Tom,
On 24/2/21 14:01, Tom Herbert wrote:
Fernando,
The analogy doesn't hold here because unlike knives, extension headers
are not inherently dangerous. The problems have been caused by some
routers implementations that have assumed unwritten requirements (like
routers must access transport layer), unquantified requirements
(header chains can't be too long), and apparently buggy
implementations (mentioned in the draft). This draft describes, cites,
recommends, references, or suggests (whichever you prefer) two
specific mitigations which are to drop packets or rate limit packets.
These mitigations are described without context or parameterization,
so the reader might infer that blindly dropping all packets with
extension headers is an acceptable mitigation. Furthermore, if the
draft is suggesting mitigations to problems created by routers, then
an obvious one would be to ask router vendors to fix their bugs (which
I am trying to say without cynicism).
It seems that your mis-interpreting our document.
Abstract
This document summarizes the operational implications of IPv6
extension headers specified in the IPv6 protocol specification
(RFC8200), and attempts to analyze reasons why packets with IPv6
extension headers are often dropped in the public Internet.
It is an operational document produced by v6ops, and not a protocol spec
produced by 6man. It is aimed at operators. And, if anything, the IETF
can make use of it for further work.
It discusses challenges that are faced in the real world, from an
operational perspective, discussing the things an operator may have at hand.
We don't provide recommendations. We don't even mean to.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call