Date: Wed, 12 Dec 2001 18:10:10 +0100 From: Andre Oppermann <oppermann@pipeline.ch> To: Jim Fleming <jfleming@anet.com> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: RIFRAF Routing Changes for FreeBSD Message-ID: <3C178F72.1ECBE9D@pipeline.ch> References: <041b01c1832d$9e1dbac0$1000a8c0@Unir.com> <3C178964.9115B289@pipeline.ch> <043b01c1832e$9d364b80$1000a8c0@Unir.com>
next in thread | previous in thread | raw e-mail | index | archive | help
1. Learn how to articulate yourself
2. Read and understand the FreeBSD-arch list charter
3. Learn to state properly why you come here, what you'd like FreeBSD
to and why it should do so
4. Learn how to insert line breaks after 72 chars
--
Andre
AO6-RIPE
Jim Fleming wrote:
>
> RIFRAF Routing
> RIFRAF (Remote Identification Field Random Action Filter) Routing is part of a phased approach to evolving from 32-bit IPv4 Internet
> Addressing to larger address spaces. The RIFRAF feature in an IP stack, allows for remote access control of the left-most 8-bits of
> the normally 16-bit IPv4 Identification Field. The feature is part of the IPv8 PeaceKeeper/GateKeeper series. The feature allows a
> PeaceKeeper for a /16 prefix to remotely set StarGate values in a marking engine via simple ICMP+ extensions via the TOS field. The
> 4-bit StarGate values are rotated through an 8-bit field which is used in a 50/50 coin-toss marking process as packets are processed
> with the /16 prefix. Source and Destination StarGate marking is distinct, and all 65,536 /16 prefixes have two choices for the
> source addresses and two choices for destination addresses. The random marking can be prevented by loading both StarGate values to
> be the same. The GateKeeper can be restored to legacy Identification Field marking by the PeaceKeeper. Packets marked via RIFRAF can
> be further routed or queued based on the marks which effectively add 4 bits to the 32-bit IPv4 legacy addresses. All of the packets
> pass transparently through legacy IPv4 equipment with no change. For legacy equipment not prepared to handle the markings, it
> appears as the left 8-bits of the Identification Field. For each of the 256 marking values, an independent counter is maintained for
> the right-most 8-bits of the Identification Field. There is no API required or other user-level tools. Most modern "ping" programs
> can be used to set the bits. RIFRAF can exist silently inside of the stack and be totally controlled remotely via existing
> connection(s) to the IPv4 private Intranets or the IPv4 Global Public Internet. Spoofing of the PeaceKeeper is possible and the real
> PeaceKeeper will receive the return reply, at which point the PeaceKeeper can restore the desired values. When RIFRAF is used in
> conjunction with other routing devices and on an IPv16 network, these problems can be minimized. RIFRAF is mostly intended for use
> in extending the addressing of leaf-nodes, which generally are protected behind fire-walls and NAT devices, but can also be used on
> the IPv4 Global Public Internet to increase the addressing used by edge devices on /16 networks.
>
> ----- Original Message -----
> From: "Andre Oppermann" <oppermann@pipeline.ch>
> To: "Jim Fleming" <jfleming@anet.com>
> Cc: <freebsd-arch@FreeBSD.ORG>
> Sent: Wednesday, December 12, 2001 10:44 AM
> Subject: Re: RIFRAF Routing Changes for FreeBSD
>
> >
> > So?
> >
> > --
> > Andre
> >
> >
> > Jim Fleming wrote:
> > >
> > > This may help...
> > > http://www.dot-biz.com/IPv4/Tutorial/
> > > http://www.RepliGate.net
> > >
> > > The Netfilter Project: Packet Mangling for Linux 2.4
> > > http://netfilter.samba.org
> > >
> > > Jim Fleming
> > > http://www.IPv8.info
> > > IPv16....One Better !!
> > >
> > > ----- Original Message -----
> > > From: "Charlie Root" <root@IPv8.UNIR.COM>
> > > To: <jfleming@anet.com>
> > > Sent: Wednesday, December 12, 2001 4:45 AM
> >
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C178F72.1ECBE9D>