Experiences with IPv6 and Routing Efficiency

• Previous message (by thread): Experiences with IPv6 and Routing Efficiency
• Next message (by thread): Experiences with IPv6 and Routing Efficiency
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/19/14, 9:05 AM, Saku Ytti wrote:
> On (2014-01-19 16:11 +0000), Nick Hilliard wrote:
> 
>> attacks for hardware-forwarded routers, so generally the only sensible
>> option is to drop packets with long EH chains.
> 
> I think sensible is to handle HW when possible and punt rate-limited when
> must. Dropping standard compliant data seems dubious at best.

There are routers and switches that by design have no recourse to a
software forwarding path.

It doesn't make a lot of sense to have device that has a nominal
capacity of several Tb/s attempt to punt packets up to a control-plane
processor that's gig-e connected.

> Now should it be standard complaint?
> 
> http://tools.ietf.org/html/draft-ietf-6man-oversized-header-chain-09 is
> looking to restrict EH more, I contacted authors, hoping even more limitation
> than what it currently suggests, they thought 6man would never accept as
> strict limits as I suggested.
> My suggestion is that IP + EH (not L4) SHOULD NOT span over 128B and
> implementation MAY drop frames with larger headers.
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140119/aca83931/attachment.sig>

• Previous message (by thread): Experiences with IPv6 and Routing Efficiency
• Next message (by thread): Experiences with IPv6 and Routing Efficiency
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]