>The traffic class field is not enough. If you have to re-classify traffic at
>an administrative boundary, then by definition at that point the traffic class
>field is inadequate; you need more information. The advantage that IPv6 has
>is that even when the header is partly hidden by IPSEC, the flow label is
>available to carry additional semantics. The actual proposal is to use the
>PHB identifier which has end to end semantics.
I heard the presentation differently. in IETF51 presentation Alex
Conta made the following proposals, at least:
- putting PHB value
not trustworthy.
- putting total extension header length
if the originator lies about the value, intermediate routers
can go panic.
- putting port/addr/whatever encoded
if the originator lies about the value, theft-of-service
happens.
none of these values are trustworthy, since originator can lie about
those. because these values are not trustworthy, intermediate routers
need to get those values by normal ways (by chasing extension header
chain, or whatevr), and therefore, flow label value is just wasted.
I particularly don't like the idea of putting total extension header
length. as soon as it gets deployed bad guys can mount various attacks.
So, back to my original posting, I vote for end-to-end pseudorandom
20bit value. intermediate router MAY use it to hash the traffic,
that's all.
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
