[168320] in North American Network Operators' Group
Re: Experiences with IPv6 and Routing Efficiency
daemon@ATHENA.MIT.EDU (joel jaeggli)
Sun Jan 19 12:52:58 2014
Date: Sun, 19 Jan 2014 09:52:38 -0800
From: joel jaeggli <joelja@bogus.com>
To: Saku Ytti <saku@ytti.fi>, nanog@nanog.org
In-Reply-To: <20140119170508.GA4295@pob.ytti.fi>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--m4oicPQBs93VPITQaRaDQEPr69WRfbWpB
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 1/19/14, 9:05 AM, Saku Ytti wrote:
> On (2014-01-19 16:11 +0000), Nick Hilliard wrote:
>=20
>> attacks for hardware-forwarded routers, so generally the only sensible=
>> option is to drop packets with long EH chains.
>=20
> I think sensible is to handle HW when possible and punt rate-limited wh=
en
> must. Dropping standard compliant data seems dubious at best.
There are routers and switches that by design have no recourse to a
software forwarding path.
It doesn't make a lot of sense to have device that has a nominal
capacity of several Tb/s attempt to punt packets up to a control-plane
processor that's gig-e connected.
> Now should it be standard complaint?
>=20
> http://tools.ietf.org/html/draft-ietf-6man-oversized-header-chain-09 is=
> looking to restrict EH more, I contacted authors, hoping even more limi=
tation
> than what it currently suggests, they thought 6man would never accept a=
s
> strict limits as I suggested.
> My suggestion is that IP + EH (not L4) SHOULD NOT span over 128B and
> implementation MAY drop frames with larger headers.
>=20
>=20
--m4oicPQBs93VPITQaRaDQEPr69WRfbWpB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLcEOYACgkQ8AA1q7Z/VrIRGwCfYhtRwNGYdeeN2ezt92IA4U/p
wjMAniG2AP0v/QYDhSqWcMdp7tkOquMS
=1Mr1
-----END PGP SIGNATURE-----
--m4oicPQBs93VPITQaRaDQEPr69WRfbWpB--
