Date: Mon, 10 Dec 2001 12:23:48 -0600 From: "Jim Fleming" <jfleming@anet.com> To: <chat@FreeBSD.ORG> Subject: RIFRAF Routing Works in FreeBSD Message-ID: <035c01c181a7$d0516000$1000a8c0@Unir.com> References: <Pine.LNX.4.21.0112101001340.4822-100000@pilchuck.reedmedia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
http://www.dot-biz.com/RepliGate/RIFRAF/ RIFRAF Routing RIFRAF (Remote Identification Field Random Action Filter) Routing is part of a phased approach to evolving from 32-bit IPv4 Internet Addressing to larger address spaces. The RIFRAF feature in an IP stack, allows for remote access control of the left-most 8-bits of the normally 16-bit IPv4 Identification Field. The feature is part of the IPv8 PeaceKeeper/GateKeeper series. The feature allows a PeaceKeeper for a /16 prefix to remotely set StarGate values in a marking engine via simple ICMP+ extensions via the TOS field. The 4-bit StarGate values are rotated through an 8-bit field which is used in a 50/50 coin-toss marking process as packets are processed with the /16 prefix. Source and Destination StarGate marking is distinct, and all 65,536 /16 prefixes have two choices for the source addresses and two choices for destination addresses. The random marking can be prevented by loading both StarGate values to be the same. The GateKeeper can be restored to legacy Identification Field marking by the PeaceKeeper. Packets marked via RIFRAF can be further routed or queued based on the marks which effectively add 4 bits to the 32-bit IPv4 legacy addresses. All of the packets pass transparently through legacy IPv4 equipment with no change. For legacy equipment not prepared to handle the markings, it appears as the left 8-bits of the Identification Field. For each of the 256 marking values, an independent counter is maintained for the right-most 8-bits of the Identification Field. There is no API required or other user-level tools. RIFRAF can exist silently inside of the stack and be totally controlled remotely via existing connection(s) to the IPv4 private Intranets or the IPv4 Global Public Internet. Spoofing of the PeaceKeeper is possible and the PeaceKeeper will receive the return reply, at which point the PeaceKeeper can restore the desired values. When RIFRAF is used in conjunction with other routing devices and on an IPv16 network, these problems can be minimized. RIFRAF is mostly intended for use in extending the addressing of leaf-nodes, which generally are protected behind fire-walls and NAT devices, but can also be used on the IPv4 Global Public Internet to increase the addressing used by edge devices on /16 networks. ----- http://www.dot-biz.com/IPv4/Tutorial/ The Netfilter Project: Packet Mangling for Linux 2.4 http://netfilter.samba.org Jim Fleming http://www.IPv8.info IPv16....One Better !! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?035c01c181a7$d0516000$1000a8c0>