Hi, Eric,
On 07/19/2012 07:21 AM, Eric Vyncke (evyncke) wrote:
> Two comments: 1) for the transition period (when we could perhaps see
> those packets -- even if I have yet to see one!), 'silently' is
> perhaps too strong, I would suggest at the bare minimum a dropped
> packet counter (else operators would be blind)
Ok. What about the counter? SHOULD?
> 2) RFC1858 (the IPv4
> equivalent of your I-D) specifies that routers with an ACL must also
> drop those packets and I would think that this should also be the
> case here but with a SHOULD for router implementing layer-4 ACL (not
> for plain forwarding routers or layer-3 ACL)
The caveat here is that it's trivial for a v4 router to figure out
whether the upper layer protocol's header is fragmented, but it may be
not so trivial for a v6 router to do so (i.e., it would require them to
follow the entire IPv6 header chain, which could possibly be a large
number of headers.
That said, I guess that including the aforementioned requirement for
routers, with the granularity you mention ("routers implementing layer-4
ACLs" or some equivalent wording) might work for the wg?
Can others please weigh in?
Thanks!
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
