Re: I-D ACTION:draft-jabley-ipv6-rh0-is-evil-00.txt

Thu, 10 May 2007 00:00:41 -0700 

1On Tue, 8 May 2007, Jeroen Massar wrote:

        Title           : Deprecation of Type 0 Routing Headers in IPv6
        Author(s)       : J. Abley
        Filename        : draft-jabley-ipv6-rh0-is-evil-00.txt
        Pages           : 13

...

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-jabley-ipv6-rh0-is-evil-00.txt


In order to kickstart some discussion, here are two comments:

3.  Implementation

   Compliant IPv6 hosts and routers MUST NOT transmit IPv6 datagrams
   containing RH0.


==> does 'transmit' include both 'originate' and 'forward' or just the 
former?



I'd be interested in seeing comments from router vendors on the 
feasibility of the blocking forwarding for type 0 routing headers (but 
not other types).



Would that include packets where the routing header wouldn't be the 
immediate next-header (e.g., you'd put a hop-by-hop header or 
something like that first, only then routing headers)?  That's even 
more difficult as the implementation would need to skip through all of 
them, possibly with a 'lookup depth' of the maximum packet size.



AFAIK, usually the amount of bytes of the header available to ACLs is 
limited, unless you punt the whole packet to the control processor 
which is probably a treatment worse than the disease.


4.  Operations

   Compliant IPv6 hosts and routers which receive IPv6 datagrams
   containing RH0 MUST silently discard those datagrams without further
   processing.


==> is this really 'Operations' or is it really implementation?  I.e., 
are you requiring the network or host operators to do something or the 
implementations?



The same comment as above wrt router vendors.  AFAIK, no core router 
software currently deployed support routing-header type matching (I 
believe some recent Cisco IOS versions, on some platforms, support 
type matching but those are typically deployed at the edges if even 
there yet).  I don't know whether such a change in the ACL lookup 
"depth" would be feasible or not.


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------






















					Reply via email to