Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

Nick Hilliard <nick@foobar.org> Thu, 06 December 2018 18:13 UTC

Return-Path: <nick@foobar.org>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CABD130F0D; Thu, 6 Dec 2018 10:13:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 609DDwv0vl2L; Thu, 6 Dec 2018 10:13:20 -0800 (PST)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A171130E4E; Thu, 6 Dec 2018 10:13:20 -0800 (PST)
X-Envelope-To: ietf@ietf.org
Received: from cupcake.local (089-101-195156.ntlworld.ie [89.101.195.156] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id wB6IDFbZ061994 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 6 Dec 2018 18:13:15 GMT (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-195156.ntlworld.ie [89.101.195.156] (may be forged) claimed to be cupcake.local
To: "Smith, Donald" <Donald.Smith@CenturyLink.com>
Cc: ietf <ietf@ietf.org>, "draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org" <draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org>, OPSEC <opsec@ietf.org>, tsv-art <tsv-art@ietf.org>
References: <C4886ABA-3BBE-46AE-B2D9-9A6836D7A8BB@strayalpha.com> <2c28d4ac-87de-bcaf-54e8-4e745235c800@gmail.com> <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <d6deb7af-99dd-9013-2722-8ebbe00c0b37@si6networks.com> <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com> <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org> <28EDE667-457E-4AED-8480-F27ECAA8E985@strayalpha.com> <6bd1ec94-f420-1f4c-9254-941814704dbb@gmail.com> <6be84ccf-9a72-2694-e19d-fa19043a0cb1@huitema.net> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net> <68EFACB32CF4464298EA2779B058889D53E5B552@PDDCWMBXEX503.ctl.intranet>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <a8d4f432-babc-cd48-217b-8a2540b7ce86@foobar.org>
Date: Thu, 06 Dec 2018 18:13:13 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/6.1.6
MIME-Version: 1.0
In-Reply-To: <68EFACB32CF4464298EA2779B058889D53E5B552@PDDCWMBXEX503.ctl.intranet>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/Y5EBT9eGac3v-ttBfY_W3naH98Y>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 18:13:22 -0000

Smith, Donald wrote on 06/12/2018 17:59:
> This is the only study I know that did something like that. It was
> limited to a single router and is 2 years or so old.
this isn't a relevant study because the device in question was a 
software-forwarded device (i.e. no separation between control plane and 
forwarding plane).  The devices we're talking about in this discussion 
are systems which have separate management planes which can be 
overloaded by excess traffic from the forwarding planes, unless specific 
mitigating configuration is used.

Not sure why the authors of that report used a C1841 - that device dates 
from 2004.

Nick