Perhaps we should push for some research to evaluate the actual impact? This is the only study I know that did something like that. It was limited to a single router and is 2 years or so old. http://www.macrothink.org/journal/index.php/npa/article/viewFile/10190/8493 "The maximum traffic rate was reached with packets of 1518 Bytes and IPv4 protocol, and it decreases with the use of IPv6 protocol. The router reaches higher performance when work with IPv4 traffic. The CPU usage increases with the increase of IPv6 traffic. The use of ACL in IPv4 traffic the CPU usage rises from 6.5% without ACL to 15% with ACL (8.5%) while for IPv6 goes from 67.5% to 82.5%, 15%, the double. The maximum traffic rate falls 1.54 Mbps by the use of ACL in IPv4 and 27.14 Mbps in IPv6. With IPv4 the router is able to support bidirectional traffic without decrease the maximum traffic rate, compared with unidirectional traffic. But for IPv6 in bidirectional traffic the maximum traffic rate is lower than for unidirectional traffic in the same conditions. The use of REH in the traffic supposes an increment of the CPU usage; this increment depends on the packets per second of the data flow. " if (initial_ttl!=255) then (rfc5082_compliant==0) Donald.Smith@xxxxxxxxxxxxxxx ________________________________________ From: OPSEC [opsec-bounces@xxxxxxxx] on behalf of Gert Doering [gert@xxxxxxxxx] Sent: Monday, November 26, 2018 12:57 AM To: Joe Touch Cc: ietf; draft-ietf-opsec-ipv6-eh-filtering.all@xxxxxxxx; Nick Hilliard; OPSEC; Christian Huitema; tsv-art; Brian E Carpenter Subject: Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06 Hi, On Sun, Nov 25, 2018 at 09:16:23PM -0800, Joe Touch wrote: > I.e., most of the analysis in this document is flat out incorrect in assuming that merely because a packet could cause a router to do work that it is a security risk to handle that packet as intended. And then IETF wonders why operators do not feel like time spent on providing their input to IETF WGs is well-spent. What else can it be, on a real-world device, in today's Internet? Gert Doering -- Operator -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 _______________________________________________ OPSEC mailing list OPSEC@xxxxxxxx https://www.ietf.org/mailman/listinfo/opsec This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
