On Tue, Mar 9, 2021 at 6:07 AM Fred Baker <fredbaker.ietf@xxxxxxxxx> wrote: > > > > > On Feb 24, 2021, at 9:01 AM, Tom Herbert <tom@xxxxxxxxxxxxxxx> wrote: > > > > The problems have been caused by some > > routers implementations that have assumed unwritten requirements (like > > routers must access transport layer), > > For the record, I don't know that this is a "router implementation" issue as much as it is an "operator requirement" interacting with the design of IPv4/IPv6 and UDP/TCP/ICMP. The protocol number, which operators filter on in ACLs, is carried in the transport layer headers. Fred, Yes, ACLs on transport layer ports are common requirements, however the problem arises from related requirements that arise due to the limitations of routers to be able to locate the transport layer information in a packet. An example of such an implied requirement from this draft is "don't send packets with IPv6 header chains that are too long because some routers can't parse deep enough into packets to find the transport layer ports due to implementation constraints (like limited size parsing buffer)". While the rationale for the requirement may make sense, the problem, at least from the host stack perspective of trying to send packets with low probability they'll be dropped, is that a requirement that "don't IPv6 header chains that are too long" is is useless without any quantification as exactly to what "too long" might be. Tom -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
