[ipv6hackers] Fwd: RFC 9288 on Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers

Fernando Gont fgont at si6networks.com
Fri Aug 19 00:00:03 -03 2022


Hi,

FYI. RFC 9288, "Recommendations on the Filtering of IPv6 Packets 
Containing IPv6 Extension Headers at Transit Routers" (available at: 
https://www.rfc-editor.org/rfc/rfc9288)

FWIW, IMO most of the value is in the analysis of what 
protocols/features use what EHs, and what would break (if anything) if 
packets with EHs are dropped.

These other two are useful for context:

* RFC 9098, "Operational Implications of IPv6 Packets with Extension
   Headers" (https://www.rfc-editor.org/rfc/rfc9098.html)

* RFC 7872, "Observations on the Dropping of Packets with IPv6 Extension
   Headers in the Real World (https://www.rfc-editor.org/rfc/rfc7872.html).

Thanks!

Cheers,
Fernando




-------- Forwarded Message --------
Subject: RFC 9288 on Recommendations on the Filtering of IPv6 Packets 
Containing IPv6 Extension Headers at Transit Routers
Date: Thu, 18 Aug 2022 16:21:47 -0700 (PDT)
From: rfc-editor at rfc-editor.org
To: ietf-announce at ietf.org, rfc-dist at rfc-editor.org
CC: rfc-editor at rfc-editor.org, drafts-update-ref at iana.org, opsec at ietf.org

A new Request for Comments is now available in online RFC libraries.

                 RFC 9288

         Title:      Recommendations on the Filtering of      IPv6 
Packets Containing IPv6 Extension Headers  at Transit Routers Author: 
   F. Gont,
                     W. Liu
         Status:     Informational
         Stream:     IETF
         Date:       August 2022
         Mailbox:    fgont at si6networks.com,
                     liushucheng at huawei.com
         Pages:      33
         Updates/Obsoletes/SeeAlso:   None

         I-D Tag:    draft-ietf-opsec-ipv6-eh-filtering-10.txt

         URL:        https://www.rfc-editor.org/info/rfc9288

         DOI:        10.17487/RFC9288

This document analyzes the security implications of IPv6 Extension
Headers and associated IPv6 options. Additionally, it discusses the
operational and interoperability implications of discarding packets
based on the IPv6 Extension Headers and IPv6 options they contain.
Finally, it provides advice on the filtering of such IPv6 packets at
transit routers for traffic not directed to them, for those cases
where such filtering is deemed as necessary.

This document is a product of the Operational Security Capabilities for 
IP Network Infrastructure Working Group of the IETF.


INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
   https://www.ietf.org/mailman/listinfo/ietf-announce
   https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC

_______________________________________________
IETF-Announce mailing list
IETF-Announce at ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce


More information about the Ipv6hackers mailing list