
I thought my arguments were clear enough from my original email. But let
me give it another shot.

Please see in line below between <hs> and </hs> 

-----Original Message-----
From: Suresh Krishnan [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 17, 2008 6:47 PM
To: Hemant Singh (shemant)
Cc: IETF IPv6 Mailing List
Subject: Re: Review comments for draft-krishnan-ipv6-exthdr-01.txt

Hi Hemant,
   Thanks for your comments. Please see responses inline.

Hemant Singh (shemant) wrote:
> Suresh,
> First, one simple comment.
> 1. In section 1 of your draft you say
> [may need to look at the transport layer header fields...]
> Change "transport layer header" to "upper layer header" because
> (a) You must use language consistent with RFC 2460.
> (b) Use of transport layer is incorrect because ICMP is a layer 3 
> protocol that is also upper layer for IPv6 Extended Header (EH) while 
> the transport layer is layer 4.

Will do.

> On to more critical issues. 
> 2. I and Wes don't agree at all with bullet 2 in section 4 (Future 
> work) of this draft that says:
> [Extension headers must be processed in any order they appear]
> Hop-by-hop option is processed by every intermediate router and such 
> router's fast path silicon is usually a hardware engine that parses 
> the first x bytes of the Extended header (EH) where x can be say, 64
> I suspect that was the design theme when folks wrote RFC 2460 and made

> sure hop-by-hop was always the first EH. Also, as reviewers of your 
> draft we still keep in mind that hop-by-hop hasn't been deprecated.
> Further, section 4.1 of RFC 2460 also defines a specific sequence of 
> EH's. We want your draft to still comply to RFC 2460 in this regard - 
> comply with section 4.1 of RFC 2460 and preserve this section's EH 
> Order. Further this section from RFC 2460 says:
> [If and when other extension headers are defined, their ordering 
> constraints relative to the above listed headers must be specified].
> This constraint cannot be dispensed with without very careful thought.

I agree with you in spirit, but the requirement for ordering is very
fuzzy. For example If there is a routing header of type 0 and a routing
header of type 2 what is the order in which they should appear. I think
the text should read


Your example is not a good one for more reasons than one and the
ordering is not fuzzy. First, RH0 has been deprecated. Secondly, RFC
3775, the RFC that defined the RH2 clearly says in section 6.4.1 as

[The ordering rules for extension headers in an IPv6 packet are
 in Section 4.1 of RFC 2460 [11].  The type 2 routing header defined
 for Mobile IPv6 follows the same ordering as other routing headers.
 If both a type 0 and a type 2 routing header are present, the type 2
 routing header should follow the other routing header.  A packet
 containing such nested encapsulation should be created as if the
 inner (type 2) routing header was constructed first and then treated
 as an original packet by the outer (type 0) routing header
 construction process.]

Further evidence for ordering not being fuzzy is shown in the following
text from section 4.1 of RFC 2460.

[When more than one extension header is used in the same packet, it is
 recommended that those headers appear in the following order:

           IPv6 header
           Hop-by-Hop Options header
           Destination Options header (note 1)
           Routing header
           Fragment header

           Authentication header (note 2)
           Encapsulating Security Payload header (note 2)
           Destination Options header (note 3)
           upper-layer header]

The same section goes on to say, 

[If and when other extension headers are defined, their ordering
   constraints relative to the above listed headers must be specified.]


"Extension headers must be processed in the order they appear"

This is, I think, a valid paraphrase of the text "Therefore, extension
headers must be processed strictly in the order they appear in the
packet" that appears in RFC2460.

> 3. RFC 2460 clearly says in section 4 that EH's are not processed by 
> intermediate nodes unless the EH is a hop-by-hop EH. Since your draft 
> ignores this rule of RFC 2460, it's up to the IPv6 community to first 
> agree to such a change to RFC 2460 before looking at your draft.

I am not sure I understand what you mean. The draft does not recommend
anybody to look at the EHs other than the HBH. The draft says that, if
someone does (e.g. firewalls and other middleboxes) it makes sense to
have a standard header format. Not that I condone it, but this paradigm
(of routers being L3 only devices) has been broken long time ago. Every
router I know of has the capability to look at and filter at least on
the transport layer port.

<hs>Of course, firewall vendors will be biased towards inspecting an EH
that is not the HBH. But that is not what RFC 2460 says. Here is text
from RFC 2460 that clearly says, no intermediate node will
inspect/process any EH besides the HBH. 

[With one exception, extension headers are not examined or processed
   by any node along a packet's delivery path, until the packet reaches
   the node (or each of the set of nodes, in the case of multicast)
   identified in the Destination Address field of the IPv6 header.]

Pardon my ignorance, but I need to see an explicit RFC that says
firewalls being intermediate nodes, are allowed to inspect an EH that is
not HBH and that RFC should also say that the RFC updates RFC 2460. 




IETF IPv6 working group mailing list
Administrative Requests:

Reply via email to