I see another application of this extension. Assume you are the end host that wants to prioritize certain packets or wants to implement Access control lists (ACLs). In the absence of this extension a router cannot apply ACLs as it will never know how to parse the packet in case it comes across an unknown extension header. It can, if it supports this extension. ALso note that the default action of an ACL may not necessarily be "deny all".
Cheers, Manav > -----Original Message----- > From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On > Behalf Of Fernando Gont > Sent: Tuesday, January 04, 2011 3.13 AM > To: Brian E Carpenter > Cc: Thomas Narten; ipv6@ietf.org; Suresh Krishnan > Subject: Re: I-D Action:draft-ietf-6man-exthdr-01.txt > > On 03/01/2011 06:25 p.m., Brian E Carpenter wrote: > > > The basic motivation for the present draft is clear: > > > >> However, > >> some intermediate nodes such as firewalls, may need to > look at the > >> transport layer header fields in order to make a > decision to allow or > >> deny the packet. > > > > That is, help middleboxes to violate e2e transparency and, > furthermore, > > allow unknown headers to cross those middleboxes. > > I don't think this I-D will make a difference. > > From the POV of a firewall, unless it really wants a packet to > pass-through, it will block it. > > So, whether the Extension Header is unknown, or whether > draft-ietf-6man-exthdr-01.txt is implemented and the Specific type is > unknown will lead to the same result: the packet will be discarded. > > This proposal would only be useful to firewalls that implement a > "default allow", and that simply want to somehow ignore an unknown > extension header and base their decision on the upper-layer protocol > (only). -- But we all know that firewalls operate (or should > operate) in > "default deny" rather than "default allow". > > So IMHO this proposal won't be useful for such firewalls. > > Thanks, > -- > Fernando Gont > e-mail: ferna...@gont.com.ar || fg...@acm.org > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
