IETF Logo Mail Archive

Re: [v6ops] new draft: draft-taylor-v6ops-fragdrop

Lorenzo Colitti <lorenzo@google.com> Tue, 23 October 2012 08:49 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C014621F8654 for <v6ops@ietfa.amsl.com>; Tue, 23 Oct 2012 01:49:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.882
X-Spam-Level:
X-Spam-Status: No, score=-102.882 tagged_above=-999 required=5 tests=[AWL=0.094, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gyyj6Pe7C7hw for <v6ops@ietfa.amsl.com>; Tue, 23 Oct 2012 01:49:50 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4133321F8643 for <v6ops@ietf.org>; Tue, 23 Oct 2012 01:49:50 -0700 (PDT)
Received: by mail-ob0-f172.google.com with SMTP id v19so3916293obq.31 for <v6ops@ietf.org>; Tue, 23 Oct 2012 01:49:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-system-of-record; bh=WK24nLJRUrsHOdTgPALyr7rLr0SWf+t5/23/CrSHa+Q=; b=XEL8eWkDO6fKWmXG8qpi1G7+QmhYHBK8leMATxq0dXvwF8qDJC888qG50dCPo2pXTY /3lbNuQsTXcopxn51FoVSVAGYQb0ehqpFFriPEQJKbZIDjjFIdqatUh0l5N6AHxsXydv Ub5UCqioq5IiGOjR25TsfSu71PXyGX6Ry3kCKh5kHI4DKtRKdAgYfrKRj+N3wxuVKfsr 5LFWYPNIMeGAKt7MPdNGiAPHel0qgNlOCQYmU5Xz57la1dyGLBFNd/kLn6j/hxe955nL vDEsoFuZB5MY9rLsqay4O+UcJBN+cnnz0PaBJdg6cAwcGpSDALV+OCMbPvGLnnt2+Isf 8ZQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=WK24nLJRUrsHOdTgPALyr7rLr0SWf+t5/23/CrSHa+Q=; b=XT5DAxhCR+1FfQg2D5h6sEBrK7Q4UcaZNfNg5XiNMRYK2oq4Pj3VHCUUJvs/aA7u26 GjpuIPVX8573bNU4CxFix7VXwGTAL2TzQ6nlGf7zGrxsnmXIKRbwHEv+Di50+UeO8AJM tdz1L3UdY9ExDlPvf1aNZvnjZs1qSkYPWlmBom9MZjdFJvtKG3aYPkN+3hbQQBhJfO/7 3FPQgj7DKSuFTwk5Lzf4Djrafgh/mGbnggzspR5BN2IVW6CFOZmBWuIEDXNdxI5NLFLM VeGquBqF+mZIGQOgU523XBYVRJiWVYpihUFigoH2kziS1g4ql3DuC++ihaB4oKNBbZ8E DIOw==
Received: by 10.182.150.37 with SMTP id uf5mr9321993obb.10.1350982189762; Tue, 23 Oct 2012 01:49:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.176.106 with HTTP; Tue, 23 Oct 2012 01:49:28 -0700 (PDT)
In-Reply-To: <Pine.LNX.4.64.1210201134550.8388@shell4.bayarea.net>
References: <201210161245.q9GCj0i26478@ftpeng-update.cisco.com> <E1829B60731D1740BB7A0626B4FAF0A65E0DEDF3A2@XCH-NW-01V.nw.nos.boeing.com> <507DA6A3.20807@inex.ie> <E1829B60731D1740BB7A0626B4FAF0A65E0DEDF3C3@XCH-NW-01V.nw.nos.boeing.com> <507DAB13.2010704@inex.ie> <E1829B60731D1740BB7A0626B4FAF0A65E0DEDF3CE@XCH-NW-01V.nw.nos.boeing.com> <507DDF8A.9010607@inex.ie> <E1829B60731D1740BB7A0626B4FAF0A65E0DEDF5AB@XCH-NW-01V.nw.nos.boeing.com> <BB219517-B488-4777-AE9C-35C57BE91263@kumari.net> <Pine.LNX.4.64.1210171337470.7337@shell4.bayarea.net> <AC530E99-4054-4B0A-9B5C-30F9EF4A530C@kumari.net> <20121018223121.28B2C2A0041D@drugs.dv.isc.org> <A08D31C1-5CF5-4380-851A-62F35FF11636@kumari.net> <Pine.LNX.4.64.1210201134550.8388@shell4.bayarea.net>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Tue, 23 Oct 2012 17:49:28 +0900
Message-ID: <CAKD1Yr3viunUnqUV60oj6Q5Uas1mZs4R8Gm1RR8o=iOFLUngvQ@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
Content-Type: multipart/alternative; boundary="bcaec51f955584c88104ccb60de1"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQmzsYWriBn9OkSunG56DdOCK2rMy4OvRbyoSW+3q9DJRze1desKHATcHCawWvoFieiym2WaUMBa39om61taE0pyHvUKAnhpFJsM60oWRAkehZZqHhqzUEXsETvo9R4T6+AcLG+7lE+1DRlP51cCvPFZv82vlcOEmJGRfXv+urbBKfqmB9n0yOXKCupmEj+iUBlQi57X
Cc: V6 Ops <v6ops@ietf.org>
Subject: Re: [v6ops] new draft: draft-taylor-v6ops-fragdrop
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2012 08:49:50 -0000

On Sun, Oct 21, 2012 at 3:42 AM, C. M. Heard <heard@pobox.com> wrote:

> Circling back to my original comments about this draft, this is
> precisely the sort of information that needs to be added to Section
> 2.1 to justify the assertion that "some cases will remain where
> legitimate fragments are discarded for legitimate reasons."
>

Suppose that you have packet filters at the edge of your network, and none
of your current code can look beyond the first next header value when doing
packet filtering at the edge. What do you do?

- Drop all fragments, no matter what they are
- Allow all fragments, no matter what they are
- Replace all the hardware
- Not deploy IPv6

v2.23.0 | Report a Bug | By Email