<div dir="ltr">Se não entendi errado, filtrando esses next headers, isso elimina a possibilidade de passar pacotes com LDPv6 sobre links "normais"...<br>E isso acaba justamente com a possibilidade de usar um "link normal"(link Internet) como um transporte.<br><br>Ou até... Mesmo sem olhar para o LDP over IPv6, acaba com a possibilidade de fazer algum tipo de TE na Internet usando esses NextHeader.
<div><br></div><div>Não acompanhei o contexto da RFC desde o princípio.<br>Mas daqui de onde eu posso ver, tirar essas possibilidades de uma rede mundial completamente IPv6 é quase querer que o IPv6 seja apenas um IPv4 com mais possibilidades de endereços.<br>IPv6 é muito mais que isso.<br>Se for isso mesmo que está acontecendo... Me deixa muito triste.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em qua., 24 de ago. de 2022 às 21:04, Fernando Gont <<a href="mailto:fgont@si6networks.com">fgont@si6networks.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Te refieres a si el filtrado va a repercutir, o si es que el documento <br>
va a repercutir en las politicas aplicadas?<br>
<br>
<br>
<br>
On 22/8/22 10:34, Douglas Fischer wrote:<br>
> Inevitável pensar se isso irá refletir positiva ou negativamente no LDP <br>
> over IPv6 passando sobre "Internet"(roteadores de trânsito DFZ).<br>
> <br>
> Em qui., 18 de ago. de 2022 às 23:47, Fernando Gont <br>
> <<a href="mailto:fgont@si6networks.com" target="_blank">fgont@si6networks.com</a> <mailto:<a href="mailto:fgont@si6networks.com" target="_blank">fgont@si6networks.com</a>>> escreveu:<br>
> <br>
> Estimad@s,<br>
> <br>
> Se acaba de publicar el RFC 9288, sobre "Recommendations on the<br>
> Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit<br>
> Routers" que escribi junto a Will Liu.<br>
> <br>
> El mismo se encuentra disponible en:<br>
> <a href="https://www.rfc-editor.org/rfc/rfc9288" rel="noreferrer" target="_blank">https://www.rfc-editor.org/rfc/rfc9288</a><br>
> <<a href="https://www.rfc-editor.org/rfc/rfc9288" rel="noreferrer" target="_blank">https://www.rfc-editor.org/rfc/rfc9288</a>><br>
> <br>
> En lo que hace al RFC, creo cre su principal valor esta en analiar que<br>
> cosas dependen de los Extension Headers (EHs), y que cosas podrian<br>
> lelgar a romperse si se descartan paquetes con determinados EHs.<br>
> <br>
> Es topico es mas que interesante. Ya en su momento publicamos RFC 7872<br>
> (<a href="https://www.rfc-editor.org/rfc/rfc7872" rel="noreferrer" target="_blank">https://www.rfc-editor.org/rfc/rfc7872</a><br>
> <<a href="https://www.rfc-editor.org/rfc/rfc7872" rel="noreferrer" target="_blank">https://www.rfc-editor.org/rfc/rfc7872</a>>) analizando como se dropean<br>
> los<br>
> paquetes con IPv6 EHs en la Internet publica, asi como tambien<br>
> publicamos RFC 9098 (<a href="https://www.rfc-editor.org/rfc/rfc9098.html" rel="noreferrer" target="_blank">https://www.rfc-editor.org/rfc/rfc9098.html</a><br>
> <<a href="https://www.rfc-editor.org/rfc/rfc9098.html" rel="noreferrer" target="_blank">https://www.rfc-editor.org/rfc/rfc9098.html</a>>),<br>
> analizando los motivos que hay para droppearlos.<br>
> <br>
> Mas recientemente se ha vuelto a despertar el interes en medir hasta<br>
> que<br>
> punto se droppean -- supongo que motivados por la esperana/deseo de<br>
> algunos que la realidad sea diferente.<br>
> <br>
> <br>
> Trabaje en este RFC (RFC9288) unos 7 años. -- mucho tiempo! Tiene un<br>
> valor particular para mi, porque inclusive luego de haber trabajado<br>
> tanto tiempo, estuve a punto de perderlo, por no tener tiempo de<br>
> trabajar con el.<br>
> <br>
> Al final, los planetas se alinearon :-), y pude salvarlo justito antes<br>
> de que se perdiera..<br>
> <br>
> El trabajo de Ingenieria de Internet que se hace de la region se<br>
> hace en<br>
> muy buena medida a puro pulmon... Ya que no ha cambiado mucho la<br>
> situacion en lo que respecta a la participacion desde la region.<br>
> <br>
> Por tal motivo, mi agracedimiento a Guillote y Nelivien (socios<br>
> fundamentales), y a Diego Maradona, a quien evidentemente este<br>
> documento<br>
> va dedicado.<br>
> <br>
> Estos tipos entendieron todo:<br>
> <br>
> * <a href="https://www.youtube.com/watch?v=6e9WLX2aKbE" rel="noreferrer" target="_blank">https://www.youtube.com/watch?v=6e9WLX2aKbE</a><br>
