Re: Death by extension header (was:RE: New Version Notification for draft-li-6man-hbh-fwd-hdr-00.txt)
Gyan Mishra <hayabusagsm@gmail.com> Wed, 15 July 2020 00:42 UTC
Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A3A03A09F0 for <ipv6@ietfa.amsl.com>; Tue, 14 Jul 2020 17:42:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DfSnxGyEpIqo for <ipv6@ietfa.amsl.com>; Tue, 14 Jul 2020 17:42:14 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E81CD3A0990 for <6man@ietf.org>; Tue, 14 Jul 2020 17:42:13 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id t18so446392ilh.2 for <6man@ietf.org>; Tue, 14 Jul 2020 17:42:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Iwtv2sCIToH1BtGDcCsf3am5WlEKDdX15vqcPrwsAag=; b=b+SgaKJ69RbCHPX79wM2jwkPStHBCtm7sZ8SUpMlt3QxncgxgbzFZVhEkwwOqyTmnc rfwBRSa/nvo5vbZIBvctPjxNYmSKAsVUdfzo9QRc+e9oeO224yBTh3g8pwIvkqFC7DDW djYc9kM3YIb6ACTkC9QZd88KGPKCHMwIwGWT0I/apYVBrU4jEZQEx1HBhAxP4eyrnOtW nZv0rDHd8XkEDoTP+Ojww3QSfllwMMEGV/oEVOAaFissvaEqWu4JRJ1rvbEKhHUs/uRc qYWCq0nAGCiJyT/fkcx50blQ4eMCk1jptDe7m4dkzjb0XRcyQdkDalrtWt3lXBOb10+B 5ygg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Iwtv2sCIToH1BtGDcCsf3am5WlEKDdX15vqcPrwsAag=; b=eWf5c7oU8ft2EUPQrzGuZv+HYbej7Atv7kIP4kPX1whrGw2jA7MFNTWDTnQYQU3da/ vXpcrnzm+3WuMhAufhQ/fmSe1SPJC6wnZiv26GCUv9BNjGsUfKPE6uXLG1kYieeEF4Bw wdoBznTvqJkUR2SQn9hihmafS2Uus5FJozDKwday9ozFEq/6EXyVppeZI9UgLvAxzWYH T9NHu87FEQ5jWETr3RaKS30txgSVoiK3CMNmZmUDsZFY3ejnV0g83wvtVM/EukxPPxFV miXEUwFNOLwfoz9zjvjsX2raoL2UxeJerYh/ydH0tNvn5pCM8SjVdFHsuCgzIOsJio9x UKBA==
X-Gm-Message-State: AOAM532T0sa49LoUspXE8hkVNhRu2idLMtNg9fMVF2PTY20/mcuFG01g tK0yXG96t6WTFytX2oL1jt5HPM/PlKRNVQJVu+c=
X-Google-Smtp-Source: ABdhPJy5KteutbGkVzNZwFkcE7lZtjxobM+jSFjoON00Qa6Ff3qhyeGBGNpIabLHMCg4p8Hv9J4LCNyPqbrd7afW+wo=
X-Received: by 2002:a92:dd02:: with SMTP id n2mr7392122ilm.257.1594773733014; Tue, 14 Jul 2020 17:42:13 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB6348708352E1EE4421A61D63AE650@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S34e21BLHRfx+p7agrzzDsx-M-XxB6cZQnWc-d0wqSesRQ@mail.gmail.com> <DM6PR05MB6348BCE5DDB6A8AF52D04FFAAE650@DM6PR05MB6348.namprd05.prod.outlook.com> <20200713191832.GC38490@faui48f.informatik.uni-erlangen.de> <CALx6S34TzXzHY1SK7te6-bcxO8V=kE1+o1AjL2S2oAPVTNbTBg@mail.gmail.com> <4278D47A901B3041A737953BAA078ADE19160AFC@DGGEML532-MBX.china.huawei.com> <CABNhwV1w0JS0Rz-8KWUGAZ8o577=ciWgVXn9SLxS-sA5mjsRHA@mail.gmail.com> <20200714073612.GM38490@faui48f.informatik.uni-erlangen.de> <CABNhwV1m4HzsqXqVbDA3m3EsAPO8PtyKzbxfkbvY8mPJfE+GfA@mail.gmail.com> <493ccd5c-03ee-42f6-8aba-e3f61207dde6@Spark>
In-Reply-To: <493ccd5c-03ee-42f6-8aba-e3f61207dde6@Spark>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Tue, 14 Jul 2020 20:42:01 -0400
Message-ID: <CABNhwV03C-+RgKaYtgvvzXAPi1=QTZ-x71FFBRPVPofKp6H1jw@mail.gmail.com>
Subject: Re: Death by extension header (was:RE: New Version Notification for draft-li-6man-hbh-fwd-hdr-00.txt)
To: Jeff Tantsura <jefftant.ietf@gmail.com>
Cc: "6man@ietf.org" <6man@ietf.org>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Toerless Eckert <tte@cs.fau.de>
Content-Type: multipart/alternative; boundary="000000000000da814205aa70314f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/kmxfPXXIlwgILc8TEjBHrrm3waU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2020 00:42:19 -0000
