Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Version Notification for draft-gont-v6ops-ipv6-ehs-packet-drops-02.txt)
Tom Herbert <tom@herbertland.com> Fri, 12 February 2016 08:02 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 269B71B4169 for <v6ops@ietfa.amsl.com>; Fri, 12 Feb 2016 00:02:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opIWur1sRuez for <v6ops@ietfa.amsl.com>; Fri, 12 Feb 2016 00:02:08 -0800 (PST)
Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E92051B4168 for <v6ops@ietf.org>; Fri, 12 Feb 2016 00:02:07 -0800 (PST)
Received: by mail-ig0-x22c.google.com with SMTP id 5so5348437igt.0 for <v6ops@ietf.org>; Fri, 12 Feb 2016 00:02:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fAnkLlz1ecdiFx81RadLgPe8EAcdFOTqOz6pyXhAHm4=; b=H4HAHjsQT5+cufIxbHu0bLlwvOjkNIYh0aFYiUEavgpgf8tgY/2ypkc5wSfBBho7px S9nqGMl3UDBJwTGI8G+B2BK+DxMzWTYXBIiblRrpzLaPJ8+S9mUtGdjYM4ZpXO0WpJeG UShgCj+8HXQIsDu4TJyFACT6C3ywQRKoG44OQB8s1WQ6MYb+ZnQU9Jy+JJ3lnGRHMeyj jc3i6/8y7MepzdqGZWjWJ1da9xrZs6nxnd7V1d94pGuXHbjr6jgEzQClNMj4JoVhjdtm O05YOwuXxud8ky+SP6LirSsUyeOLM2rlSmFi91EHoLbBCk4Xv2Qdc+yYbDE8psE9J35e 9X4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=fAnkLlz1ecdiFx81RadLgPe8EAcdFOTqOz6pyXhAHm4=; b=klcAOsbr7GFKHqn+8ndwD7KCIejr6JySgQj4xD78wGyGJkJ3xbT+tiPeoSKQ9d0hyD o8wHsPyolpgyWm2fGagEQjolIvu8qIwzZYWd/sc/jWrZFBSeK7EgTIAQTInv6mlRAul7 Nt6OgdOLWGlSSvm51+MqEOb5IWGWPtSk+Adz3qKsBaJ7YtNkp/MyT5STnK29IxlbRGsa UKNF2MPxB+3Pca4bROqiiuVbsvludPZTvPAFoo5m4DkW200Uv6X+A7kq3J1tzypmtzJG C+ws5fmoslNlIEgT1yv5UdKJ3Mlr+6nDkzqjJoa08YcB1zmsrh1Y2eLjiU77vqit0UUH YCjg==
X-Gm-Message-State: AG10YOSYkah9Fy/ePF6Iz4KUDFUsRH8o+RySDQtBCZ/GjqPs6f3FHxXc9a53MXrzH6KC6yCMLpoi4nCmtiZwZw==
MIME-Version: 1.0
X-Received: by 10.50.20.197 with SMTP id p5mr2610905ige.89.1455264127242; Fri, 12 Feb 2016 00:02:07 -0800 (PST)
Received: by 10.107.160.203 with HTTP; Fri, 12 Feb 2016 00:02:07 -0800 (PST)
In-Reply-To: <56BD224F.1050406@gmail.com>
References: <20160204214639.14168.48254.idtracker@ietfa.amsl.com> <56B4F1A6.7080402@foobar.org> <CAO42Z2yG_85ASJKbgMwXBzAAT41_DTsgYTpHm4ZtiPyjL0ZeVQ@mail.gmail.com> <56B668C3.8090009@foobar.org> <CAO42Z2zfXymKK_jPUXnV+e-6-BxJBvui2EOi7XAdo-5o5vj2ag@mail.gmail.com> <56B67671.3010409@foobar.org> <CAO42Z2zXd17fNsArj-JFGNo+s7PtiwLKLaWPkkcHiEHybO49Fw@mail.gmail.com> <56B742AC.7010307@foobar.org> <CAO42Z2wQHftEMQUPPfjvz3d+j_5ag0hV0cP1FcufGDk27WbqNg@mail.gmail.com> <56B7B919.8090001@foobar.org> <56B83BB9.7040704@isi.edu> <56B8BA32.3010505@foobar.org> <56B8F12F.30307@isi.edu> <56B90B6C.9060105@si6networks.com> <56B90E16.1090402@gmail.com> <56B933A4.6060405@si6networks.com> <B9EACBEF-0C11-4BC9-BDC4-FC720EA38985@employees.org> <74B4E9A1-E6FE-40C0-9EC9-0C2C5172A246@employees.org> <6E0AE4AB-330D-4670-9EF0-21F8E43AC6CB@employees.org> <4044B8C3-844A-40E7-A98E-D26961FADD39@employees.org> <56BBE231.9030706@gmail.com> <CALx6S36+5GBfhshcQ3fWFp+E6kXQJ6VLX8cFrHAkUVrRK9J7+Q@mail.gmail.com> <56BD224F.1050406@gmail.com>
Date: Fri, 12 Feb 2016 09:02:07 +0100
Message-ID: <CALx6S37WQcTd=KbLb3YviehpWHS1XKJVYiZLtDazkWMm6jp=Xw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/ZTsJDNLgKhzP4Lsgm2kaXy6wMkg>
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Version Notification for draft-gont-v6ops-ipv6-ehs-packet-drops-02.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 08:02:09 -0000
On Fri, Feb 12, 2016 at 1:07 AM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > On 11/02/2016 22:57, Tom Herbert wrote: > ... >> Suppose we define an "EH chain length" extension header. This would >> include the length of the chain starting from the first byte of the EH >> and also a next header value for the header that follow the chain. >> This EH could follow HBP. Network nodes can use this to skip over a >> long chain to parse the transport header. The receiver would need to >> validate the length and protocol are correct in order to prevent >> someone from spoofing transport headers. > > https://tools.ietf.org/html/draft-zhang-6man-offset-option-01 > > But it doesn't help, because