Re: [v6ops] Extension Headers / Impact on Security Devices

"Fred Baker (fred)" <fred@cisco.com> Fri, 29 May 2015 19:45 UTC

Return-Path: <fred@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71CCB1B2CE9 for <v6ops@ietfa.amsl.com>; Fri, 29 May 2015 12:45:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.511
X-Spam-Level:
X-Spam-Status: No, score=-114.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dVlWtpUY5n3V for <v6ops@ietfa.amsl.com>; Fri, 29 May 2015 12:45:23 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31AB31B2CE1 for <v6ops@ietf.org>; Fri, 29 May 2015 12:45:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1849; q=dns/txt; s=iport; t=1432928723; x=1434138323; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=26W2diBKpdgJvkgkfIYx6IYJHyPYF3A/DPphI0K23V0=; b=MWZ4q/yMHHKAz+jYBaFXKFQ7sE4LepewsjF7YcsEOG+gNYXikpXWqufF 7xxTJHUKaDRVaezHMqKMYHQLJJUzbd4vjE7V80EJ33DLYfkqjEndVI3Ee acNcJKMLPdwWKeyLq1QPgij2DGfzpbMZYUweoIG9Hh0nfwSdLZ/Qtl4GW k=;
X-Files: signature.asc : 487
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AKBQCIwWhV/4UNJK1cgxCBMgbFfwKBSEwBAQEBAQGBC4QiAQEBAwF5BQsCAQgYLjIlAgQOBQ6IFwjVMQEBAQEBAQEBAQEBAQEBAQEBAQEBAReLQ4UGB4QtAQSTCoISgUOHPYEpkjCDWSOCBx+BUm+BRoEBAQEB
X-IronPort-AV: E=Sophos;i="5.13,519,1427760000"; d="asc'?scan'208";a="15911469"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-8.cisco.com with ESMTP; 29 May 2015 19:45:22 +0000
Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id t4TJjM5p002364 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 29 May 2015 19:45:22 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.134]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.03.0195.001; Fri, 29 May 2015 14:45:22 -0500
From: "Fred Baker (fred)" <fred@cisco.com>
To: "Howard, Lee" <lee.howard@twcable.com>
Thread-Topic: [v6ops] Extension Headers / Impact on Security Devices
Thread-Index: AQHQmkf/WFDVEK2vxUOLrYvhZ1YY8g==
Date: Fri, 29 May 2015 19:45:21 +0000
Message-ID: <2611A956-958E-4480-9761-3664400769BE@cisco.com>
References: <555AB8FA.2080405@si6networks.com> <F6AA9AEA-49F0-488C-84EA-50BE103987C8@nominum.com> <555B8622.5000806@isi.edu> <555BA184.8080701@gmail.com> <555BA43F.8010303@isi.edu> <5564FB74.5020303@gmail.com> <5564FE3F.4050102@isi.edu> <556503CF.4030101@gmail.com> <55650821.4060907@isi.edu> <55650E82.3090407@gmail.com> <20150527073943.GA54385@Space.Net> <D18CFF39.4C411%evyncke@cisco.com> <55675AEC.10602@isi.edu> <3EBA13CE-8E8A-4969-86B7-CD8047F876F1@cisco.com> <D18E2DCE.B385A%Lee.Howard@twcable.com>
In-Reply-To: <D18E2DCE.B385A%Lee.Howard@twcable.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.19.64.119]
Content-Type: multipart/signed; boundary="Apple-Mail=_8DC6A499-2D61-402F-BDA8-4DCBB5CEFAE8"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/VrTg5GmmsxJrhvwKgmoaYfZ0SKU>
Cc: "Mark Townsley (townsley)" <townsley@cisco.com>, "v6ops@ietf.org" <v6ops@ietf.org>, "Stefano Previdi (sprevidi)" <sprevidi@cisco.com>
Subject: Re: [v6ops] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2015 19:45:24 -0000

> On May 29, 2015, at 11:54 AM, Howard, Lee <lee.howard@twcable.com> wrote:
> 
>> the networking industry already faced the mtu "issue" more than 15 years
>> ago with the introduction of the label stack. The reality of network
>> operators infrastructure is such that the mtu is not really an issue.
> 
> This statement surprised me so much I thought I should ask:
> "MTU is not really an issue" in general?

It's largely a question of equipment choice and configuration. Equipment made with merchant chips, and older equipment, may or may not support MTUs larger than 1500 bytes for an Ethernet frame, but the chips we use in our current products (I can't really speak for J or H, but AFAIK this is true of them as well) are quite content with a 9K MTU. If your source is sending 1500 byte frames, how large do you need the MTU to be?