On 2011-09-27 03:38, John Leslie wrote:
> Brian E Carpenter <[email protected]> wrote:
>> draft-zhang-6man-offset-option-01 proposes an idea for how to make it
>> easier for a node that needs to skip over an IPv6 header chain to do
>> so quickly...
>
> Alas, Brian, this strikes me as a rather bad idea -- introducing
> ambiguity and almost inviting gaming the system so that the same packet
> looks different to a DPI device and the actual destination.
I don't understand that comment. There's no ambiguity in the
packet - it may contain the option, but if it does, the option
isn't ambiguous. Any node is at liberty to ignore it, including
a DPI device that wants to inspect all the headers (which a
paranoid firewall presumably would).
>
> IMHO, any node interested in such details of the payload should be
> prepared to run at wire speed -- with a dedicated pipeline element if
> anyone were so foolish as to perform this in the "backbone".
Why? It's a design tradeoff, and the option suggests a different
tradeoff point.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
