[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

some comments on draft-ietf-ipsec-ipsec-doi-08.txt



    4.6.2.5 ID_IPV4_ADDR_SUBNET

       The ID_IPV4_ADDR_SUBNET type specifies a range of IPv4 addresses,
       represented by two four (4) octet values.  The first value is an IPv4
       address.  The second is an IPv4 network mask.  Note that ones (1s) in
       the network mask indicate that the corresponding bit in the address
       is fixed, while zeros (0s) indicate a "wildcard" bit.

    ....

    4.6.2.7 ID_IPV6_ADDR_SUBNET

       The ID_IPV6_ADDR_SUBNET type specifies a range of IPv6 addresses,
       represented by two sixteen (16) octet values.  The first value is an
       IPv6 address.  The second is an IPv6 network mask.  Note that ones
       (1s) in the network mask indicate that the corresponding bit in the
       address is fixed, while zeros (0s) indicate a "wildcard" bit.

A couple comments:

 1) This appears to specify a "fully general" netmask as opposed to a
prefix-type netmask (some number of 1 bits filled in from the most
significant bit of the address).  Do we really need this generality?

Current "longest match" routing table algorithms/data structures seem
ideally suited for doing SA lookup, and I believe that those
structures require contiguous netmasks to work happily.

 2) A coworker who knows more about ipv6 than I do says that IPv6 has
explicitly banned non-contiguous netmasks, so sending 16 bytes where a
single byte of prefix length would do sounds like severe overkill.

I'm not suggesting changing the wire protocol for IPV4_ADDR_SUBNET
here, merely suggesting that implementations need only support
contiguous netmasks and should or must only send contiguous netmasks...

On the other hand, I think that IPv6 is still fluid enough that we can
get away with changing the IPV6_ADDR_SUBNET encoding to send the
prefix length as a single byte; I wouldn't be surprised if other
IPv6-family protocols which send around address prefixes do it this
way, also.

					- Bill