IETF Logo Mail Archive

Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text

Warren Kumari <warren@kumari.net> Tue, 21 April 2015 18:24 UTC

Return-Path: <warren@kumari.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FABD1A897D for <v6ops@ietfa.amsl.com>; Tue, 21 Apr 2015 11:24:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yh67JFXi6xNI for <v6ops@ietfa.amsl.com>; Tue, 21 Apr 2015 11:24:51 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADF4A1A8991 for <v6ops@ietf.org>; Tue, 21 Apr 2015 11:23:57 -0700 (PDT)
Received: by widdi4 with SMTP id di4so31483140wid.0 for <v6ops@ietf.org>; Tue, 21 Apr 2015 11:23:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=JPb0vQgbBUSkRkWE3FRyaKgmChDaUFVU4D6yjRxsHwA=; b=AqWvnPs5CDMfmogXCvWg5j/dI6jgwky13hIAd/IGe/mTa9x/R9QoTO6/8LzRe0nrFq 3ZrE+/4QAionstxtppCPKRIpW+TAKZ2hV6Rjx9YFtg0gOAZI2VhrcdINR9sDk2P0GTzt 9GSSDO5HxKlWWluueoTMAZ1Mm5yWLzqeoKQFrlU3WmGGqI0vy4uk3syDjQwj+ymH0oJQ d9W9mq+8DhacmTtMk+WofUWY4O0jjEoKT+hbSg1lCvgZ8rej9Or7m728gBmOIq2bXe6I b4CnCfRA9UHmdbIG7NMZ+An6LtwNGgIDCyOVJD9rqGHMj/0r6JjkLUZLjsCCncTMdE+z vlhg==
X-Gm-Message-State: ALoCoQnDHesxIeWvs6Rz5iHIaXjFtr9M8RtPTFGwWj6h4eunslBrTaZK307LeVH0JEf3ct8CU0j1
MIME-Version: 1.0
X-Received: by 10.180.77.83 with SMTP id q19mr36753104wiw.89.1429640636500; Tue, 21 Apr 2015 11:23:56 -0700 (PDT)
Received: by 10.194.47.36 with HTTP; Tue, 21 Apr 2015 11:23:56 -0700 (PDT)
In-Reply-To: <5536709B.1050001@isi.edu>
References: <D157BDE1.44CEE%evyncke@cisco.com> <55351EA0.2010700@isi.edu> <20150420212125.GE54385@Space.Net> <55356F68.1020605@isi.edu> <20150421064811.GG54385@Space.Net> <5536709B.1050001@isi.edu>
Date: Tue, 21 Apr 2015 14:23:56 -0400
Message-ID: <CAHw9_iJPRwAre_cr4+1BEyKzcZWCC-bYxJizSDUBqnkaYCRHAw@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/3oJOWHUcq_N9iFATPy_VpmxvXB4>
Cc: "draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org" <draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>, Merike Kaeo <merike@doubleshotsecurity.com>, Fernando Gont <fgont@si6networks.com>
Subject: Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2015 18:24:53 -0000

On Tue, Apr 21, 2015 at 11:45 AM, Joe Touch <touch@isi.edu> wrote:
>
>
> On 4/20/2015 11:48 PM, Gert Doering wrote:
>> Hi,
>>
>> On Mon, Apr 20, 2015 at 02:28:08PM -0700, Joe Touch wrote:
>>> On 4/20/2015 2:21 PM, Gert Doering wrote:
>>>> On Mon, Apr 20, 2015 at 08:43:28AM -0700, Joe Touch wrote:
>>>>>> If for some reasons, a router in the middle needs access to layer-4
>>>>>                                               ^^^^^
>>>>>> information (IPFIX? DDoS mitigation? ... ?), then the EH chain must be
>>>>>> parsed which can cause a performance impact.
>>>> [..]
>>>>>    1) this is the router vendor's decision, not a requirement
>>>>>    of Internet routers
>>>>
>>>> So, please tell me how you build an Internet router that is able to
>>>> defend itself against control plane abuse and does not need to look into
>>>> L4 to do so?
>>>
>>> A router can protect its own control plane by looking at the packet
>>> contents, but then it is acting as a host at that point and should be
>>> looking there only for packets addressed to interfaces of that router.
>>> That's not a forwarding function and thus doesn't limit the forwarding
>>> plane.
>>
>> Of course, but real world requires that this filter function needs to be
>> implemented in the forwarding plane, because otherwise packets would just
>> saturate the link between forwarding and control plane if you would only
>> filter on "the other side".
>
> DDOS filtering is a feature, not a requirement.
>

<boggle>
Sorry, no....

Now I remember why I got fed up with the previous EH discussions
(draft-taylor-v6ops-fragdrop, draft-bonica-6man-frag-deprecate,
draft-wkumari-6man-long-headers, etc) and stopped following v6ops and
6man.
'parently not much has changed....

W

> If you want to offer that as a feature, please stop complaining that
> customers should expect that it runs at rate with packets that conform
> to existing standards.
>
>> From a purely academic point of view, I totally agree with you.
>>
>> Unfortunately, the Internet is not.
>
> The Internet is also not designed to optimize your profit margins either.
>
> Joe
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email