Yep agreed. On Tue, Jul 14, 2020 at 8:04 PM Jeff Tantsura <jefftant.ietf@gmail.com> wrote: > slow path usually means - punted to the central CPU (that runs control > plane) > > Cheers, > Jeff > On Jul 14, 2020, 5:01 PM -0700, Gyan Mishra <hayabusagsm@gmail.com>, > wrote: > > Sorry I was thinking “cisco fast switching” > > My fault I am good with those fast and slow and agree that is industry > standard nomenclature. > > Fast path = line rate processing in hardware data plane path > > Slow path = requires extra NPU control plane packet processing and is > processed In software and can impact control plane > > > > On Tue, Jul 14, 2020 at 3:36 AM Toerless Eckert <tte@cs.fau.de> wrote: > >> Hi Gyan, >> >> On Tue, Jul 14, 2020 at 02:37:12AM -0400, Gyan Mishra wrote: >> > >From a historical perspective the slow path and fast path has some >> vendor >> > connotations into it ???cxxxx???. >> >> I think its used pretty consistently throughout the industry. >> If you have an example of a router that has something other vendors >> would call slowpath but calls it differently, i would be interested to >> know such alternative terms. >> >> > I think any document within the IETF should stay clear of anything >> that is >> > a vendor terminology. >> >> Definitely agreed if something is really specific to a subset of vendors >> instead of the most widely used term. I think its the most widely used >> term.. > > >> >> > The concept of ???punt??? meanIng send to control plane also has vendor >> > connotation and should not be used. >> >> I think the same applies here as what i said above for slow/fast path. >> >> Btw: these are just comments about my best understanding about >> terminology. >> Not an endorsement to base any upcoming work on those terms. I already >> sent emails as to the opposite. >> >> > I personally like control plane and data plane processing of extension >> > headers. >> >> Do you have a good definition for control-plane and data-plane processing >> ? >> E.g.: inband-signaling, is that decidedly control-plane for data-plane >> to you ? >> >> Cheers >> Toerless >> >> > Gyan >> > >> > On Mon, Jul 13, 2020 at 11:35 PM Pengshuping (Peng Shuping) < >> > pengshuping@huawei.com> wrote: >> > >> > > >> > > >> > > > -----Original Message----- >> > > > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Tom Herbert >> > > > Sent: Tuesday, July 14, 2020 3:31 AM >> > > > To: Toerless Eckert <tte@cs.fau.de> >> > > > Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>; >> 6man@ietf.org >> > > > Subject: Re: Death by extension header (was:RE: New Version >> Notification >> > > > for draft-li-6man-hbh-fwd-hdr-00.txt) >> > > > >> > > > On Mon, Jul 13, 2020 at 12:18 PM Toerless Eckert <tte@cs.fau.de> >> wrote: >> > > > > >> > > > > And now find me any single IETF RFC that even uses the term >> slow-path >> > > > > and fast-path to formalize requirements against them. We are just >> not >> > > > > explicit enough about this. Hence my example of redooing >> router-alert >> > > > > as the most simple example. Not that i think this would be most >> > > > > important, but just to make the community consider that we need >> to be >> > > > > more diligent about protocol specs in this respect. >> > > > > >> > > > >> > > > Toerless, >> > > > >> > > > I wouldn't expect any IETF to use the term "slow path" and "fast >> path". >> > > RFCs >> > > > tend to describe protocol behavior and generally themselves don't >> care >> > > > whether they are processed in a slow path or fast path as long as >> the >> > > > external behavior is conformant. If you want to make these terms >> > > explicit it >> > > > seems like we would need to quantify in exact terms what a slow >> path is >> > > and >> > > > exactly what a fast path is-- that is, they need normative >> definitions >> > > if we are >> > > > to set normative requirements around them. >> > > >> > > But do we still need to differentiate "control plane" and "forwarding >> > > plane"? The processing capability in bps and pps of the two planes are >> > > different, so the corresponding terms are used as "slow path" and >> "fast >> > > path", respectively. >> > > >> > > There are some HBH options such as RA* that carry the information that >> > > need to be consumed by the "control plane", so they will be sent to >> the >> > > "control plane" anyway. While other HBH options carry the information >> that >> > > will not be consumed by the "control plane" but still sent to the >> "control >> > > plane" / "slow path", which cause problems. >> > > >> > > * >> > > >> https://www.iana.org/assignments/ipv6-routeralert-values/ipv6-routeralert-values.xhtml#ipv6-routeralert-values-1 >> > > >> > > Shuping >> > > >> > > > >> > > > Tom >> > > > >> > > > > Some maximum amount of fast-path extensions is already in specs >> as an >> > > > > example, but it too is not comprehensive enough to feel more >> confident >> > > > > about safe extensibility. >> > > > > >> > > > > And we need to break free of the rfc8200 constraints whenever we >> > > > > deploy the network protocol in controlled networks. rfc8200 is >> such a >> > > > > career limiter when comparing IPv6 with MPLS for this type of >> > > > > use-cases. Not to speak of the unnecessary long addresses. >> > > > > >> > > > > Oh well... >> > > > > >> > > > > Cheers >> > > > > Toerless >> > > > > >> > > > > On Fri, Jul 10, 2020 at 06:43:59PM +0000, Ron Bonica wrote: >> > > > > > Tom, >> > > > > > >> > > > > > Given that you parse the extension header chain on the fast >> path, HBH >> > > > and destination options can be categorized as follows: >> > > > > > >> > > > > > 1) unrecognized (ACT 00, 01, 10, and 11) >> > > > > > 2) recognized and processed on the fast path >> > > > > > 3) recognized and processed on the slow path >> > > > > > >> > > > > > Types 1 and 2 cannot be used in a DoS attack, because they are >> never >> > > > sent to the slow path. Type 3 is the dangerous one. >> > > > > > >> > > > > > I think that an implementation is safe if it only recognizes >> options >> > > that it >> > > > can process on the fast path. It may also be safe if it severely >> rate >> > > limits >> > > > packets as it sends them to the slow path. >> > > > > > >> > > > > > >> > > > > > Ron >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > Juniper Business Use Only >> > > > > > >> > > > > > -----Original Message----- >> > > > > > From: Tom Herbert <tom@herbertland.com> >> > > > > > Sent: Friday, July 10, 2020 2:29 PM >> > > > > > To: Ron Bonica <rbonica@juniper.net> >> > > > > > Cc: Pengshuping (Peng Shuping) <pengshuping@huawei.com>; >> > > > > > 6man@ietf.org >> > > > > > Subject: Re: Death by extension header (was:RE: New Version >> > > > > > Notification for draft-li-6man-hbh-fwd-hdr-00.txt) >> > > > > > >> > > > > > [External Email. Be cautious of content] >> > > > > > >> > > > > > >> > > > > > On Fri, Jul 10, 2020 at 11:18 AM Ron Bonica < >> rbonica@juniper.net> >> > > > wrote: >> > > > > > > >> > > > > > > Tom, >> > > > > > > >> > > > > > > I am forking a new thread since this is not directly related >> to >> > > Shuping's >> > > > draft. >> > > > > > > >> > > > > > > Any variable length extension header can be used in a DoS >> attack. >> > > So, if >> > > > a node encounters a packet that satisfies any of the following >> criteria, >> > > it >> > > > should discard the packet and send an ICMP message as described in >> > > > >> > > >> https://urldefense.com/v3/__https://tools.ietf.org/html/draft-herbert-6ma >> > > > n-icmp-limits-03__;!!NEt6yMaO-gk!XnKPvkz9vBtVNlSCx0SqcojVpo2uBgeSDJ >> > > > zZEJa2fLd1NTKb53H0w3Ue2Xxv7iGB$ . >> > > > > > > >> > > > > > > - The extension header chain is longer than the node can >> process >> > > > > > > - An individual extension header is longer than the node can >> > > > > > > process >> > > > > > > - The total number of options contained