IETF Logo Mail Archive

[Ipsec] draft-ietf-ipsec-rfc2402bis-07.txt ... Suggest moving the "Flow Label" IPv6 base header field to "immutable" and protecting with AH

"John Spence, CCSI, CCNA, CISSP" <jspence@native6.com> Fri, 03 September 2004 15:24 UTC

Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05775 for <ipsec-archive@lists.ietf.org>; Fri, 3 Sep 2004 11:24:57 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C3FmV-0001h3-DP; Fri, 03 Sep 2004 11:15:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C3Fjs-0000uI-6H for ipsec@megatron.ietf.org; Fri, 03 Sep 2004 11:12:32 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05043 for <ipsec@ietf.org>; Fri, 3 Sep 2004 11:12:30 -0400 (EDT)
Received: from www.native6.com ([168.103.150.210] helo=hestia.native6.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C3FmT-0001nd-P3 for ipsec@ietf.org; Fri, 03 Sep 2004 11:15:15 -0400
Received: from JOHNIBMLAPTOP ([10.128.0.99]) (authenticated bits=0) by hestia.native6.com (8.12.8/8.12.8) with ESMTP id i83FBvJ1009422 for <ipsec@ietf.org>; Fri, 3 Sep 2004 08:11:57 -0700
Message-Id: <200409031511.i83FBvJ1009422@hestia.native6.com>
From: "John Spence, CCSI, CCNA, CISSP" <jspence@native6.com>
To: ipsec@ietf.org
Date: Fri, 03 Sep 2004 08:12:00 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcSNfam2Dsakoyr4SbiG3bCN7NIGKwESpyCw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
Content-Transfer-Encoding: 7bit
Subject: [Ipsec] draft-ietf-ipsec-rfc2402bis-07.txt ... Suggest moving the "Flow Label" IPv6 base header field to "immutable" and protecting with AH
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: 7bit

The flow label in IPv6 is chosen by the source node, and must be delivered
to the ultimate destination without having been changed in transit, unlike
the DSCP or ECN QoS-related fields for IPv6.

I suggest, since it is constant end-to-end, the field be moved to
"immutable" and protected by AH.

-------------- from draft-ietf-ipsec-rfc2402bis-07 ----------

3.3.3.1.2.1  Base Header Fields

   The IPv6 base header fields are classified as follows:

   Immutable
             Version
             Payload Length
             Next Header
             Source Address
             Destination Address (without Routing Extension Header)

   Mutable but predictable
             Destination Address (with Routing Extension Header)

   Mutable (zeroed prior to ICV calculation)
             DSCP (6 bits, see RFC2474 [NBBB98])
             ECN (2 bits, see RFC3168 [RFB01])
             Flow Label
             Hop Limit

-------------- from RFC 3697 --------------

2.  IPv6 Flow Label Specification

   The 20-bit Flow Label field in the IPv6 header [IPv6] is used by a
   source to label packets of a flow.  A Flow Label of zero is used to
   indicate packets not part of any flow.  Packet classifiers use the
   triplet of Flow Label, Source Address, and Destination Address fields
   to identify which flow a particular packet belongs to.  Packets are
   processed in a flow-specific manner by the nodes that have been set
   up with flow-specific state.  The nature of the specific treatment
   and the methods for the flow state establishment are out of scope for
   this specification.

   The Flow Label value set by the source MUST be delivered unchanged to
   the destination node(s).

-------------------------------
John Spence, CCSI, CCNA, CISSP
Native6, Inc.
IPv6 Training and Consulting
jspenceNOSPAM@native6.com
www.native6.com
-------------------------------


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email