[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPv6 RH (was Re: SPD issues)
Stephen Kent wrote:
We might add a flag that explicitly disallows traffic with routing
headers, as a local admin control for SPD entries.
I think this is a bad idea. the local admin should use a firewall
to restrict traffic with routing headers if needed. he shouldnt
use the SPD to do this. we might accidentaly turn off protocols
which make use of routing headers.
also routing headers come in different flavors. there is a type 2
routing header whose semantics are differnt. in type 2 routing
headers you can only specify one address (segmentsLeft is always
1) and packets with this routing header are never forwarded by a
node which processes the routing header. both the destination
address and the address inside the routing header should belong to
the same node. there is no security concerns with the use of this