IPv6 packets with HBH

Brian E Carpenter brian.e.carpenter at gmail.com
Fri Jul 4 22:43:27 CEST 2014

On 05/07/2014 04:05, Yannis Nikolopoulos wrote:
> hello,
> how do people handle packets with HBH present? Since their use is a
> potential attack vector, do people rate-limit them? I can't seem to find
> some sort of "best practice" on the issue

I have the impression that they are simply ignored in many cases.
That is simpler than rate-limiting. It is legal, because we reduced
the requirement to processing them to a SHOULD in RFC 7045:

   The IPv6 Hop-by-Hop Options header SHOULD be processed by
   intermediate forwarding nodes as described in [RFC2460].  However, it
   is to be expected that high-performance routers will either ignore it
   or assign packets containing it to a slow processing path.  Designers
   planning to use a hop-by-hop option need to be aware of this likely

 - Brian

> cheers,
> Yannis

More information about the ipv6-ops mailing list