Re: hop-by-hop and router alert options
Iljitsch van Beijnum <iljitsch@muada.com> Thu, 26 August 2004 22:03 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA16709; Thu, 26 Aug 2004 18:03:41 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C0SMR-0000q0-2O; Thu, 26 Aug 2004 18:04:47 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C0SFd-0008MK-5z; Thu, 26 Aug 2004 17:57:45 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C0S6H-0005lN-68 for ietf@megatron.ietf.org; Thu, 26 Aug 2004 17:48:05 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA15620 for <ietf@ietf.org>; Thu, 26 Aug 2004 17:48:02 -0400 (EDT)
Received: from sequoia.muada.com ([83.149.65.1]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C0S7H-0000Ux-0V for ietf@ietf.org; Thu, 26 Aug 2004 17:49:08 -0400
Received: from [127.0.0.1] (sequoia.muada.com [83.149.65.1]) by sequoia.muada.com (8.12.10/8.12.10) with ESMTP id i7QLo1Rd076126; Thu, 26 Aug 2004 23:50:02 +0200 (CEST) (envelope-from iljitsch@muada.com)
In-Reply-To: <Pine.LNX.4.44.0408260814330.10940-100000@netcore.fi>
References: <Pine.LNX.4.44.0408260814330.10940-100000@netcore.fi>
Mime-Version: 1.0 (Apple Message framework v619)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <93A6B402-F7A9-11D8-82BA-000A95CD987A@muada.com>
Content-Transfer-Encoding: 7bit
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Thu, 26 Aug 2004 23:47:50 +0200
To: Pekka Savola <pekkas@netcore.fi>
X-Mailer: Apple Mail (2.619)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
Subject: Re: hop-by-hop and router alert options
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002
Content-Transfer-Encoding: 7bit
On 26-aug-04, at 8:13, Pekka Savola wrote: > But what > I'm really worried about is that IP router alert -like options are > options which a hardware implementation cannot process. An attacker > can just specify an undefined router alert option which forces the > processing to go to the slow path (instead of ASICs etc., it must be > put on the CPU), and overload the processing of the router that way. > That's not good. That can naturally be mitigated by rate-limiting the > IP options to some small value, but such would effectively disable the > processing of options, and require that you're able to match on those > options. In other words, anything which has to be forwarded that > requires CPU processing seems bad to me.. Pekka, please don't worry about this. There are very many things that can happen that require that the CPU look at packets: the hop limit may reach zero, the packet may be addressed to one of the addresses of the router, the packet may be too big for the next hop link... Router vendors are able to cope with this with rate limiting. Really. > Btw, you might be interested that in PMTUD WG session at IETF60 where > Michael Welzl proposed using IP options for PMTUD, Mark Allman (AFAIR) > reminded of someone (him?) conducting tests on how big percentage of > hosts respond or not when there are IP options. Michael's > presentation > (http://www.ietf.org/proceedings/04aug/slides/pmtud-4.pdf) Ok, now this is a VERY stupid idea. I really don't get how such a large collection of smart people can come up with some many stupid ideas. This isn't going to work any better than current PMTUD works. The very obvious only correct way to do PMTUD is for the correspondent to notice incoming fragments and inform the source of the size of the biggest fragments. But that wasn't what we were talking about. > already said that 30% were ignored you completely (not just the IP > option!), It doesn't say, but I'm pretty sure this is IPv4, where options are long dead because they are just too bizarre and hardly used. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- RE: hop-by-hop and router alert options Tschofenig Hannes
- RE: hop-by-hop and router alert options Pekka Savola
- Re: hop-by-hop and router alert options Simon Leinen
- Re: hop-by-hop and router alert options Michael Welzl
- Re: hop-by-hop and router alert options Iljitsch van Beijnum
- Re: hop-by-hop and router alert options Pekka Savola
- RE: hop-by-hop and router alert options Tschofenig Hannes