Should routers send redirects by default?
nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Sat Aug 21 19:24:41 CDT 2010
On Sat, 21 Aug 2010 10:32:00 -0400
Jared Mauch <jared at puck.nether.net> wrote:
> On Aug 21, 2010, at 10:12 AM, Jack Bates wrote:
> > Eric J. Katanich wrote:
> >> You disable it on the host and if no host is using it, you might as well disable it on the router as wel. Others mentioned
> >> some routers need to handle this in software instead of hardware, which is obviously slower.
> > Most redirects are limited in their rate, so it generally is unnoticed on the router, but yes, to be fully optimized, turning it off isn't a bad idea. Here's a better one. Put the router's choice in the RA on a per prefix basis (and of course DHCPv6 for non-RA setups).
> > Any router/host communication agreements really should have a profile setup. If the router is acting in a certain way, it should be able to notify the host. If RA is disabled and a pure DHCPv6 setup was deployed, obviously the DHCPv6 server would need to provide the necessary router information (mtu, icmp unreachable support, etc).
> > It bugs me that we setup automation support such as between routers and hosts and don't include all the different details that both really should agree on (such as icmp redirects, or even the ability to push routes to hosts, ie modify redirects to support prefix or host based redirects since we are starting over here).
> One of the use cases for the redirects listed is that someone may DHCPv6 a prefix, but (!!!) not know the netmask of the prefix, so may not know what is on-net. ie: here's your host address, good luck!
That's not the case. What they're saying is that an address by itself
does not _imply_ a prefix length i.e. don't assume a /64. This isn't
any different to IPv4 in the last 15 years - "192.168.0.1" by itself
doesn't imply a /24 since CIDR came along.
RFC5942 does into details. Basically it says if a node doesn't have a
separate indication that a prefix is onlink (i.e. via a configured
prefix length, or via PIO options in an RA), then don't assume the
internal structure of the address is known (i.e. don't assume a /64).
> This surely isn't something I had expected as an output of the IETF, as i figured that even the most basic folks advocating for "internet engineering" would tell a host the netmask so it would know what is on-net vs off-net.
> This tells me that the use of redirects isn't quite as straightforward as "helping" but more as "crutch" for not wanting to consume an extra byte for mask and few bytes for a default-router.
> It also means they are unlikely to be as limited in their rate as you suggest, it will make the IPv6 router look more like a flow-swithced device (having to send a redirect for each subnet/mask that is different) and effectively make the host participate (via redirects) in this routing protocol.
> - Jared
More information about the NANOG