Hi, Joe, On 07/16/2014 11:09 AM, Joe Touch wrote: > > I'm including INTAREA in the discussion because this doc seems to be an > end-run around intending to deprecate IPv6 HBH options, or at least to > redefine the option behavior bits defined in RFC 2460. IMO, that ought > to be addressed in INTAREA, not V6OPS.
May I ask if you have read the I-D? Because this document is not trying to do any of the above. It simply aims at providing operational advice on how to filter packets with IPv6 EHs/options. > IMO, the real DOS attack here is twofold: > > 1) vendors who misrepresent their boxes as IPv6-capable > at a given packet rate > 2) documents, such as this, > that invert the Postel Principle into the Gont Principle: > > - Postel Principle: > Be conservative in what you send > and liberal in what you receive. > > - Gont Principle: > Be paranoid in what you receive. This document doesn't follow the "be paranoid principle" (if there's such a thing): It recommends to pass lots of stuff that that, if you were really paranoid, you wouldn't pass. And while Postel principle's aims at interoperability, here we're talking about avoiding some specific traffic from breaking your network. SO I don't really follow your analysis. > I sincerely hope there are others who share this view, What's "this view"? Have you followed the thread with Brian Carpenter regarding ignoring rather than dropping HBH? > or we might as > well just go straight to the conclusion that IPv6 routers that can't > process 128-bit addresses really ought to be OK just forwarding based on > the last 32. This document is an operations-related document, not a std track one. As such, it provides advice to the folks *running* the routers not the folks manufacturing them. Just for the sake of reality check: Packet drops rates for different traffic types (and, within parenthesis, the percentage of such drops occurring in a different AS): +--------------+-----------------+-----------------+----------------+ | Dataset | DO8 | HBH8 | FH512 | +--------------+-----------------+-----------------+----------------+ | Web | 11.88% | 40.70% | 30.51% | | | (17.60%-20.80%) | (31.43%-40.00%) | (5.08%-6.78%) | +--------------+-----------------+-----------------+----------------+ | Mailservers | 17.07% | 48.86% | 39.17% | | | (6.35%-26.98%) | (40.50%-65.42%) | (2.91%-12.73%) | +--------------+-----------------+-----------------+----------------+ | Namerservers | 15.37% | 43.25% | 38.55% | | | (14.29%-33.46%) | (42.49%-72.07%) | (3.90%-13.96%) | +--------------+-----------------+-----------------+----------------+ Yes: over 40% of packet drop rate for HBH, already. And quite a few folks (e.g. Google) drop all packets that contain IPv6 EHs. Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
