Hi, On Wed, Jun 12, 2013 at 12:54:59PM -0700, Joe Touch wrote: > So let me get this straight: > > - operationally, it's appropriate to drop all fragments because they > interfere with a router being efficient > > - operationally, it's appropriate to block ICMPs because they could > interfere with network operation >
You're constructing something, that at least I never said. My router *has* to rate-limit ICMP packets that are directed at it, otherwise it's easy to nuke it away (unless I find a vendor that will give me a fully wirespeed control-plane...). But yeah, when I have to make a choice between "there is no way to make my router stand the heat but to make them unpingable", and "have it die the next time someone out there is bored", guess what my customers expect me to do (and even then, it might be necessary to be able to rate-limit BGP related packets at a different speed and using a different policer than "all the other packets that my router sees", so a pure ACL on IPv6 address without protocol/ports won't do the job) Now, having sanity in the standards - and I really like the idea of limiting the full chain of extention headers to some limit, like 256 bytes, which can then be implemented by the vendors taking my money - would help find some compromise that enables *some* flexibility, but at the same time helps me implement the necessary control in the network to make it work under adverse conditions. > Sounds a lot like the Internet and its users are getting in the way of > router vendors and their business model. No, more like "reality conflicting with the IETF model of defining beautiful things based on theoretical possibilities". Gert Doering -- operator -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area