IETF Logo Mail Archive

[OPSEC] Intdir last call review of draft-ietf-opsec-ipv6-eh-filtering-08

Tim Chown via Datatracker <noreply@ietf.org> Wed, 14 July 2021 15:24 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: opsec@ietf.org
Delivered-To: opsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D3FB3A1EBF; Wed, 14 Jul 2021 08:24:34 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Tim Chown via Datatracker <noreply@ietf.org>
To: int-dir@ietf.org
Cc: draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, last-call@ietf.org, opsec@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.34.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <162627627419.7903.7002704723951798048@ietfa.amsl.com>
Reply-To: Tim Chown <tim.chown@jisc.ac.uk>
Date: Wed, 14 Jul 2021 08:24:34 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/8lw1FK6NM5jlNQNR9fV2eWf4Jwc>
Subject: [OPSEC] Intdir last call review of draft-ietf-opsec-ipv6-eh-filtering-08
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 15:24:35 -0000

Reviewer: Tim Chown
Review result: Ready with Nits

Hi,

This draft provides an analysis of IPv6 Extension Headers and Options,
discusses the implications of discarding packets containing them, and makes
recommendations on configurable filtering policy for each EH and Option for
transit routers.

I have followed the development of this draft, though not in great detail, and
was a co-author of RFC7872 on “Observations on the Dropping of Packets with
IPv6 Extension Headers in the Real World”, two other authors of which are the
authors of this document.  So I have familiarity with this strand of work.

Overall I consider this document is Ready with Nits.

General comments:

The publication of IETF guidance in the area of IPv6 EH and Option
handling/filtering, and speculation on the reasons behind the drops observed in
RFC7872, has been somewhat controversial in the 6man and v6ops WGs.  However,
having had the observations published some time ago (separate to any
recommendations), I would agree that it is now timely to publish this
Informational document as it provides what I’d consider good guidance.

The summary of existing EHs and Options presented in this draft is useful in
itself.  The style and format of the document is really nice, easy to follow,
and well-written.

I notice RFC6564 isn’t mentioned, should it be?

Specific comments:

P.3
“Since various protocols may use IPv6 EHs”
It would be really nice to have a list of such protocols included in the
document, so those choosing to set and implement policy can more clearly
understand the impact of that policy. This comment also applies to 3.4.1.4 (p.9)

P.4
“All standard IPv6 EHs”
Do you mean the list in Table 1 here?

“With respect to operational configurations”
Perhaps say “policy” here as it is policy that provides the rationale for not
just passing the packet as per 7045, and it MUST be configured policy that
dictates a different handling.

P.9
I assume you can also say that rate limiting will break protocols too?  Should
we say “Discarding or rate-limiting” in 3.4.1.4?

p.17
Could we add a summary table for Options like we have for EHs?
(There are some here that I’d forgotten existed and at least one I was unaware
of…)

Nits:

P.7 and elsewhere
Is it RHT0 etc or RTH0 ?  All this time I’d thought RouTing Header :)

p.8
Put the Types in order by code?
Same on p.13

—
Tim

v2.23.0 | Report a Bug | By Email