pointing default (or similar) to you. With the advent of private (and far more limited) bilateral peering as a preference to fabric based peering (at least among the ones who set peering policies globally) this has become
less of an issue.RFC 5095 aside.
Can someone give an example of how to use source routing to check a peers routing policy?
Thanks,
Sam
Channelling from a similar private conversation I had many years ago:
Seeing if packets directed to prefixes that you're not announcing come
back to you is interesting (and can be an indicator that someone is
pointing default at you). Seeing if packets directed to prefixes you
*are* announcing *do* come back to you is also interesting.
So, an example might be to send a traceroute across a peer's link
via source routing, and watching the result.