by all instances of >> the >> > > HBH and >> > > > Destination Options header exceeds the number or options that the >> node >> > > > can process. >> > > > > > > >> > > > > > >> > > > > > Ron, >> > > > > > >> > > > > > Right, those are the ICMP errors for the allowance to drop or >> ignore >> > > > extension headers in section 5.3 of RFC8504, there's also default >> limits >> > > > suggested in that doc. Do you think this is sufficient in routers >> to get >> > > past the >> > > > DOS concern? >> > > > > > >> > > > > > Tom >> > > > > > >> > > > > > > >> > > > > > > Ron >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > Juniper Business Use Only >> > > > > > > >> > > > > > > -----Original Message----- >> > > > > > > From: Tom Herbert <tom@herbertland.com> >> > > > > > > Sent: Friday, July 10, 2020 1:13 PM >> > > > > > > To: Ron Bonica <rbonica@juniper.net> >> > > > > > > Cc: Pengshuping (Peng Shuping) <pengshuping@huawei.com>; >> > > > > > > 6man@ietf.org >> > > > > > > Subject: Re: New Version Notification for >> > > > > > > draft-li-6man-hbh-fwd-hdr-00.txt >> > > > > > > >> > > > > > > [External Email. Be cautious of content] >> > > > > > > >> > > > > > > >> > > > > > > On Fri, Jul 10, 2020 at 7:59 AM Ron Bonica >> > > > <rbonica=40juniper.net@dmarc.ietf.org> wrote: >> > > > > > > > >> > > > > > > > Peng, >> > > > > > > > >> > > > > > > > While your solution may require refinement, I think that >> you have >> > > > latched on to a problem that needs to be solved. HBH Options, as >> they >> > > were >> > > > originally conceived in RFC 1883, are very useful. >> > > > > > > > >> > > > > > > > When IPv6 was first implemented on high-speed routers (circa >> > > 2000), >> > > > HBH options were not yet well-understood and ASICs were not so >> capable as >> > > > they are today. So, early IPv6 implementation dispatched all packet >> that >> > > > contain HBH options to their slow path. In these implementations, a >> large >> > > > flow of IPv6 packets could congest the slow path, causing other >> critical >> > > > functions that are executed on the slow path to fail. These critical >> > > functions >> > > > include routing and network management. >> > > > > > > > >> > > > > > > > To mitigate this DoS vulnerability, many operators deployed >> > > Access >> > > > Control Lists (ACLs) that discard all packets containing HBH >> Options. >> > > This >> > > > introduced a circular problem: >> > > > > > > > >> > > > > > > > - An implementation problem caused HBH to become a DoS >> vector >> > > > > > > > - Because HBH was a DoS vector, network operators deployed >> ACLs >> > > > > > > > that discard packets containing HBH >> > > > > > > > - Because network operators deployed ACLs that discard >> packets >> > > > > > > > containing HBH, network designers stopped defining new HBH >> > > > > > > > Options >> > > > > > > > - Because network designers stopped defining new HBH >> Options, >> > > > > > > > the community was not motivated to fix the implementation >> > > > > > > > problem that cause HBH to become a DoS vector >> > > > > > > > >> > > > > > > > If we can fix the implementation problem that caused HBH to >> > > > become a DoS vector, we can break this cycle and start using HBH >> Options. >> > > > > > > > >> > > > > > > Ron, >> > > > > > > >> > > > > > > I think there were "protocol problems" in the original design >> of >> > > HBH. >> > > > > > > The requirement that _all_ routers in the path process >> Hop-by-Hop >> > > > options was in retrospect too austere, and the possibility that an >> > > attacker >> > > > could stuff a packet with hundreds of bogus options, only limited >> by MTU, >> > > > was, again in retrospect, a pretty obvious DOS vector. >> > > > > > > I