RE: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Ronald Bonica [mailto:rbonica@xxxxxxxxxxx]
> Sent: Tuesday, October 08, 2013 5:46 PM
> To: Ole Troan; Templin, Fred L
> Cc: ipv6@xxxxxxxx; ietf@xxxxxxxx
> Subject: RE: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt>
> (Implications of Oversized IPv6 Header Chains) to Proposed Standard
> 
> I agree with Ole.

How so? A tunnel that crosses a 1280 MTU link MUST fragment
in order to satisfy the IPv6 minMTU. If it must fragment, then
an MTU-length IPv6 header chain would not fit within the first
fragment, and we have opened an attack vector against tunnels.
This is not a matter to be agreed or disagreed with - it is
a simple fact.

Thanks - Fred
fred.l.templin@xxxxxxxxxx
 
>        Ron
> 
> > -----Original Message-----
> > From: ipv6-bounces@xxxxxxxx [mailto:ipv6-bounces@xxxxxxxx] On Behalf
> Of
> > Ole Troan
> > Sent: Tuesday, October 08, 2013 12:17 PM
> > To: Templin, Fred L
> > Cc: ipv6@xxxxxxxx; ietf@xxxxxxxx; IETF-Announce
> > Subject: Re: Last Call: <draft-ietf-6man-oversized-header-chain-
> 08.txt>
> > (Implications of Oversized IPv6 Header Chains) to Proposed Standard
> >
> > Fred,
> >
> > > Hi, I would like to make a small amendment to what I said in my
> > > previous message as follows:
> > >
> > > 4) Section 5, change the final paragraph to:
> > >
> > >   "As a result of the above mentioned requirements, a packet's
> header
> > >   chain length MUST fit within the Path MTU associated with its
> > >   destination.  Hosts MAY discover the Path MTU, using procedures
> > such
> > >   as those defined in [RFC1981] and [RFC4821]. However, if a host
> > does
> > >   not discover the Path MTU, it MUST assume the IPv6 minumum MTU of
> > >   1280 bytes [RFC2460]. The host MUST then limit each packet's
> header
> > >   chain length to the Path MTU minus 256 bytes in case additional
> > >   encapsulation headers are inserted by tunnels on the path."
> >
> > I would claim that additional encapsulation headers are already
> > considered in the 1280 minimum MTU.
> > as in: 1500 - 1280.
> >
> > cheers,
> > Ole
> 






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]