Stewart, >> So you are arguing that we need to define ULPs that are easy for routers to parse? > I don't see how you would conclude that from the above. What is needed is that whatever the parser needs to parse needs to be easy and cheap to parse. “what’s needed” is clearly something which is very contentious. There is a reason why encryption by default is a necessity. >> At arbitrary depth? Because why would the buck stop at the UDP header when transport has moved one layer up? > What is the status of the flow label in practice? As I said earlier in the thread, I know the five tuple is trusted for ECMP, but I hear very little discussion of the flow label being a trusted source of entropy to feed the ECMP selector. I don’t know. I hear the situation is improving. Would be great if someone with access to a large packet trace could tell us. That said, you will not always find the ports. fragmented packets, Non TCP/UDP protocols (GRE, IPinIP etc). You need to tackle that case too. At least with the flow label you would be able to ECMP correctly for a session containing both fragmented and not fragmented packets. >> As opposed to the 6man argument which is that IPv6 is explicitly designed to only require routers to need to process the first 40 bytes (with the one exception hook). >> And the design of EHs is specifically done to make it hard to parse for intermediate devices… > That seems a fundamentally bad idea. Why would you go out of your way to make something difficult when you never know what path future protocol development will take you? It was a value desicion. Any time the network starts to dwelve deeply into packets that prohibits innovation and end to end transparency. Of course it wasn’t a perfect solution. Encryption is the only thing that can “solve” it properly. >> Is that really the Internet we want? Of course it will be countered with encryption, but I foresee a raft of problems if the IETF as a whole would redefine the “formal Internet architecture”. > I think I have been describing the Internet architecture as it exists today regardless of the what the RFCs say. Sure. But I think the IETF’s signal effect is quite important. And we are doing quite a bit to rectify the current state. If everything is encrypted. Sure, you might have a UDP header to do ECMP on, but you would need other indicators to detect attack traffic. Cheers, Ole
