Fred wrote: > Note that I am in favor of suggesting that the Flow Label be included in the > hash when doing load balancing. It is a no brainer. At worst, it is a no op. > But it certainly is never better to exclude it.
Have you looked at the security implications? Suppose that an attacker can predict the hash algorithm used by a router. This attacker could then pick "interesting" values of the flow ID, to get the flow of traffic directed to particular paths, or not. For example, they could systematically but a different flow label to each packet to ensure the traffic is spread over all available paths. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