> <<a href="https://www.youtube.com/watch?v=6e9WLX2aKbE" rel="noreferrer" target="_blank">https://www.youtube.com/watch?v=6e9WLX2aKbE</a>><br>
> * <a href="https://www.youtube.com/watch?v=JwqAG4XWLpQ" rel="noreferrer" target="_blank">https://www.youtube.com/watch?v=JwqAG4XWLpQ</a><br>
> <<a href="https://www.youtube.com/watch?v=JwqAG4XWLpQ" rel="noreferrer" target="_blank">https://www.youtube.com/watch?v=JwqAG4XWLpQ</a>><br>
> <br>
> <br>
> P.S.: <a href="https://youtu.be/9Y9Iq9hoRdM?t=89" rel="noreferrer" target="_blank">https://youtu.be/9Y9Iq9hoRdM?t=89</a><br>
> <<a href="https://youtu.be/9Y9Iq9hoRdM?t=89" rel="noreferrer" target="_blank">https://youtu.be/9Y9Iq9hoRdM?t=89</a>><br>
> <br>
> <br>
> Saludos cordiales,<br>
> --<br>
> Fernando Gont<br>
> SI6 Networks<br>
> Segurola y Habana 4310 7mo piso<br>
> Ciudad Autonoma de Buenos Aires<br>
> Argentina<br>
> Email: <a href="mailto:fgont@si6networks.com" target="_blank">fgont@si6networks.com</a> <mailto:<a href="mailto:fgont@si6networks.com" target="_blank">fgont@si6networks.com</a>><br>
> URI: <a href="https://www.si6networks.com" rel="noreferrer" target="_blank">https://www.si6networks.com</a> <<a href="https://www.si6networks.com" rel="noreferrer" target="_blank">https://www.si6networks.com</a>><br>
> <br>
> <br>
> <br>
> <br>
> -------- Forwarded Message --------<br>
> Subject: RFC 9288 on Recommendations on the Filtering of IPv6 Packets<br>
> Containing IPv6 Extension Headers at Transit Routers<br>
> Date: Thu, 18 Aug 2022 16:21:47 -0700 (PDT)<br>
> From: <a href="mailto:rfc-editor@rfc-editor.org" target="_blank">rfc-editor@rfc-editor.org</a> <mailto:<a href="mailto:rfc-editor@rfc-editor.org" target="_blank">rfc-editor@rfc-editor.org</a>><br>
> To: <a href="mailto:ietf-announce@ietf.org" target="_blank">ietf-announce@ietf.org</a> <mailto:<a href="mailto:ietf-announce@ietf.org" target="_blank">ietf-announce@ietf.org</a>>,<br>
> <a href="mailto:rfc-dist@rfc-editor.org" target="_blank">rfc-dist@rfc-editor.org</a> <mailto:<a href="mailto:rfc-dist@rfc-editor.org" target="_blank">rfc-dist@rfc-editor.org</a>><br>
> CC: <a href="mailto:rfc-editor@rfc-editor.org" target="_blank">rfc-editor@rfc-editor.org</a> <mailto:<a href="mailto:rfc-editor@rfc-editor.org" target="_blank">rfc-editor@rfc-editor.org</a>>,<br>
> <a href="mailto:drafts-update-ref@iana.org" target="_blank">drafts-update-ref@iana.org</a> <mailto:<a href="mailto:drafts-update-ref@iana.org" target="_blank">drafts-update-ref@iana.org</a>>,<br>
> <a href="mailto:opsec@ietf.org" target="_blank">opsec@ietf.org</a> <mailto:<a href="mailto:opsec@ietf.org" target="_blank">opsec@ietf.org</a>><br>
> <br>
> A new Request for Comments is now available in online RFC libraries.<br>
> <br>
> RFC 9288<br>
> <br>
> Title: Recommendations on the Filtering of<br>
> IPv6 Packets Containing IPv6 Extension Headers<br>
> at Transit Routers Author: F. Gont,<br>
> W. Liu<br>
> Status: Informational<br>
> Stream: IETF<br>
> Date: August 2022<br>
> Mailbox: <a href="mailto:fgont@si6networks.com" target="_blank">fgont@si6networks.com</a> <mailto:<a href="mailto:fgont@si6networks.com" target="_blank">fgont@si6networks.com</a>>,<br>
> <a href="mailto:liushucheng@huawei.com" target="_blank">liushucheng@huawei.com</a> <mailto:<a href="mailto:liushucheng@huawei.com" target="_blank">liushucheng@huawei.com</a>><br>
> Pages: 33<br>
> Updates/Obsoletes/SeeAlso: None<br>
> <br>
> I-D Tag: draft-ietf-opsec-ipv6-eh-filtering-10.txt<br>
> <br>
> URL: <a href="https://www.rfc-editor.org/info/rfc9288" rel="noreferrer" target="_blank">https://www.rfc-editor.org/info/rfc9288</a><br>
> <<a href="https://www.rfc-editor.org/info/rfc9288" rel="noreferrer" target="_blank">https://www.rfc-editor.org/info/rfc9288</a>><br>
> <br>
> DOI: 10.17487/RFC9288<br>
> <br>
> This document analyzes the security implications of IPv6 Extension<br>
> Headers and associated IPv6 options. Additionally, it discusses the<br>
> operational and interoperability implications of discarding packets<br>
> based on the IPv6 Extension Headers and IPv6 options they contain.<br>
> Finally, it provides advice on the filtering of such IPv6 packets at<br>
> transit routers for traffic not directed to them, for those cases<br>
> where such filtering is deemed as necessary.<br>
> <br>
> This document is a product of the Operational Security Capabilities for<br>
