Fwd: Re: Some stats on IPv6 fragments and EH filtering on the Internet

• Previous message (by thread): BGP failure analysis and recommendations
• Next message (by thread): Fwd: [apops] APRICOT 2014 call for papers is now open
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Folks,

FYI. Thought this might be of interest.

P.S.: Input/comments welcome

Thanks!

Cheers,
Fernando




-------- Original Message --------
Subject: Some stats on IPv6 fragments and EH filtering on the Internet
Date: Mon, 04 Nov 2013 15:01:48 -0800
From: Fernando Gont <fernando at gont.com.ar>
To: 6man at ietf.org <6man at ietf.org>, IPv6 Operations <v6ops at ietf.org>

Folks,

I did a presentation on the topic at the IEPG meeting earlier this week.
It provides some concrete data regarding IPv6 fragmentation and
Extension Header filtering on the Internet.

The slideware is available at:
<http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf>

Certainly there's *much* more work to be done in this area, but I
thought that this could be good food sfor some of the discussions that
we were having on the topic.

Thanks,
-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1


-------- Original Message --------
Subject: Re: Some stats on IPv6 fragments and EH filtering on the Internet
Date: Mon, 4 Nov 2013 23:27:12 +0000
From: Tim Chown <tjc at ecs.soton.ac.uk>
To: 6man at ietf.org <6man at ietf.org>, IPv6 Operations <v6ops at ietf.org>

Hi,

Also as per the IEPG discussion, the results I had in conjunction with a
summer MSc project student can be summarised as follows.

The headline is that he saw a 37.7% failure rate for the Fragmentation
Header (alone), a bit better than Fernando’s results, but still not good.

He tested the top 1,000 IPv6-enabled Alexa sites.
He used the scapy toolkit which supports the four main extension header
types (routing, fragmentation, destination and hop-by-hop)
He tested
a) valid combinations of those 4 extension headers as per RFC 2460
b) other non-valid combinations
c) duplicated extension headers
d) fragmentation header
Primarily TCP tests, doing HTTP GET requests.

For single extension headers, acceptance was
Routing header 63.9%
Frag header 62.3%
Hop by hop header 60%
Destination option header 15.8%
When using no extension headers, success rate was 100%
When using multiple headers, the rates fall markedly, not dissimilar
with Fernando’s numbers for longer headers.

About 120 sites accept all four types of extension headers.

A small number of sites accepted illegal combinations/ordering of
extension headers.

A more detailed set of results is being pushed to a conference paper.

I now have another student taking this further, and validating the above
results, so feel free to contact me off-list if you’re interested.

Tim

On 4 Nov 2013, at 23:01, Fernando Gont <fernando at gont.com.ar> wrote:

> Folks,
> 
> I did a presentation on the topic at the IEPG meeting earlier this week.
> It provides some concrete data regarding IPv6 fragmentation and
> Extension Header filtering on the Internet.
> 
> The slideware is available at:
> <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf>
> 
> Certainly there's *much* more work to be done in this area, but I
> thought that this could be good food sfor some of the discussions that
> we were having on the topic.
> 
> Thanks,
> -- 
> Fernando Gont
> e-mail: fernando at gont.com.ar || fgont at si6networks.com
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> 
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6 at ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------




-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

• Previous message (by thread): BGP failure analysis and recommendations
• Next message (by thread): Fwd: [apops] APRICOT 2014 call for papers is now open
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]