IETF Logo Mail Archive

Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text

Gert Doering <gert@space.net> Mon, 20 April 2015 21:21 UTC

Return-Path: <gert@Space.Net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 993701B3211 for <v6ops@ietfa.amsl.com>; Mon, 20 Apr 2015 14:21:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rhz_wqEN3DMd for <v6ops@ietfa.amsl.com>; Mon, 20 Apr 2015 14:21:28 -0700 (PDT)
Received: from mobil.space.net (mobil.space.net [IPv6:2001:608:2:81::67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B74651A1B22 for <v6ops@ietf.org>; Mon, 20 Apr 2015 14:21:28 -0700 (PDT)
X-Original-To: v6ops@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id 554CD62917 for <v6ops@ietf.org>; Mon, 20 Apr 2015 23:21:26 +0200 (CEST)
X-SpaceNet-Relay: true
Received: from moebius3.space.net (moebius3.Space.Net [IPv6:2001:608:2:2::250]) by mobil.space.net (Postfix) with ESMTPS id 09DEE60934 for <v6ops@ietf.org>; Mon, 20 Apr 2015 23:21:26 +0200 (CEST)
Received: (qmail 31380 invoked by uid 1007); 20 Apr 2015 23:21:25 +0200
Date: Mon, 20 Apr 2015 23:21:25 +0200
From: Gert Doering <gert@space.net>
To: Joe Touch <touch@isi.edu>
Message-ID: <20150420212125.GE54385@Space.Net>
References: <D157BDE1.44CEE%evyncke@cisco.com> <55351EA0.2010700@isi.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <55351EA0.2010700@isi.edu>
X-NCC-RegID: de.space
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/j6jl-TAPkSIi4vBsPRSf36G4694>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, Merike Kaeo <merike@doubleshotsecurity.com>, "draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org" <draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org>, Fernando Gont <fgont@si6networks.com>
Subject: Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2015 21:21:30 -0000

Hi,

On Mon, Apr 20, 2015 at 08:43:28AM -0700, Joe Touch wrote:
> > If for some reasons, a router in the middle needs access to layer-4
>                                               ^^^^^
> > information (IPFIX? DDoS mitigation? ... ?), then the EH chain must be
> > parsed which can cause a performance impact.
[..]
> 	1) this is the router vendor's decision, not a requirement
> 	of Internet routers

So, please tell me how you build an Internet router that is able to
defend itself against control plane abuse and does not need to look into
L4 to do so?

Building a router that doesn't do ACLs and control-plane rate limiting
is easy, but totally useless in today's Internet...

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444           USt-IdNr.: DE813185279

v2.23.0 | Report a Bug | By Email