On 03 Feb 2011, at 13:07 , Bob Hinden wrote: > I don't think we should limit the use of the flow label > for load balancing due to a concern about covert channels using the flow > label.
So far as I am aware, no one has suggested not specifying how the Flow Label field might be used for load balancing. What I suggested was distinctly different, namely that some operational domains are likely to zero that field, either in the origin node or as the packet crosses an administrative boundary, in order to comply with domain-specific policy. In turn that means (A) it is unlikely that IPv6 Flow Labels will reliably be unchanged end-to-end and (B) it is likely that some IPv6 packets with zero-filled Flow Label fields will continue to be seen on the global public Internet for the forseeable future. I also suggested that trying to legislate this issue out of existence by putting words in an RFC was unlikely to be effective. Operational folks in a wide range of organisations routinely configure their systems to match local security policies, even when that policy or configuration is not consistent with existing RFCs. Cheers, Ran -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
