On 2013-06-13 13:17, Joe Touch wrote: [..] >>> And, for some >>> options, if the option in question is not supported, the packet should >>> be dropped -- i.e., you cannot just "ignore the hbh header" (at east in >>> theory). >> >> Why not? Is there any HBH header that is crucial for operation of IPv6? > > Current non-experimental ones include:
peeking at http://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xml 'act' and noting there are a few protocols that have act != 00 that might be affected by this. > - jumbograms act = 11 (discard + notify senders, non-multicast) I am not aware of any medium being able to do even close to 65k (or heck 20k) packets, let alone over it. Is there any gear anywhere in the world which actually implements/needs this? Now for boxes that actually have both a Jumbogram capable interface and a non-jumbogram interface, for those boxes being able to understand and thus reject this option would make sense indeed. Anywhere else this option should never be seen. (And if the code does not know about it, the hardware will likely not get it either). > - RPL act = 01 (discard) I don't see damage when this packet is ignored though. "The RPL Option is only for use between RPL routers participating in the same RPL Instance." Code that does not know about RPL does not support it and does not include the instance. (Generally this looks like one of those 'scary' and 'do not want to see from another operator on my network' kind of options btw) Security considerations does not hi-light what problems could happen if a box just ignores it unfortunately. > - router alert act = 00 (ignore) thus handled by routers that do not do HBH at all. > - CALIPSO (informational, but which includes a note about > hazards of HBH opts, but claims there was a conclusion > that this was still the correct approach) act = 00 (ignore), thus no issue here. I btw love the IESG note at the top: "The IESG notes that general deployment of protocols with hop-by-hop options are problematic, and the development of such protocols is consequently discouraged." and: "It is unsuitable for use and ineffective on the global public Internet." > RPL was just approved in 2012. > > Even though few of these are 'crucial', why are router vendors still > creating new standards, and why does the IESG continue to approve them? Except maybe one day far in the future where Jumbopackets are needed, I do not see any of these as 'crucial'. I also do not see a single problem with routers that simply completely ignore anything but the IP header (thus decrement hop-limit, error+icmp if needed, forward the packet to the next hop) and do not look at any of the next headers... Note that this kind of ignore does allow future HBH options to be developed and deployed without issues (maybe somebody comes up with a useful thing). Processing overhead in routers is none, as they just route, boxes that have more knowledge can handle the options. (which is I assume also the idea behind the act bits, but it seems they only limit deployment of something new, not allow it) I would love to be informed though if anybody knows any situation where that can be problematic, now or in the future. Greets, Jeroen -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
