Hi, First off, my take on this is to disable RH0 and deprecate it.
This has already been done in all the SixXS PoPs to avoid them and their users to be a source/destination of this problem. Although it would be fun to see the traffic levels go over 0.1% of IPv4 that kind of traffic is not the traffic we want to see I guess :) Also quite a large number of operators are already DROP-ing these options. Which leads to another question: Should one DROP or REJECT (icmp admin prohibited) these packets. Pro's/Con's on this anyone? Ebalard, Arnaud wrote: [..] > For IPv6, since last week, all major stacks are already no more IPv6 > compliant regarding RH0 processing : > > FreeBSD : http://security.freebsd.org/advisories/FreeBSD- > SA-07:03.ipv6.asc > OpenBSD : http://openbsd.org/errata40.html#012_route6 > NetBSD : http://www.nabble.com/heads-up:-IPv6-routing-header-0- > issues-t3643494.html > Linux : http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.9 > > Apple is aware of the issue, but has more latency. > Cisco and Juniper too, but no public statement/decision is available > yet (this is obviously not that simple for them). I've started collecting ways to disable this at: http://www.sixxs.net/faq/connectivity/?faq=filters This also lists Cisco already who made a security announcement quite some days ago, see the following URL which includes workarounds: http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml Not all platforms are addressed with that of course and most thus require updates, for some though there are no updates yet. From Juniper I only know that they are 'working on it' and that was an unofficial statement from one of their employees. [..] >> On the other hand, given that these usage cases are rather limited, I >> don't think they're in wide use, and still cause problems for >> ingress/egress filters, I'm also ok with deprecation. > > You should also add anycast to the list. Why Anycast? I guess you are not using any Root DNS servers or any content distribution network? :) There are a lot of uses for anycast, which you won't even notice that they are being used. Also Anycast per se is not a special feature of IPv6, it is also used in IPv4. Greets, Jeroen
signature.asc
Description: OpenPGP digital signature
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
