generic v6 tunneling

Francis Dupont Francis.Dupont@enst-bretagne.fr
Wed, 06 Feb 2002 11:25:14 +0100

Previous message: generic v6 tunneling
Next message: generic v6 tunneling
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 In your previous mail you wrote:

   1)With ref to section 3.3 of RFC 2473 :
   
   "The tunnel exit-point node, which decapsulates the tunnel packets,
   and the destination node, which receives the resulting original
   packets can be the same node".
   
   Does it mean tunnel exit-point IPv6 address and original packets
   destination IPv6 address are same?

=> "can be" but usually they are configured to be different because:
 - this can too easily mess the routing system
 - there is no reason to encapsulate such packets (they can be sent
  directly).

   If they are same, how do we configure the route for the destination
   V6 address at the tunnel entry point?
   
=> there is already a route to the exit-point, not using the tunnel.

If you try to misconfigure a tunnel with a route to the exit-point
through the tunnel, good systems will detect the error and won't crash
trying infinite encapsulation. But this is harder if the loop is distributed
between different nodes so section 4 describes this kind of problems
and some solutions (note that 4.1.2 check detects your problem).

   2)With ref to section 7.1(a) of RFC 2473:
   
   When the IPv6 packet size is larger than IPv6 min link MTU, the
   ICMPv6 pkt too big msg is sent with MTU as max(tunnel MTU, IPv6 min
   link MTU) .
   
   If the furthur received packets' size is larger than IPv6 min link
   MTU, again TOO BIG message will be sent

=> yes, ICMPv6 are sent on errors but are rate limited.

   and a looping will occur?

=> I believe your loop is errors on errors. There are two counter-measures:
(draft-ietf-ipngwg-icmp-v3-02.txt section 2.4)
 - (c) Every ICMPv6 error message (type < 128) includes as much of the
   IPv6 offending (invoking) packet (the packet that caused the
   error) as will fit without making the error message packet
   exceed the minimum IPv6 MTU.
 - (e.1) An ICMPv6 error message MUST NOT be sent as a result of
   receiving an ICMPv6 error message.
(don't forget (f) aka rate limitation too).

   how to avoid this?
   
=> understand and implement carefully the specs (:-)!

Regards

Francis.Dupont@enst-bretagne.fr

Previous message: generic v6 tunneling
Next message: generic v6 tunneling
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]