Francis Dupont writes: - same (comment) o The Redirect function is used for automatically redirecting hosts to an alternate router. Redirect is specified in Section 8 of RFC 2461 [6]. It is similar to the ICMPv4 Redirect message [19]. => this is *not* true: IPv6 redirect has 3 functions: - change the router for a better one (the function you described) - change the link-layer address (target == destination). This should be in general by the peer itself with a NA at the exception of the last case. - give the link-layer address of an off-link destination which is in fact on-link. This "external redirect" is used for IPv6 over ATM to implement NHRP short cuts for instance. o Redirect: This message is always sent from the router's link-local address to the source address of the packet that triggered the Redirect. Hosts verify that the IP source address of the Redirect is the same as the current first-hop router for the specified ICMP Destination Address. Rules in [1] dictate that unspecified, => unspecified source is not forbidden. anycast, or multicast addresses may not be used as source addresses. Therefore, the destination address will always be a unicast address. => to deduce that the destination address in the IPv6 header of a redirect (there is a field named "destination address" to help us ;-) is always a unicast address the argument is: - anycasts and multicasts are forbidden as source - unspecified is forbidden as destination (all nodes is used when one'd like to reach any node). ----------- Jari Arkko responds to Francis Dupont: Oops. These new functions may also need some security thinking, whether they pose some problem to the currently specified Redirect handling rules in SEND. ----------- Jari Arkko writes in the IETF-58 presentation: - design of SEND only considered Redirect as a message to inform of a better router - Francis pointed out there are other functions: . layer address update by the node itself . Specify link-layer address of an off-link destination which is in fact on link (ATM & NHRP) - We can easily take care of the editorial part of this issue - Any security implications? . Redirect from a host would use CGA, from a router certs . Appears to be OK, as long as the document takes care of this ----------- IETF-58 meeting minutes: Greg Daley: I have not seen hosts that send redirects. James Kempf: We need to take this to the list. ----------- Jari Arkko: I have reviewed this issue, and read the relevant parts of RFC 2461. This RFC does indeed contain one of Francis' functions i.e. specification of a link-layer address for an on-link destination which has not been advertised as an on-link prefix is: Redirect messages are sent by routers to redirect a host to a better first-hop router ... or to inform hosts that a destination is in fact a neighbor (i.e., on-link). For the other function, the update of a link-layer address by the node itelf: The RFC prohibits hosts from sending Redirects: A host MUST silently discard any received Redirect message that does not satisfy all of the following validity checks: ... - The IP source address of the Redirect is the same as the current first-hop router for the specified ICMP Destination Address. ... But I think Francis meant that Neighbor Advertisements should be used for this purpose. So what text modifications are necessary? Here's my proposal: Change o The Redirect function is used for automatically redirecting hosts to an alternate router. Redirect is specified in Section 8 of RFC 2461 [7]. It is similar to the ICMPv4 Redirect function [15]. => o The Redirect function is used for automatically redirecting a host to a better first-hop router, or to inform hosts that a destination is in fact a neighbor (i.e., on-link). Redirect is specified in Section 8 of RFC 2461 [7]. It is similar to the ICMPv4 Redirect function [15]. This text has already disappeared through other modifications: o Redirect: This message is always sent from the router's link-local address to the source address of the packet that triggered the Redirect. Hosts verify that the IP source address of the Redirect is the same as the current first-hop router for the specified ICMP Destination Address. Rules in [1] dictate that unspecified, anycast, or multicast addresses may not be used as source addresses. Therefore, the destination address will always be a unicast address. This text has already been changed as well: The receiver MUST verify that the Redirect message comes from an IP address to which the host may have earlier sent the packet that the Redirect message now partially returns. That is, the source address of the Redirect message must be the default router or the on-link destination host for traffic sent to the destination of the returned packet. If this is not the case, the message MUST be silently discarded. This step prevents a bogus router from sending a Redirect message when the host is not using the bogus router as a default router. => Note that RFC 2461 rules already prevent a bogus router from sending a Redirect message when the host is not using the bogus router as a default router. I think this would cover all that we need to do. Comments? -----------