On 06/04/2011 03:01 p.m., Fernando Gont wrote: >> I think we can assume that if we use both the src/dst, we will get a >> good degree of distribution in the values. Adding the Flow Label gives >> more. I am just not convinced that to get good distribution we need to >> *require* (or strongly suggest) psuedo randomness in the Flow >> Lable. We know that by simply incrementing the Flow Label by 1 for >> each flow, we get sufficient distribution. That is *way* easier to >> implement than something else. > > What we want is unpredictable flow numbers, with a low frequency of FL > reuse. A typical call to random() would be just *one*¨way to do it. But, > as noted, there are others. > > For hash-based algorithms, you only compute the hash once for each flow. > Then you simply increment the FL for each packet you send for that flow.
Sorry. Please let me correct myself: The hash is computed only once for each flow. And every time a new flow is created, a global counter is incremented. When a new flow is created, the FL is selected by the expresion: FL = hash(src ip, dst ip) + counter and the counter is incremented So, the FL of successive Flow Labels between the same set of IPv6 addresses will have monotonically-increasing FLs. The table in http://tools.ietf.org/html/draft-gont-6man-flowlabel-security-01 illustrates this much better. Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
