Updated Specification of the IPv4 ID

Slides:



Advertisements
Similar presentations
IPv4 header: Recycle 16 bits? draft-briscoe-intarea-ipv4-id-reuse-00 Bob Briscoe IETF-80 Mar 2011 This work is partly funded by Trilogy, a research project.
Advertisements

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
CSE 461: IP/ICMP and the Network Layer. Next Topic  Focus:  How do we build large networks?  Introduction to the Network layer  Internetworks  Service.
IETF 651 Issues With Protocols Proposing Multilink Subnets draft-thaler-intarea-multilink-subnet-issues-00.txt Dave Thaler
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
Network Layer: IPv6 IS250 Spring 2010
1 Internet Networking Spring 2005 Tutorial 2 IP Checksum, Fragmentation.
1 Internet Networking Spring 2004 Tutorial 2 IP Checksum, Fragmentation.
Internet Networking Spring 2003
1 Internet Networking Spring 2002 Tutorial 2 IP Checksum, Fragmentation.
1 464XLAT Combination of Stateful and Stateless Translation draft-ietf-v6ops-464xlat-01 IETF 83 v6ops WG Japan Internet Exchange Co.,Ltd.
UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.
Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6- security-03 Eric Vyncke Mark Townsley
Submission doc.: IEEE /1003r2 July 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Upper Layer Data on Management frames Date:
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Multimedia Wireless Networks: Technologies, Standards, and QoS Chapter 3. QoS Mechanisms TTM8100 Slides edited by Steinar Andresen.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
Wes George, Chris Donley, Christopher Liljenstolpe, Lee Howard.
Networking Fundamentals Network Protocols. Protocol Rule for how networks communicate Each OSI layer handled by one or more protocols Protocol Suites.
BAI513 - PROTOCOLS ARP BAIST – Network Management.
Use of the IPv6 Flow Label as a Transport-Layer Nonce draft-blake-ipv6-flow-nonce-02 Steven Blake IETF 76 November 2009.
1 Background and Introduction. 2 Outline History Scope Administrative.
1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.
1 Internet Area Open Meeting 72th IETF, Dublin, Ireland Jari Arkko and Mark Townsley.
Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.
Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.
K. Salah1 Security Protocols in the Internet IPSec.
1 Introduction to ISIS AfNOG 2011 SI-E Workshop. 2 IS-IS Standards History  ISO specifies OSI IS-IS routing protocol for CLNS traffic A Link State.
1 CMPT 471 Networking II OSPF © Janice Regan,
IP Addressing.
Internet Protocol Version 6 Specifications
Chapter 3 TCP and IP Chapter 3 TCP and IP.
Update on Advertising L2 Bundle Member Link Attributes in IS-IS
Solution Model of Source Address Tracing for CGN
Kleene’s Theorem and NFA
Chapter 8 ARP(Address Resolution Protocol)
Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
OSPF (Open Shortest Path First)
Objective: ARP.
draft-ietf-simple-message-session-09
Layered Architectures
Internet Networking Spring 2002
IPV4.
IPSec IPSec is communication security provided at the network layer.
draft-ietf-geopriv-lbyr-requirements-02 status update
Fragmentation issues in IPv4/IPv6 translation
Encapsulation/Decapsulation
Net 323: NETWORK Protocols
Chapter 19 Domain Name System (DNS)
TCP/IP Explored Jun Wu 11/11/2018.
Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008
TCB Control Block Sharing: 2140bis
Reason Why L2 Per Frame Authentication Is Required
FILS Reduced Neighbor Report
Chapter 20. Network Layer: IP
Net 323 D: Networks Protocols
DHCP and NAT.
Changes to SAE State Machine
DHCP: Dynamic Host Configuration Protocol
Review of Internet Protocols Network Layer
Editors: Bala’zs Varga, Jouni Korhonen
Internet Protocol version 6 (IPv6)
Socket Extensions for OnDemand Mobility Management
M. Boucadair, J. Touch, P. Levis and R. Penno
IANA Procedures for the Port Number Registry
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Updated Specification of the IPv4 ID IETF 80 Joe Touch, USC/ISI 9/20/2019 4:54 PM

Quick review ID already isn’t unique within 2MSL Recognize existing practice Limit IPv4 ID use to fragmentation Update 791, 1122, 2003 accordingly Remind users of the impact of using fragmentation 9/20/2019 4:54 PM

Changes 00 -> 01 (review) Lots of rewriting for clarity Removed SHOULD send only atomic datagrams Now conditional (and consistent with DNS use): Atomic can reuse IP ID (i.e., not rate limited) Non- atomic,MUST rate limit (existing requirement) Added SHOULD verify integrity To protect against ID reuse in fragments Removed incremental deployment plan Removed “reordering interval” 9/20/2019 4:54 PM

Changes 01 -> 02 Abstract describes affected RFCs Updated refs To do to proceed: Replace NAT with “address sharing devices” Waiting for reviews DNSOPS INTAREA AD / IPDIR 9/20/2019 4:54 PM

BACKUP SLIDES ------------------------- 9/20/2019 4:54 PM

Current protocol req’ts Frag only: MUST NOT use ID except for frag/reassy Source MAY set ID to any value if atomic Transit/dest MUST ignore ID if atomic Safe use: Non-atomic rexmits MUST NOT reuse ID Overlapping fragments MUST be ignored Non-atomic or protected ATOMIC ID MUST NOT change in transit NATs MUST honor rules as if a source 9/20/2019 4:54 PM

Current user req’ts Non-atomic sources MUST rate limit to honor ID non-reuse (existing req’d) Higher-layer protocols SHOULD verify integrity Some transits ignore DF=1, and many reuse IDs too quickly; this is just good practice Non-atomic sources with strong integrity checks MAY reuse IDs (and thus exceed rate limit) 9/20/2019 4:54 PM

(none of these are new, but are included in this doc in 2119 language) Reminder req’ts Non-atomic IDs MUST NOT repeat within one MSL within src/dst/proto triple DF=1 MUST NOT be fragmented Transits MUST NOT modify DF=1 bit (none of these are new, but are included in this doc in 2119 language) 9/20/2019 4:54 PM

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.