Re: [v6ops] Extension Headers / Impact on Security Devices

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Wed, 20 May 2015 12:28 UTC

From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Tim Chown <tjc@ecs.soton.ac.uk>, Joe Touch <touch@isi.edu>
Thread-Topic: [v6ops] Extension Headers / Impact on Security Devices
Thread-Index: AQHQjwOUSoUfhjfqOU2VSvc4/QdUh52B3yyAgAAWQQCAAgsLAIAA30qAgABohAA=
Date: Wed, 20 May 2015 12:28:31 +0000
Message-ID: <D1824981.4B3C7%evyncke@cisco.com>
References: <20150515113728.GH3028@ernw.de> <7449B614-BF21-4AD8-A642-831D5B385B41@employees.org> <20150518.134312.74662992.sthaug@nethelp.no> <555B8712.9080906@isi.edu> <1A7F7D26-BBFD-4981-BF1C-978115C0B90A@ecs.soton.ac.uk> <EMEW3|c91cdcfda9ced16fe59fdbc4171372c9r4J9EO03tjc|ecs.soton.ac.uk|1A7F7D26-BBFD-4981-BF1C-978115C0B90A@ecs.soton.ac.uk>
In-Reply-To: <EMEW3|c91cdcfda9ced16fe59fdbc4171372c9r4J9EO03tjc|ecs.soton.ac.uk|1A7F7D26-BBFD-4981-BF1C-978115C0B90A@ecs.soton.ac.uk>
Accept-Language: fr-FR, en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/14.4.6.141106
Content-Type: text/plain; charset="utf-8"
Content-ID: <9DDB68C196581545A8BBEB0EE7268DD3@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/BpObDKPMq-Ac5bSdpbj-7wtiXi4>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Extension Headers / Impact on Security Devices
Precedence: list

On 20/05/15 10:14, "Tim Chown" <tjc@ecs.soton.ac.uk> wrote:
>
>The other question is what existing work is being done that relies on the
>correct (desired) operation of EHs? The two that would spring out would
>be segment routing and sfc, at least one of which is using the existing
>Routing Header. If such protocols are constrained to specific
>administrative domains then their successful operation I would assume is
>down to specific EH handling in the equipment in that domain, and its
>capabilities, rather than (undesired) operator filtering somewhere
>between sender and receiver.

The primary use case of segment routing is indeed within a single
administrative domain, so, EH does not cause a problem.

OTOH, this whole discussion is pretty close to having a discussion on
whether an ISP should block everything which is neither UDP nor TCP? Or
block currently-unallocated TCP/UDP ports? (and I appreciate that there
are differences of course).

To Enno's original point: it is fair for a destination domain to handle
(permit, drop, log, inspect) incoming (or outgoing BTW) packets based on
layer-4 ports, layer-4 protocols or extension headers. This is their own
responsibility

-éric

[v6ops] Extension Headers / Impact on Security De… Enno Rey
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Mark ZZZ Smith
Re: [v6ops] Extension Headers / Impact on Securit… Gert Doering
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Silvia Hagen
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Ole Troan
Re: [v6ops] Extension Headers / Impact on Securit… sthaug
Re: [v6ops] Extension Headers / Impact on Securit… Nick Hilliard
Re: [v6ops] Extension Headers / Impact on Securit… Fernando Gont
Re: [v6ops] Extension Headers / Impact on Securit… Ted Lemon
Re: [v6ops] Extension Headers / Impact on Securit… Gert Doering
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Ted Lemon
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Sander Steffann
Re: [v6ops] Extension Headers / Impact on Securit… Mark ZZZ Smith
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Tim Chown
Re: [v6ops] Extension Headers / Impact on Securit… Eric Vyncke (evyncke)
Re: [v6ops] Extension Headers / Impact on Securit… Silvia Hagen
Re: [v6ops] Extension Headers / Impact on Securit… Nick Hilliard
Re: [v6ops] Extension Headers / Impact on Securit… Mark ZZZ Smith
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Gert Doering
Re: [v6ops] Extension Headers / Impact on Securit… Ray Hunter
Re: [v6ops] Extension Headers / Impact on Securit… Tim Chown
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Eric Vyncke (evyncke)
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Stefano Previdi (sprevidi)
Re: [v6ops] Extension Headers / Impact on Securit… Stefano Previdi (sprevidi)
Re: [v6ops] Extension Headers / Impact on Securit… Howard, Lee
Re: [v6ops] Extension Headers / Impact on Securit… Fred Baker (fred)
Re: [v6ops] Extension Headers / Impact on Securit… Fred Baker (fred)
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Enno Rey
Re: [v6ops] Extension Headers / Impact on Securit… Eric Vyncke (evyncke)
Re: [v6ops] Extension Headers / Impact on Securit… Ca By
Re: [v6ops] Extension Headers / Impact on Securit… Mark ZZZ Smith
Re: [v6ops] Extension Headers / Impact on Securit… Ca By
Re: [v6ops] Extension Headers / Impact on Securit… Jen Linkova
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
Re: [v6ops] Extension Headers / Impact on Securit… Fred Baker (fred)
Re: [v6ops] Extension Headers / Impact on Securit… Ca By
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Fred Baker (fred)
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Jen Linkova
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Nick Hilliard
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Jen Linkova
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Jen Linkova
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Jen Linkova
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
Re: [v6ops] Extension Headers / Impact on Securit… Ca By
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Fred Baker (fred)
Re: [v6ops] Extension Headers / Impact on Securit… Jen Linkova
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian Haberman
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
Re: [v6ops] Extension Headers / Impact on Securit… Fred Baker (fred)
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Tore Anderson
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian Haberman
Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Tore Anderson
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian E Carpenter
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Warren Kumari
Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
[v6ops] So what is or are the problem or problems… Mark ZZZ Smith
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian Haberman
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Gert Doering
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Joe Touch
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Ole Troan
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Ole Troan
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Mark ZZZ Smith
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian E Carpenter
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Warren Kumari
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Ronald Bonica
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Mark ZZZ Smith
Re: [v6ops] Extension Headers / Impact on Securit… Fernando Gont
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Fernando Gont
Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian Haberman