|
On 2018-11-26 09:53, Gert Doering wrote:
Hi,
...
As people have explained in great detail, there's work that the routers
are built to do, where the number of packets they can handle is nearly
arbitrarily high.
Then there's packets that are seen as an exception, and handled in a
not-as-powerful path. Back then, when the Internet was new, these
exceptional packets were considered "something we'll handle when the
need arises", and it mostly worked.
Translation - "we cheated", and that's not working anymore. Agreed.
Today, whenever anything is connected
to the real Internet has a weakness, it will be abused. Thus, these
packets will have to be rate-limited, up to the point of uselessness.
Rate limiting is quite different from 100% discards. When abuse happens, it's clearly safe to react.
But reacting to the mere presence of this additional - unexpected - work is not itself abuse. And frankly it's only abuse because vendors claim IPv6 compliance by cheating and operators go along with the game.
Of course you can build a box that can do everything with the same
speed. I would recommend to the reader to make himself familiar with
current market realities, though, regarding "cost", "power consumption",
"feasibility to build in time before the increase in bandwidth has them
obsoleted again" and "willingness of customers to pay serious money for
their Internet access".
If you sold this as "partial IPv6" or "incomplete support for RFC8200", then sure.
If most of the time these options are not used, then fine - rate limit when they come up. But say that's what you're doing.
And don't pretend that this is for security purposes.
Joe
| 