> ISSUE 9. The changes to section 2 include this paragraph. Please read all > of it, since the first sentence out of context causes confusion: > > 2. To enable stateless load distribution at any point in the > Internet, a network domain MUST NOT forward packets outside the > domain whose flow label values are other than zero or pseudo- > random. Neither domain border egress routers nor intermediate > routers/devices (using a flow-label, for example, as a part of an > input-key for a load-distribution hash) can determine by > inspection that a value is not pseudo-random. Therefore, if > nodes within a domain ignore the above recommendations to set > zero or pseudo-random flow label values, and such packets are > forwarded outside the domain, this would likely result in > undesirable operational implications (e.g., congestion, > reordering) for not only the inappropriately flow-labelled > packets, but also well-behaved flow-labelled packets, during > forwarding at various intermediate devices. Thus, a domain must > protect its peers by never exporting inappropriately labelled > packets. This document does not specify the method for enforcing > this rule. The suggested way to enforce it is that nodes within > a domain MUST NOT set the flow label to a non-zero and non- > pseudo-random number if the packet will leave the domain. If > this is not known to be the case, the border router will need to > change outgoing flow labels. > > We've debated and tuned this over several versions of the predecessor > draft. But there are still objections, such as: > - MUST is too strong, if the downstream operator doesn't care about > the flow label; > - We don't fully specify what the border routers must do; > - We should more fully specify what that hosts must do. > The argument for MUST is that we shoudn't allow an operator > to send packets into the open Internet with badly formed flow labels. > From the Internet's viewpoint, we don't care whether the border router > discards packets, clears the label to zero, or classifies packets and > sets a new pseudo-random label. And if a host doesn't do what is already > recommended, we don't care what it does; the border router has to > hide it. > > QUESTION: Should we, and can we, further improve this text?
The fact remains that the receiving domain cannot trust the previous domain to have done the right thing. Therefore: "If (and only if) the receiving domain makes such use of flow label values, that would benefit from an even pseudo-random distribution, the ingress routers of such domain SHOULD map the received flow labels to new, pseudo-random values. The new values MUST be the same for all packets of any received flow, identified either by a non-zero flow label value (with the source and destination addresses), or, if the received flow label value is zero, by the 5-tuple of the received packet." I would remove text about domains protecting their neighbors. Jarno -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------