Re: I-D Action:draft-ietf-6man-exthdr-01.txt
"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 04 January 2011 17:24 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E4103A6BE0 for <ipv6@core3.amsl.com>; Tue, 4 Jan 2011 09:24:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.524
X-Spam-Level:
X-Spam-Status: No, score=-102.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fn9+aYKLhWTH for <ipv6@core3.amsl.com>; Tue, 4 Jan 2011 09:24:28 -0800 (PST)
Received: from hgblob.mail.tigertech.net (hgblob.mail.tigertech.net [64.62.209.71]) by core3.amsl.com (Postfix) with ESMTP id 5C4E03A6CE0 for <ipv6@ietf.org>; Tue, 4 Jan 2011 09:24:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by hgblob.tigertech.net (Postfix) with ESMTP id B60D43245E97; Tue, 4 Jan 2011 09:26:35 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at hgblob.tigertech.net
Received: from [10.10.10.101] (pool-71-161-50-147.clppva.btas.verizon.net [71.161.50.147]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by hgblob.tigertech.net (Postfix) with ESMTPSA id D2A483245057; Tue, 4 Jan 2011 09:26:34 -0800 (PST)
Message-ID: <4D235845.6040409@joelhalpern.com>
Date: Tue, 04 Jan 2011 12:26:29 -0500
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: I-D Action:draft-ietf-6man-exthdr-01.txt
References: <20101217234501.11691.81147.idtracker@localhost> <AANLkTi=Lr_4zOd=-DrAxic_t_o0MvyOoWPYmiktZZod2@mail.gmail.com> <63416880-97B6-4CE4-864A-1402DA977B5F@tony.li> <AA183326-2E70-4A23-83A7-9F96131ADFF4@tony.li> <4D113364.3050105@ericsson.com> <201101032040.p03KeE86005244@cichlid.raleigh.ibm.com> <4D223EC0.7020906@gmail.com> <4D2242E9.8040804@gont.com.ar> <201101041429.p04ET81p006364@cichlid.raleigh.ibm.com> <4D23563E.7000108@gont.com.ar>
In-Reply-To: <4D23563E.7000108@gont.com.ar>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jan 2011 17:24:29 -0000
Then what about if we forget firewalls for the moment? A lot of routers look for the TCP/UDP Port numbers for LAG/ECMP computation. Many of them can cope with having a destination options extension, and therefore that is clearly the better way to handle such information. And anything we do should make that strong preference clear. Nothing we can do can change the way routers with silicon already deployed handle unknown extension headers. Given that, one option is to just say that new extension headers should not be used. If we think that there will be some new extension headers, that we want to support, designed for the general Internet, then it would seem to make sense to try to get new behavior defined, supported, and then used, that will allow for such extensions. In that case, requiring and documenting the requirement for new extension headers to use TLV encoding would seem to have applicability and utility. Yours, Joel On 1/4/2011 12:17 PM, Fernando Gont wrote: > Hi, Thomas, > > On 04/01/2011 11:29 a.m., Thomas Narten wrote: >>> From the POV of a firewall, unless it really wants a packet to >>> pass-through, it will block it. >> >> I think this is the crux of the problem. firewalls, by default, >> discard stuff. They don't like the idea of allowing unknown or >> "uncommon" things through. Defining new options and expecting >> firewalls to give them a blank check to go through I suspect is >> wishful thinking. >> >> And look at this from the perspective of someone who wants to deploy a >> new option. If 80% of the firewalls allow the new option through, will >> this be good enough for deployment? Doubtful. What about 98% >> cooperation from firewalls? Again, quite possibly not. > > I fully agree with you. > > > >> Unless this document is widely implemented in practice, it's far from >> clear it is useful. > > Whether it's widely deployed is, IMHO, irrelevant. Two cases: > > * The I-D is not deployed (firewalls can't go past new extension > headers). -- but the very presence of the unknown headers is what causes > the fw to block the packets. > * The I-D is deployed. The presence of an "uncommon" extension header > causes the fw to block the packet (even when it could, *if* it wanted go > past the "uncommon" extension header). > > As you correctly stated it, the crux of the problem is that this > document assumes that firewalls are willing to allow stuff that they > don't understand. -- but they aren't. They are meant to only allow stuff > that is needed. > > Thanks,
- I-D Action:draft-ietf-6man-exthdr-01.txt Internet-Drafts
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rosomakho, Yaroslav
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Steven Blake
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Bhatia, Manav (Manav)
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Bhatia, Manav (Manav)
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt james woodyatt
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- draft-ietf-6man-exthdr-01 - Support for adoption Rémi Després