Hi, On Wed, Dec 05, 2018 at 06:57:28PM +0100, Ole Troan wrote: > You are creating the ???perceived??? security problem yourself, by requiring > processing deeper into the packet than is required. > Just comply with RFC8200. As long as a router is not configured to process > any HBH options, it can ignore the header. > You seem to think HBH still means ???punt to software???. If it ever meant > that. > > There???s no need for rate-limiting for not processing HBH obviously.
I *must* be able to look at the protocol field of packets coming in on
our borders (see detailed description on our rate-limiting rules in
another mail of today). If there are EHs in the way so our routers'
hardware cannot decide if this is a TCP or UDP packet, these packets
go down the drain.
And I'm fairly sure you understand that operational reality, so I'm not
sure what point you are making.
(It's not just HBH. EHs are fundamentally incompatible with today's
reality)
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
