On Wed, Apr 13, 2005 at 05:43:54PM -0700, Jonathan Stone wrote:
> In message <20050413234709.GR6156@che.ojctech.com>, David Young writes:
> >On Wed, Apr 13, 2005 at 05:39:34PM -0400, Thor Lancelot Simon wrote:
> >> On Wed, Apr 13, 2005 at 12:29:10PM -0500, David Young wrote:
> >> >
> >> > is preferred.  IPv4 should likewise prefer a private sources (192.168/16,
> >> > 10/8, ...) when the destination is private, a link-local (169.254/16)
> >> > for link-local destinations, and global source for a global destination.
> 
> IPv4 "should" do this?  Who is saying this, and on what authority?
> I'm pretty sure this not a SHOULD in the sense of RFC-2119.

I think he means "should" in the sense of "would behave better in a not
uncommon case" -- which, I think, is correct.  There are definitely
situations in which a host has both a routable and a private (1918)
IP address and in which the public Internet is only reachable across
the privately-addressed network.  Consider, for example, an router
concentrator that numbers its point-to-point interfaces in network
10.0.0.0/8; an end host connected to that router may have a routable
address legitimately allocated to it but be forced to point its default
route at the *non-routable* address of its gateway.  This is bogus
network design (it is a poor adaptation from the world of "unnumbered"
HDLC interfaces on some routers to the world of PPP, where each endpoint
must have an address; better to allocate a single address to _all_ such
interfaces on a large router and reuse it for multiple peers) but it is
in fact a situation some users are faced with.

The "clean" workaround here -- in terms of preserving "strong host"
semantics -- is to use a tunnel between the 1918-numbered link endpoints.
But this introduces an additional layer of encapsulation for, frankly,
little gain.  *Some* users of our stack may quite legitimately prefer
to violate the strong host model and transmit packets on interface A
with the source address of interface B according to destination address
of the packets; it gets them reachability even in the presence of dumb
numbering of point-to-point links that may be beyond their control.

This should not be the default behavior, however.  I have believed for
some time and continue to believe that our default behavior should
conform to the strong host model given in 1122, both for transmit
and receive.  When segregating networks for security reasons it is
harder (though not impossible) to do the right thing in the presence
of hosts that implement weaker models.

> RFC-1122 is a common reference.  If you're _that_ under-informed, how
> much credence should be given to your opinions on how IPv4 "should"
> behave?

I don't think David is under-informed; he just hasn't had occasion to
look at the different canonical host models for IPv4 before, and I doubt
he was active on our lists the last time the strong host/weak host
debate came up, since it was several years ago.  It is not unreasonable
to use IPv6 as an analogy here -- but it is important to understand
that people's reasonable assumptions about v4 behavior both for xmit
and receive on end hosts do not match the scoping that v6 does, and that
people have built network and host configurations whose security may
depend to at least some extent on hosts that do not exhibit v6-like
scoping when using v4.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky