Re: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard
Ole Troan <otroan@employees.org> Wed, 09 October 2013 17:31 UTC
Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EA2621E815F; Wed, 9 Oct 2013 10:31:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wk4hj0wrUEbF; Wed, 9 Oct 2013 10:31:23 -0700 (PDT)
Received: from banjo.employees.org (banjo.employees.org [IPv6:2001:1868:205::19]) by ietfa.amsl.com (Postfix) with ESMTP id 9411A21E8149; Wed, 9 Oct 2013 10:31:16 -0700 (PDT)
Received: from dhcp-10-61-106-139.cisco.com (173-38-208-169.cisco.com [173.38.208.169]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: otroan) by banjo.employees.org (Postfix) with ESMTPSA id 2665B6002; Wed, 9 Oct 2013 10:31:13 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_D6F7732C-6360-4A9A-8B7E-20A0DFE08AEA"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard
From: Ole Troan <otroan@employees.org>
In-Reply-To: <2134F8430051B64F815C691A62D9831811EE66@XCH-BLV-504.nw.nos.boeing.com>
Date: Wed, 09 Oct 2013 19:31:10 +0200
Message-Id: <E29381FD-C839-4DBA-8711-3A4EBA83E379@employees.org>
References: <20131002185522.20697.96027.idtracker@ietfa.amsl.com> <2134F8430051B64F815C691A62D9831811AEFC@XCH-BLV-504.nw.nos.boeing.com> <2134F8430051B64F815C691A62D9831811BDD3@XCH-BLV-504.nw.nos.boeing.com> <9300F272-E282-41C3-9DA8-59134B975FC7@employees.org> <9e33a47bb2834c15ba4269ae8c79c46f@BLUPR05MB433.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D9831811EB23@XCH-BLV-504.nw.nos.boeing.com> <D1F5CE61-253E-4F07-AED1-4A4AB4C4AB68@employees.org> <2134F8430051B64F815C691A62D9831811EE66@XCH-BLV-504.nw.nos.boeing.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
X-Mailer: Apple Mail (2.1510)
Cc: "ipv6@ietf.org" <ipv6@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 17:31:24 -0000
Fred, >>>> -----Original Message----- >>>> From: Ronald Bonica [mailto:rbonica@juniper.net] >>>> Sent: Tuesday, October 08, 2013 5:46 PM >>>> To: Ole Troan; Templin, Fred L >>>> Cc: ipv6@ietf.org; ietf@ietf.org >>>> Subject: RE: Last Call: <draft-ietf-6man-oversized-header-chain- >> 08.txt> >>>> (Implications of Oversized IPv6 Header Chains) to Proposed Standard >>>> >>>> I agree with Ole. >>> >>> How so? A tunnel that crosses a 1280 MTU link MUST fragment >>> in order to satisfy the IPv6 minMTU. If it must fragment, then >>> an MTU-length IPv6 header chain would not fit within the first >>> fragment, and we have opened an attack vector against tunnels. >>> This is not a matter to be agreed or disagreed with - it is >>> a simple fact. >> >> right, and RFC2460 has this to say about it: >> >> IPv6 requires that every link in the internet have an MTU of 1280 >> octets or greater. On any link that cannot convey a 1280-octet >> packet in one piece, link-specific fragmentation and reassembly must >> be provided at a layer below IPv6. > > Very true. In this case, the "link" is the tunnel and the "link-specific > fragmentation" is IPv6 fragmentation. Which places the first part of an > MTU-length IPv6 header chain in the first fragment and the remainder of > the header chain in the second fragment. indeed. which would violate the MUST in oversized-header-chain. what do we do? a) ignore this particular corner case b) suggest the tunnel head end to drop the packet c) develop a new tunnel segmentations scheme that doesn't depend on IPv6 fragmentation. :-) cheers, Ole
- Last Call: <draft-ietf-6man-oversized-header-chai… The IESG
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ole Troan
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Ronald Bonica
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ole Troan
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ole Troan
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: RE: Last Call: <draft-ietf-6man-oversized-hea… Ray Hunter
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: RE: Last Call: <draft-ietf-6man-oversized-hea… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ray Hunter
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Ronald Bonica
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ray Hunter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ray Hunter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ole Troan
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L