IPv6 packets with HBH
Fernando Gont
fernando at gont.com.ar
Fri Aug 8 01:53:49 CEST 2014
On 08/07/2014 08:05 AM, Ole Troan wrote:
>
>>> how do people handle packets with HBH present? Since their use is
>>> a potential attack vector, do people rate-limit them? I can't
>>> seem to find some sort of "best practice" on the issue
>>
>> This is the current state of affairs on the public IPv6 Internet:
>> <http://www.iepg.org/2014-07-20-ietf90/iepg-ietf90-ipv6-ehs-in-the-real-world-v2.0.pdf>
>
>>
> s/public IPv6 Internet/selected content providers/
Well... with did our measurements over Alexa's top-1m sites... that's a
bit more than "selected content providers"....
> advice with regards to HBH headers. assuming there isn't any feature
> enabled that uses HBH. on a platform that supports forwarding of
> packets with HBH without punting, forward. for platforms that do punt
> regardless, drop.
Agreed.
Cheers,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the ipv6-ops
mailing list