Ole, > What would you even do with EHs through a load balancer? I think a load balancer should pass EHs from the origin or destination through unchanged or undropped. I, being a developer myself, can think of some quite unfortunate actions which could occur if this is not done. It should not be the job of a load balancer to act as a firewall -- unless that is explicit. Load balancers should not be dropping packets which contain EH. It is interesting though, some people appear to call a device a "load balancer" when it is really acting as a proxy. Thanks,
Nalini Elkins CEO and Founder Inside Products, Inc. www.insidethestack.com (831) 659-8360 On Monday, May 22, 2023 at 10:09:38 AM PDT, Ole Troan <[email protected]> wrote: Nalini, > > Once bugs are fixed, then we need to consider carefully what BCP around EHs > should be done, taking into account various common topologies as well as > devices such as proxies and load balancers. I mention those in particular as > what we have found points to those devices in particular as posing problems > rather than transit networks. I look at load balancers as an extension of the application (or network function). Unless the application had a particular use for a extension header I would not implement it. And that’s with an implementors hat on. Writing custom load-balancers for network services. What would you even do with EHs through a load balancer? Provide ALGs for EHs containing addresses inside of them? It would have to be on a case by case basis. > Of course, our testing to date is absolute lack of transmission rather than > lack of transmission based on EH length or type. We felt that was the > logical first step. O.
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
