IETF Logo Mail Archive

Re: [v6ops] IPv6 Extension Headers in the Real World

Fernando Gont <fernando@gont.com.ar> Fri, 03 October 2014 19:03 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BD431A88B1 for <v6ops@ietfa.amsl.com>; Fri, 3 Oct 2014 12:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IY_KFCY7AuA8 for <v6ops@ietfa.amsl.com>; Fri, 3 Oct 2014 12:03:37 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25B3E1A88AE for <v6ops@ietf.org>; Fri, 3 Oct 2014 12:03:37 -0700 (PDT)
Received: from [2001:5c0:1000:a::17] by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from <fernando@gont.com.ar>) id 1Xa88X-0006qm-ER; Fri, 03 Oct 2014 21:03:29 +0200
Message-ID: <542EF2F9.10204@gont.com.ar>
Date: Fri, 03 Oct 2014 16:03:21 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>, "Metzler, Dan J" <dan-metzler@uiowa.edu>, Tim Chown <tjc@ecs.soton.ac.uk>
References: <542A36AC.9030203@gont.com.ar> <542C81B7.10601@isi.edu> <99A3738D-954C-4A75-8055-E30D0D73DD80@ecs.soton.ac.uk> <EMEW3|fe883999a173b6d6b6b574badb6ebb53q90Niq03tjc|ecs.soton.ac.uk|99A3738D-954C-4A75-8055-E30D0D73DD80@ecs.soton.ac.uk> <542C8595.6080809@isi.edu> <CAKD1Yr2JB6V61D+JcUR2qj6-AGEAQr+Jn0eOUPSLEOKXZ1cEqw@mail.gmail.com> <9062DD5BB047BF4C96BCE0CB9DA96D1B4DE1C0C7@ITSNT440.iowa.uiowa.edu> <E69F8B2A-C8F9-4978-B2F8-0F6C74619BA0@ecs.soton.ac.uk> <EMEW3|0e9b5822392d744642b47f8f3cb94f76q91ED603tjc|ecs.soton.ac.uk|E69F8B2A-C8F9-4978-B2F8-0F6C74619BA0@ecs.soton.ac.uk> <542D695A.3070506@isi.edu> <9062DD5BB047BF4C96BCE0CB9DA96D1B4DE22159@ITSNT440.iowa.uiowa.edu> <542EAFEF.30607@gont.com.ar> <542EF0BA.2070604@isi.edu>
In-Reply-To: <542EF0BA.2070604@isi.edu>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/T9szW5ur1euKDbDiw3EqV0fe5kc
Cc: "draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org" <draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org>, IPv6 Operations <v6ops@ietf.org>, V6ops Chairs <v6ops-chairs@tools.ietf.org>
Subject: Re: [v6ops] IPv6 Extension Headers in the Real World
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2014 19:03:44 -0000

On 10/03/2014 03:53 PM, Joe Touch wrote:
> On 10/3/2014 7:17 AM, Fernando Gont wrote:
>> And you certainly do not want the "here's what we saw", "here's how we'd
>> like you to filter packets with EHs", "here's what the IETF should
>> consider when designing new protocols", because they tend to be rather
>> orthogonal, and also targeted at different communities.  -- the guy
>> doing the packet filtering is likely different from the guy developing
>> new protocols, etc.
> 
> The coupling of these determines how you act. It determines whether you
> can filter safely, only when under threat or in a particular
> environment, or should not filter under any circumstances.

Have you checked the eh-filtering I-D
(drfat-gont-opsec-ipv6-eh-filtering)? Because it has all that analysis
in the document itself



> And that's why it's dangerous to split these out. These should not be
> targeted at different communities without a single, coherent context of
> both what is known to happen, what the risks are, and the recommendations.

That's all in one I-D. OTOH, the I-D of the subject line is about
empirical observations.



> Ultimately, we need an Internet whose behavior is coherent, not based on
> potentially interfering communities perceived as being orthogonal.

You want have coherent Internet, because even when we can provide
advice, at the end of the day its each operator's business what they do
with their own network. -- in the same way that some networks break
PMTUD, while others don't.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email