Extension headers and firewalls
Florian Weimer
fw at deneb.enyo.de
Fri Aug 10 22:17:25 CEST 2012
* Cameron Byrne:
> Per RFC 2460, firewalls and routers should not be processing extension
> headers.
Per RFC 2460, firewalls and routers should not look at port numbers
and other upper-layer protocol data. RFC 2460 (and the whole IPv6
header design) optimizes for a use case that does not exist anymore,
software-based forwarding strictly according to destination address.
Deprecating extension headers is one way forward, except that DNSSEC
needs fragmentation.
More information about the ipv6-ops
mailing list