[AfrIPv6-Discuss] Fwd: rate-limiting-of-ipv6-traceroutes-is-widespread

[Lee Howard]

Yes, this is very interesting.

On 8/16/17, 4:56 AM, "Daniel Shaw" <daniel at afrinic.net> wrote:

>Interesting slides. May be of interest to some.
>
>
>https://datatracker.ietf.org/meeting/99/materials/slides-99-maprg-rate-lim
>iting-of-ipv6-traceroutes-is-widespread-measurements-and-mitigations


This isn’t just a traceroute problem, but an ICMPv6 problem, right?
You mentioned RFC4443 “ICMPv6” (I had to look it up; it’s in section
2.4(f)). Presumably, then, all ICMPv6 messages originating from that
router are rate-limited, not just traceroute. Ping and pMTUd?

If you send a burst of ICMPv6 messages to a router, like one every 10ms,
to see where you overflow the buffers, doesn’t that mean actual users on
the network are not getting accurate pMTU data?

I wasn’t sure from the slides (although maybe it’s clear in the
presentation) whether this problem is seen on normal rates of traceroutes?
Because if so, I would agree we need to tune the algorithm from RFC4443,
or develop a new one. If it only occurs when someone generates a thousand
traceroutes at a time, I’d argue the mechanism is working properly.

Have you sent a note to v6ops or the authors of draft-v6ops-ipv6rtr-reqs
suggesting the update? I should know, but I can’t keep track of every
message on every draft.

Thanks for doing this; it’s thought-provoking work.

Lee