Re: [Int-area] [v6ops] Limiting the size of the IPv6 header chain (draft-ietf-6man-oversized-header-chain)

Wed, 12 Jun 2013 13:42:15 -0700 

Hi,

On Wed, Jun 12, 2013 at 12:54:59PM -0700, Joe Touch wrote:
> So let me get this straight:
> 
> - operationally, it's appropriate to drop all fragments because they 
> interfere with a router being efficient
> 
> - operationally, it's appropriate to block ICMPs because they could 
> interfere with network operation
> 

You're constructing something, that at least I never said.

My router *has* to rate-limit ICMP packets that are directed at it, 
otherwise it's easy to nuke it away (unless I find a vendor that will
give me a fully wirespeed control-plane...).  But yeah, when I have
to make a choice between "there is no way to make my router stand the
heat but to make them unpingable", and "have it die the next time
someone out there is bored", guess what my customers expect me to do
(and even then, it might be necessary to be able to rate-limit BGP
related packets at a different speed and using a different policer than
"all the other packets that my router sees", so a pure ACL on IPv6
address without protocol/ports won't do the job)

Now, having sanity in the standards - and I really like the idea of
limiting the full chain of extention headers to some limit, like 256
bytes, which can then be implemented by the vendors taking my money - 
would help find some compromise that enables *some* flexibility, but
at the same time helps me implement the necessary control in the network
to make it work under adverse conditions.


> Sounds a lot like the Internet and its users are getting in the way of 
> router vendors and their business model.

No, more like "reality conflicting with the IETF model of defining
beautiful things based on theoretical possibilities".

Gert Doering
        -- operator
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area

Reply via email to