IPv6 packets with HBH
Brian E Carpenter
brian.e.carpenter at gmail.com
Fri Jul 4 22:43:27 CEST 2014
On 05/07/2014 04:05, Yannis Nikolopoulos wrote:
> hello,
>
> how do people handle packets with HBH present? Since their use is a
> potential attack vector, do people rate-limit them? I can't seem to find
> some sort of "best practice" on the issue
I have the impression that they are simply ignored in many cases.
That is simpler than rate-limiting. It is legal, because we reduced
the requirement to processing them to a SHOULD in RFC 7045:
The IPv6 Hop-by-Hop Options header SHOULD be processed by
intermediate forwarding nodes as described in [RFC2460]. However, it
is to be expected that high-performance routers will either ignore it
or assign packets containing it to a slow processing path. Designers
planning to use a hop-by-hop option need to be aware of this likely
behaviour.
- Brian
> cheers,
> Yannis
>
More information about the ipv6-ops
mailing list