[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 RH (was Re: SPD issues)


Stephen Kent wrote:

We might add a flag that explicitly disallows traffic with routing headers, as a local admin control for SPD entries.

I think this is a bad idea. the local admin should use a firewall to restrict traffic with routing headers if needed. he shouldnt use the SPD to do this. we might accidentaly turn off protocols which make use of routing headers.

also routing headers come in different flavors. there is a type 2
routing header whose semantics are differnt. in type 2 routing
headers you can only specify one address (segmentsLeft is always
1) and packets with this routing header are never forwarded by a
node which processes the routing header. both the destination
address and the address inside the routing header should belong to
the same node. there is no security concerns with the use of this
routing header.