believe these problems have been addressed in RFC8200 and >> > > > RFC8504. >> > > > > > > We certainly welcome the feedback from router vendors whether >> these >> > > > mitigations are sufficient to make HBH options deployable. >> > > > > > > >> > > > > > > Tom >> > > > > > > >> > > > > > > > > Let's continue to work on a solution.. > > >> > > > > > > > >> > > > > > > > >> > > > Ron >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > Juniper Business Use Only >> > > > > > > > >> > > > > > > > -----Original Message----- >> > > > > > > > From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Pengshuping >> > > > > > > > (Peng >> > > > > > > > Shuping) >> > > > > > > > Sent: Thursday, July 2, 2020 12:07 PM >> > > > > > > > To: 6man@ietf.org >> > > > > > > > Subject: FW: New Version Notification for >> > > > > > > > draft-li-6man-hbh-fwd-hdr-00.txt >> > > > > > > > >> > > > > > > > [External Email. Be cautious of content] >> > > > > > > > >> > > > > > > > >> > > > > > > > Hi Folks, >> > > > > > > > >> > > > > > > > We have just uploaded a new draft aiming to analyze and >> tackle >> > > the >> > > > issues faced by the Hop-by-Hop Options Header, which has been >> sparsely >> > > > used without any form of large scale deployment. >> > > > > > > > >> > > > > > > > However, as IPv6 is being rapidly and widely deployed >> worldwide, >> > > > more and more new services that requires hop-by-hop forwarding >> process >> > > > behavior are emerging, and also the already defined over ten HBH >> Options >> > > > are going to be used widely in practice. >> > > > > > > > >> > > > > > > > We look forward to hearing your feedback and comments, and >> try to >> > > > release the benefits that could be provided by HBH Options header >> > > > altogether. >> > > > > > > > >> > > > > > > > Best regards, >> > > > > > > > Shuping >> > > > > > > > >> > > > > > > > -----Original Message----- >> > > > > > > > From: internet-drafts@ietf.org [mailto: >> internet-drafts@ietf.org] >> > > > > > > > Sent: Thursday, July 2, 2020 11:31 PM >> > > > > > > > To: Lizhenbin <lizhenbin@huawei.com>; Pengshuping (Peng >> Shuping) >> > > > > > > > <pengshuping@huawei.com <pengshuping@huawei..com>> >> > > > > > > > Subject: New Version Notification for >> > > > > > > > draft-li-6man-hbh-fwd-hdr-00.txt >> > > > > > > > >> > > > > > > > >> > > > > > > > A new version of I-D, draft-li-6man-hbh-fwd-hdr-00.txt has >> been >> > > > successfully submitted by Shuping Peng and posted to the IETF >> repository. >> > > > > > > > >> > > > > > > > Name: draft-li-6man-hbh-fwd-hdr >> > > > > > > > Revision: 00 >> > > > > > > > Title: Hop-by-Hop Forwarding Options Header >> > > > > > > > Document date: 2020-07-03 >> > > > > > > > Group: Individual Submission >> > > > > > > > Pages: 10 >> > > > > > > > URL: >> > > > >> > > >> https://urldefense.com/v3/__https://www.ietf.org/internet-drafts/draft-li-6 >> > > > man-hbh-fwd-hdr-00.txt__;!!NEt6yMaO-gk!QoInpMGHwaC7LsKAVISa9A00d >> > > > bzuCmO7S4CG2fZYHGYeOXYwVmtNTFnzgB-bqLrg$ >> > > > > > > > Status: >> > > > >> > > >> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-li-6man- >> > > > hbh-fwd-hdr/__;!!NEt6yMaO-gk!QoInpMGHwaC7LsKAVISa9A00dbzuCmO7S >> > > > 4CG2fZYHGYeOXYwVmtNTFnzgM5iPE22$ >> > > > > > > > Htmlized: >> > > > >> > > >> https://urldefense.com/v3/__https://tools.ietf.org/html/draft-li-6man-hbh-f >> > > > wd-hdr-00__;!!NEt6yMaO-gk!QoInpMGHwaC7LsKAVISa9A00dbzuCmO7S4C >> > > > G2fZYHGYeOXYwVmtNTFnzgPvsH43l$ >> > > > > > > > Htmlized: >> > > > >> > > >> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-li- >> > > > 6man-hbh-fwd-hdr__;!!NEt6yMaO-gk!QoInpMGHwaC7LsKAVISa9A00dbzuC >> > > > mO7S4CG2fZYHGYeOXYwVmtNTFnzgBQxbwZb$ >> > > > > > > > >> > > > > > > > >> > > > > > > > Abstract: >> > > > > > > > RFC8200 specifies the HBH header that is assumed to be >> > > > processed by >> > > > > > > > each hop in the delivery path of the packet. However, >> RFC8200 >> > > > also >> > > > > > > > expects that nodes processing the HBH header have been >> > > > explicitly >> > > > > > > > configured to do so. Therefore, it cannot be assumed >> that a >> > > > HBH >> > > > > > > > header present in the packet is processed. It all >> depends on >> > > the >> > > > > > > > configuration of each node across the path. Moreover, >> in most >> > > > of >> > > > > > > > networks today, the processing of the HBH header is done >> in >> > > the >> > > > > > > > control plane (slow processing path) which incurs several >> > > > limitations >> > > > > > > > among which resources consumption and security risk. >> > > > > > > > >> > > > > > > > For these reasons, over time, the Hop-by-Hop Options >> header >> > > > has been >> > > > > > > > sparsely used without any form of large scale deployment. >> > > Also, >> > > > most >> > > > > > > > of already defined HBH options are forwarding options >> which >> > > > contain >> > > > > > > > forwarding plane information that needs not to be sent >> to the >> > > > control >> > > > > > > > plane. >> > > > > > > > >> > > > > > > > This document proposes a new Hop-by-Hop Forwarding >> Options >> > > > Header in >> > > > > > > > order to carry Hop-by-Hop options that are solely >> intended to >> > > > and >> > > > > > > > processed by the forwarding plane. This new HBH header >> is >> > > > confined >> > > > > > > > in and dedicated to the forwarding plane while the >> current HBH >> > > > header >> > > > > > > > can still be used for control plane options. >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > Please note that it may take a couple of minutes from the >> time of >> > > > submission until the htmlized version and diff are available at >> > > tools.ietf.org. >> > > > > > > > >> > > > > > > > The IETF Secretariat >> > > > > > > > >> > > > > > > > >> > > > > > > > >> ---------------------------------------------------------------- >> > > > > > > > ---- IETF IPv6 working group mailing list ipv6@ietf.org >> > > > > > > > Administrative >> > > > > > > > Requests: >> > > > > > > > >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinf >> > > > > > > > o/ip >> > > > > > > > v6 >> > > > > > > > >> > > > __;!!NEt6yMaO-gk!QoInpMGHwaC7LsKAVISa9A00dbzuCmO7S4CG2fZYHGYe >> > > > OXY >> > > > > > > > wVmt >> > > > > > > > NT >> > > > > > > > FnzgEBbFhyl$ >> > > > > > > > >> ---------------------------------------------------------------- >> > > > > > > > ---- >> > > > > > > > >> > > > > > > > >> ---------------------------------------------------------------- >> > > > > > > > ---- IETF IPv6 working group mailing list ipv6@ietf.org >> > > > > > > > Administrative >> > > > > > > > Requests: >> > > > > > > > >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinf >> > > > > > > > o/ip >> > > > > > > > v6 >> > > > > > > > >> > > > __;!!NEt6yMaO-gk!Qu9y9Ou2SvlYIZjMQa3hBXcu08HG3W4BBIcFoOHCfp41H >> > > > tk >> > > > > > > > dIYu >> > > > > > > > Ds >> > > > > > > > XM8uyxPWt9N$ >> > > > > > > > >> ---------------------------------------------------------------- >> > > > > > > > ---- >> > > > > > >> -------------------------------------------------------------------- >> > > > > > IETF IPv6 working group mailing list ipv6@ietf.org >> Administrative >> > > > > > Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> > > > > > >> -------------------------------------------------------------------- >> > > > > >> > > > > -- >> > > > > --- >> > > > > tte@cs.fau.de >> > > > >> > > > -------------------------------------------------------------------- >> > > > IETF IPv6 working group mailing list >> > > > > ipv6@ietf..org <ipv6@ietf.org> > > >> > > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> > > > -------------------------------------------------------------------- >> > > >> > > -------------------------------------------------------------------- >> > > IETF IPv6 working group mailing list >> > > ipv6@ietf.org >> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> > > -------------------------------------------------------------------- >> > > >> > -- >> > >> > <http://www.verizon.com/> >> > >> > *Gyan Mishra* >> > >> > *Network Solutions A**rchitect * >> > >> > >> > >> > *M 301 502-134713101 Columbia Pike *Silver Spring, MD >> >> -- >> --- >> tte@cs.fau.de >> > -- > > <http://www.verizon.com/> > > *Gyan Mishra* > > *Network Solutions A**rchitect * > > > > *M 301 502-1347 13101 Columbia Pike > <https://www.google.com/maps/search/13101+Columbia+Pike+Silver+Spring,+MD?entry=gmail&source=g> *Silver > Spring, MD > <https://www.google.com/maps/search/13101+Columbia+Pike+Silver+Spring,+MD?entry=gmail&source=g> > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > -- <http://www.verizon.com/> *Gyan Mishra* *Network Solutions A**rchitect * *M 301 502-134713101 Columbia Pike *Silver Spring, MD
- Death by extension header (was:RE: New Version No… Ron Bonica
- Re: Death by extension header (was:RE: New Versio… Tom Herbert
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- RE: Death by extension header (was:RE: New Versio… Ron Bonica
- Re: Death by extension header (was:RE: New Versio… Tom Herbert
- Re: Death by extension header (was:RE: New Versio… Warren Kumari
- RE: Death by extension header (was:RE: New Versio… Ron Bonica
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- Re: Death by extension header (was:RE: New Versio… Fernando Gont
- Re: Death by extension header (was:RE: New Versio… Fernando Gont
- Re: Death by extension header (was:RE: New Versio… Tom Herbert
- Re: Death by extension header (was:RE: New Versio… Fernando Gont
- Re: Death by extension header (was:RE: New Versio… Tom Herbert
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- Re: Death by extension header (was:RE: New Versio… Tom Herbert
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- Re: Death by extension header Fernando Gont
- Re: Death by extension header (was:RE: New Versio… Fernando Gont
- Re: Death by extension header Tom Herbert
- RE: Death by extension header (was:RE: New Versio… Ron Bonica
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- RE: Death by extension header (was:RE: New Versio… Pengshuping (Peng Shuping)
- Re: Death by extension header (was:RE: New Versio… Gyan Mishra
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- RE: Death by extension header (was:RE: New Versio… Jakob Heitz (jheitz)
- Re: Death by extension header (was:RE: New Versio… Tom Herbert
- Re: Death by extension header Joel M. Halpern
- Re: Death by extension header (was:RE: New Versio… Robert Raszuk
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- Re: Death by extension header (was:RE: New Versio… Toerless Eckert
- Re: Death by extension header (was:RE: New Versio… Gyan Mishra
- Re: Death by extension header (was:RE: New Versio… Jeff Tantsura
- Re: Death by extension header Brian E Carpenter
- Re: Death by extension header (was:RE: New Versio… Gyan Mishra
- Re: Death by extension header Toerless Eckert
- Re: Death by extension header (was:RE: New Versio… Philip Homburg
- Re: Death by extension header Nick Hilliard
- Re: Death by extension header (was:RE: New Versio… Robert Raszuk
- Re: Death by extension header Toerless Eckert
- Re: Death by extension header Toerless Eckert