any middlebox that insists on trying > to parse all the headers will not make use of this feature. > Right, but realistically if we want to send extension headers into the Internet we can't wait an indefinite amount of time for every single device to properly handle them. It seems that we'd want to apply a happy eyeballs approach. If the offset option makes it more palatable for some devices to forward packets with EH that could move things forward by some amount. I also see a use case for this at the end hosts, a ridiculously long chain could be a nice DOS attack and the offset option might mitigate that. For instance, before processing the chain we could verify if an encapsulated TCP packet refers to a valid connection. Tom > Brian
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Warren Kumari
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… sthaug
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… joel jaeggli
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Mark Smith
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Havard Eidnes
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… sthaug
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… sthaug
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… sthaug
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Mark Smith
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Mark Smith
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Mark Smith
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… joel jaeggli
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Mark Smith
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Mark Andrews
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- [v6ops] IPv6 EHs Packet Drops (Fwd: New Version N… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Gert Doering
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… sthaug
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Warren Kumari
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Warren Kumari
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Mark Smith
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Gert Doering
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Saku Ytti
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Matthew Walster
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Ackermann, Michael
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Sander Steffann
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Gert Doering
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Gert Doering
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Saku Ytti
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… otroan
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Joe Touch
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… 神明達哉
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Brian E Carpenter
- [v6ops] Flow label settings [was IPv6 EHs Packet … Brian E Carpenter
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Tom Herbert
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Enno Rey
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Enno Rey
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Mark Andrews
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Nick Hilliard
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] Flow label settings [was IPv6 EHs Pac… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] Flow label settings [was IPv6 EHs Pac… joel jaeggli
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Warren Kumari
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Fernando Gont
- Re: [v6ops] Flow label settings [was IPv6 EHs Pac… Brian E Carpenter
- Re: [v6ops] Flow label settings [was IPv6 EHs Pac… Fernando Gont
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Philip Homburg
- Re: [v6ops] IPv6 EHs Packet Drops (Fwd: New Versi… Warren Kumari
- Re: [v6ops] Flow label settings [was IPv6 EHs Pac… Tom Herbert
- Re: [v6ops] Flow label settings [was IPv6 EHs Pac… Brian E Carpenter