Ran, On Feb 3, 2011, at 10:41 AM, RJ Atkinson wrote:
> > On 03 Feb 2011, at 13:07 , Bob Hinden wrote: >> I don't think we should limit the use of the flow label >> for load balancing due to a concern about covert channels using the flow >> label. > > So far as I am aware, no one has suggested not specifying > how the Flow Label field might be used for load balancing. OK, it's good to make that clear. > What I suggested was distinctly different, namely that some > operational domains are likely to zero that field, either in > the origin node or as the packet crosses an administrative > boundary, in order to comply with domain-specific policy. > > In turn that means (A) it is unlikely that IPv6 Flow Labels will > reliably be unchanged end-to-end and (B) it is likely that some > IPv6 packets with zero-filled Flow Label fields will continue > to be seen on the global public Internet for the forseeable future. For sure, but I suspect this will be the case for the foreseeable future due to the time it takes to update existing implementations that don't currently set the flow label. > I also suggested that trying to legislate this issue out of existence > by putting words in an RFC was unlikely to be effective. Operational > folks in a wide range of organisations routinely configure their > systems to match local security policies, even when that policy or > configuration is not consistent with existing RFCs. That's why the current draft says SHOULD. The usual definition of SHOULD covers the scenario you describe. Bob > > Cheers, > > Ran > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
