IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt

"Xiejingrong (Jingrong)" <xiejingrong@huawei.com> Mon, 27 July 2020 06:47 UTC

Return-Path: <xiejingrong@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94A5A3A1735 for <v6ops@ietfa.amsl.com>; Sun, 26 Jul 2020 23:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v_A-2WMTgA5J for <v6ops@ietfa.amsl.com>; Sun, 26 Jul 2020 23:47:07 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7ED123A1734 for <v6ops@ietf.org>; Sun, 26 Jul 2020 23:47:07 -0700 (PDT)
Received: from lhreml717-chm.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 901A0B200170CA0CE5F2; Mon, 27 Jul 2020 07:47:05 +0100 (IST)
Received: from nkgeml704-chm.china.huawei.com (10.98.57.158) by lhreml717-chm.china.huawei.com (10.201.108.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Jul 2020 07:47:04 +0100
Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml704-chm.china.huawei.com (10.98.57.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Jul 2020 14:47:02 +0800
Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Mon, 27 Jul 2020 14:47:02 +0800
From: "Xiejingrong (Jingrong)" <xiejingrong@huawei.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, IPv6 Operations <v6ops@ietf.org>
Thread-Topic: [v6ops] I-D Action: draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt
Thread-Index: AQHWY5oqHERLRLtRAUaPyhhedF3t5qka8dyg
Date: Mon, 27 Jul 2020 06:47:02 +0000
Message-ID: <6b0bd06bf0624eb18780620cb918f3e8@huawei.com>
References: <159574132870.611.12077598721404194383@ietfa.amsl.com> <cc504d98-93ad-d14d-3362-e59b323d4b90@gmail.com>
In-Reply-To: <cc504d98-93ad-d14d-3362-e59b323d4b90@gmail.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.202.118]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/IetsOPZvKbzG1aWB-91N9A7iQKQ>
Subject: Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 06:47:10 -0000

Hi,
I read this draft and think it is a useful work.
I have two suggestions below:

1. Section 4 describes the challenge of "packet filtering mechanisms that require upper-layer information".
Some similar need for "packet filtering mechanisms that require EH information" has also been seen recently in IETF.
That may face the same challenge, and may need to be taken into consideration in this document.

2. Section 5.1.3 gives two examples to illustrate the requirement of "Deep ACL" on the "infrastructure address". 
Very good observation IMO, and I think some of the latest IETF practice may be useful for citing in this document.
RFC8754 section 5.1 separates a "programmable infrastructure address block" from the normal "infrastructure address", and thus makes a good solution to this "differentiation" requirements --
Deny the ICMP/BGP/etc traffic toward the "programmable infrastructure address block ", but no impact on existing rules to permit the ICMP/BGP/etc traffic toward to the normal "infrastructure address".

Thanks
Jingrong Xie


-----Original Message-----
From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Brian E Carpenter
Sent: Monday, July 27, 2020 6:14 AM
To: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt

Hi,

IMHO this is useful work.

> A number of recent RFCs have discussed issues related to IPv6 
> extension headers,

I suggest to add RFC7045 to the bullet list, and delete the reference to it in the previous paragraph. In fact, the structure of the "Previous Work"
section is a bit strange, with a prose paragraph followed by a bullet list.
Maybe restructure that (e.g. transform it into a single longer bullet list)?

Regards
   Brian

On 26-Jul-20 17:28, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> 
> 
>         Title           : Operational Implications of IPv6 Packets with Extension Headers
>         Authors         : Fernando Gont
>                           Nick Hilliard
>                           Gert Doering
>                           Warren Kumari
>                           Geoff Huston
> 	Filename        : draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt
> 	Pages           : 15
> 	Date            : 2020-07-25
> 
> Abstract:
>    This document summarizes the security and operational implications of
>    IPv6 extension headers, and attempts to analyze reasons why packets
>    with IPv6 extension headers may be dropped in the public Internet.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-gont-v6ops-ipv6-ehs-packet-drop
> s/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-packet-drops-04
> https://datatracker.ietf.org/doc/html/draft-gont-v6ops-ipv6-ehs-packet
> -drops-04
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-gont-v6ops-ipv6-ehs-packet-dro
> ps-04
> 
> 
> Please note that it may take a couple of minutes from the time of 
> submission until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html or 
> ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 

_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email