[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Experiences with IPv6 and Routing Efficiency

Subject: Experiences with IPv6 and Routing Efficiency
From: saku at ytti.fi (Saku Ytti)
Date: Sun, 19 Jan 2014 19:05:08 +0200
In-reply-to: <[email protected]>
References: <CAHDzDLA=O9f7si6VZiZyr=B+HShvW0eztYPExNd7fPuhmE3-tw@mail.gmail.com> <[email protected]> <CAHDzDLAvCUu1+MJLWpF8M66OnZHkudZ1HXVk5cZOT09Zm3Jdnw@mail.gmail.com> <[email protected]>

On (2014-01-19 16:11 +0000), Nick Hilliard wrote:

> attacks for hardware-forwarded routers, so generally the only sensible
> option is to drop packets with long EH chains.

I think sensible is to handle HW when possible and punt rate-limited when
must. Dropping standard compliant data seems dubious at best.

Now should it be standard complaint?

http://tools.ietf.org/html/draft-ietf-6man-oversized-header-chain-09 is
looking to restrict EH more, I contacted authors, hoping even more limitation
than what it currently suggests, they thought 6man would never accept as
strict limits as I suggested.
My suggestion is that IP + EH (not L4) SHOULD NOT span over 128B and
implementation MAY drop frames with larger headers.

-- 
  ++ytti

Follow-Ups:
- Experiences with IPv6 and Routing Efficiency
  - From: joelja at bogus.com (joel jaeggli)

References:
- Experiences with IPv6 and Routing Efficiency
  - From: mukom.tamon at gmail.com (Mukom Akong T.)
- Experiences with IPv6 and Routing Efficiency
  - From: nick at foobar.org (Nick Hilliard)
- Experiences with IPv6 and Routing Efficiency
  - From: mukom.tamon at gmail.com (Mukom Akong T.)
- Experiences with IPv6 and Routing Efficiency
  - From: nick at foobar.org (Nick Hilliard)

Prev by Date: Experiences with IPv6 and Routing Efficiency
Next by Date: Experiences with IPv6 and Routing Efficiency
Previous by thread: Experiences with IPv6 and Routing Efficiency
Next by thread: Experiences with IPv6 and Routing Efficiency
Index(es):
- Date
- Thread