> IP Network Infrastructure Working Group of the IETF.<br>
> <br>
> <br>
> INFORMATIONAL: This memo provides information for the Internet<br>
> community.<br>
> It does not specify an Internet standard of any kind. Distribution of<br>
> this memo is unlimited.<br>
> <br>
> This announcement is sent to the IETF-Announce and rfc-dist lists.<br>
> To subscribe or unsubscribe, see<br>
> <a href="https://www.ietf.org/mailman/listinfo/ietf-announce" rel="noreferrer" target="_blank">https://www.ietf.org/mailman/listinfo/ietf-announce</a><br>
> <<a href="https://www.ietf.org/mailman/listinfo/ietf-announce" rel="noreferrer" target="_blank">https://www.ietf.org/mailman/listinfo/ietf-announce</a>><br>
> <a href="https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist" rel="noreferrer" target="_blank">https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist</a><br>
> <<a href="https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist" rel="noreferrer" target="_blank">https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist</a>><br>
> <br>
> For searching the RFC series, see <a href="https://www.rfc-editor.org/search" rel="noreferrer" target="_blank">https://www.rfc-editor.org/search</a><br>
> <<a href="https://www.rfc-editor.org/search" rel="noreferrer" target="_blank">https://www.rfc-editor.org/search</a>><br>
> For downloading RFCs, see <a href="https://www.rfc-editor.org/retrieve/bulk" rel="noreferrer" target="_blank">https://www.rfc-editor.org/retrieve/bulk</a><br>
> <<a href="https://www.rfc-editor.org/retrieve/bulk" rel="noreferrer" target="_blank">https://www.rfc-editor.org/retrieve/bulk</a>><br>
> <br>
> Requests for special distribution should be addressed to either the<br>
> author of the RFC in question, or to <a href="mailto:rfc-editor@rfc-editor.org" target="_blank">rfc-editor@rfc-editor.org</a><br>
> <mailto:<a href="mailto:rfc-editor@rfc-editor.org" target="_blank">rfc-editor@rfc-editor.org</a>>. Unless<br>
> specifically noted otherwise on the RFC itself, all RFCs are for<br>
> unlimited distribution.<br>
> <br>
> <br>
> The RFC Editor Team<br>
> Association Management Solutions, LLC<br>
> <br>
> _______________________________________________<br>
> IETF-Announce mailing list<br>
> <a href="mailto:IETF-Announce@ietf.org" target="_blank">IETF-Announce@ietf.org</a> <mailto:<a href="mailto:IETF-Announce@ietf.org" target="_blank">IETF-Announce@ietf.org</a>><br>
> <a href="https://www.ietf.org/mailman/listinfo/ietf-announce" rel="noreferrer" target="_blank">https://www.ietf.org/mailman/listinfo/ietf-announce</a><br>
> <<a href="https://www.ietf.org/mailman/listinfo/ietf-announce" rel="noreferrer" target="_blank">https://www.ietf.org/mailman/listinfo/ietf-announce</a>><br>
> _______________________________________________<br>
> LACTF mailing list<br>
> <a href="mailto:LACTF@lacnic.net" target="_blank">LACTF@lacnic.net</a> <mailto:<a href="mailto:LACTF@lacnic.net" target="_blank">LACTF@lacnic.net</a>><br>
> <a href="https://mail.lacnic.net/mailman/listinfo/lactf" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lactf</a><br>
> <<a href="https://mail.lacnic.net/mailman/listinfo/lactf" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lactf</a>><br>
> Cancelar suscripcion: <a href="mailto:lactf-unsubscribe@lacnic.net" target="_blank">lactf-unsubscribe@lacnic.net</a><br>
> <mailto:<a href="mailto:lactf-unsubscribe@lacnic.net" target="_blank">lactf-unsubscribe@lacnic.net</a>><br>
> <br>
> <br>
> <br>
> -- <br>
> Douglas Fernando Fischer<br>
> Engº de Controle e Automação<br>
> <br>
> _______________________________________________<br>
> LACNOG mailing list<br>
> <a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a><br>
> <a href="https://mail.lacnic.net/mailman/listinfo/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lacnog</a><br>
> Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/options/lacnog</a><br>
<br>
-- <br>
Fernando Gont<br>
e-mail: <a href="mailto:fgont@si6networks.com" target="_blank">fgont@si6networks.com</a><br>
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Douglas Fernando Fischer<br>Engº de Controle e Automação<br><div style="padding:0px;margin-left:0px;margin-top:0px;overflow:hidden;color:black;text-align:left;line-height:130%;font-family:"courier new",monospace"></div></div></div>