Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>> Chained EHs are a relict from a time when everybody was nice and 
>>> cooperative, bandwith was sparse, routers used CPUs to forward packets,
>>> and money came from governments to research networks in huge amounts.
> [..]
>> This is the exact reason we have layering in the Internet protocols.
>> IPv6 routers are not meant to parse further into packets then the IPv6 header (with one exception (1)).
>> 
>> That network devices find it hard to parse deep into user???s traffic is a feature.
>> I find the argument that we should then change upper layer protocols to accommodate that, hard to digest.
> 
> Ole, you've worked for a vendor long enough, and understand terms like
> "rate limiting" and "hardware”.

You are creating the “perceived” security problem yourself, by requiring processing deeper into the packet than is required.
Just comply with RFC8200. As long as a router is not configured to process any HBH options, it can ignore the header.
You seem to think HBH still means “punt to software”. If it ever meant that.

There’s no need for rate-limiting for not processing HBH obviously.

Cheers,
Ole




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux