Hi Arturo, at first, thanks for your reply.
2011/6/16 Arturo Servin <[email protected]>: > Jean-Michel, > > On 16 Jun 2011, at 14:13, Jean-Michel Combes wrote: > [snip] >> >> o draft-gont-6man-nd-extension-headers >> >> IMHO, this is not a good idea to forbid the use of IPv6 extension with >> NDP messages, especially when the reason is partially based on >> implementation issues (i.e. the implementation is not able to process >> an IPv6 packet): today, there is no real use of Extension header with >> NDP but, tomorrow, if we need such an use for a solution, what will >> happen? > > See below > >> Regarding the fragmentation, is it not possible for the RA-Guard >> device to reassemble the fragments and so to be able to check whether >> this a RA message or not? > > It's possible, perhaps. But the trade-off is to much IMHO. Forcing a > L2 device to inspect every packet and re-asemble them is unfeasible or too > expensive (similar for a more intelligent device listening for every packet > in the network looking for rogue RAs). The same for extension headers in NDP, > we are not using it today, may be we will, but the trade-off to have it "just > in case" is too much. > Why is this unfeasible? Again an implementation issue? Why is it too expensive? Memory issue? CPU issue? Something else? Best regards. JMC. -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
