Re: Detailed review of draft-ietf-6man-ext-transmit-02
Fernando Gont <fgont@si6networks.com> Wed, 14 August 2013 07:59 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D00621F9798 for <ipv6@ietfa.amsl.com>; Wed, 14 Aug 2013 00:59:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.279
X-Spam-Level:
X-Spam-Status: No, score=-2.279 tagged_above=-999 required=5 tests=[AWL=0.320, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d7gz2qcDUGh4 for <ipv6@ietfa.amsl.com>; Wed, 14 Aug 2013 00:59:37 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id AE80421F996A for <6man@ietf.org>; Wed, 14 Aug 2013 00:59:37 -0700 (PDT)
Received: from ol128-236.fibertel.com.ar ([24.232.236.128] helo=[192.168.1.172]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1V9VzU-0006bj-7s; Wed, 14 Aug 2013 09:59:36 +0200
Message-ID: <520B38E2.3090307@si6networks.com>
Date: Wed, 14 Aug 2013 04:59:30 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: Detailed review of draft-ietf-6man-ext-transmit-02
References: <520AA510.8050409@si6networks.com> <520B0794.3010003@gmail.com>
In-Reply-To: <520B0794.3010003@gmail.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-6man-ext-transmit@tools.ietf.org, "6man@ietf.org" <6man@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2013 07:59:38 -0000
Hi, Brian, On 08/14/2013 01:29 AM, Brian E Carpenter wrote: > > ... >> * Section 2.1: >>> Any forwarding node along an IPv6 packet's path, which forwards the >>> packet for any reason, SHOULD do so regardless of any extension >>> headers that are present, as required by RFC 2460. >> >> I find this particular requirement a bit troublesome. Truth is that many >> devices violate this requirement, and will always will. > > Yes, but the IPv6 design really does require this. That's my point: is that a sensible requirement? For instance, for the time being (Flow Label not used), there's no other way to identify flows than to break this reuirement. > I think the > SHOULD is right, because RFC 2119 says that it means "there > may exist valid reasons in particular circumstances to ignore a > particular item, but the full implications must be understood and > carefully weighed before choosing a different course." That is > a perfectly reasonable choice for the person managing a firewall > to make, but it doesn't change the IPv6 design assumption. I have no issues with this. -- Although I'd note that this text gives the idea that processing the extesion header chain is more an exception than a rule. >> * Section 4: >>> This list excludes both type 59, No Next Header, [RFC2460], which is >>> not an extension header as such, and type 139, HIP, [RFC5201], which >>> is experimental. >> >> If RFC5201 specifies an extension header, why shouldn't it be listed in >> the registry? (Disclaimer: I haven't even looked at RFC5201... so I >> might be missing something). > > This is a bit tricky. If HIP was a standards-track protocol it would > be easy, but since it's experimental, it really doesn't seem realistic > to hint that firewalls should allow it by default. So the question here is: 1) Are we creating an IANA registry for Ext Headers or, 2) Are we creating a registry for ext headers that, by default, should be passed? If the former, HIP should be in. If the latter, it shouldn't. Besides, if we imply that HIP should be filtered but they use some specific "Next Header" value (as opposed to 253 or 254), then whatever value is currently used for the HIP ext header will be unusable on the public Internet even if the the document eventually becomes a Proposed Standard. > Maybe we should > change the IANA registry to include the experimental ones, but with > a special tag? (Extension headers 253 and 254 are also tricky, because > they are experimental values defined by a standards track RFC. Go figure!) I think we might be able to do both "1)" and "2)" above by adding a tag along the lines of "not expected in the public Internet"? (with the implication that "it's okay to filter"). Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Detailed review of draft-ietf-6man-ext-transmit-02 Fernando Gont
- Re: Detailed review of draft-ietf-6man-ext-transm… Brian E Carpenter
- Re: Detailed review of draft-ietf-6man-ext-transm… Fernando Gont
- Re: Detailed review of draft-ietf-6man-ext-transm… Brian E Carpenter
- Re: Detailed review of draft-ietf-6man-ext-transm… Fernando Gont
- Re: Detailed review of draft-ietf-6man-ext-transm… Kevin Lahey