On 5/5/2015 7:31 PM, Tom Herbert wrote: .... >> Not only do you need to find the version (as codepoint or within the IP >> header), but if you have the same information in two places you now need >> to verify that the two match and decide what to do when they don't. >> > If they don't match the packet should dropped-- this behavior is > already implemented.
That's additional hardware that you didn't need if you didn't replicate the field. >> I.e., a person with one watch always knows what time it is; a person >> with two watches is never sure. >> > To follow through with your analogy, a person with one watch can give > the time but has no way to say that it is correct. A person with two > watches can not only give the time but also an assurance that the time > is correct (when the times on the watches match). > > Redundant information in a packet is the basis for verifying the > packet against corruption. IPv6 assumes that the "link layer" protects the packet; here that's covered by the UDP checksum. So copying bits inside areas covered by the checksum to other areas covered by that checksum has NO effect on detecting single-bit errors. Further, if you're really serious about protection, use CRC-16 or better. > Since, the IPv6 version number is not > protected by any IP layer checksum, It's a payload of a UDP packet in the cases we're discussing, and that would assume UDP over the entire message. Otherwise, you're taking EXACTLY the same risk with the IP packet you'd be taking running over any other L2 with potential corruption. Joe _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
