19 Jan
2014
19 Jan
'14
11:11 a.m.
On 19/01/2014 04:00, Mukom Akong T. wrote:
Have you found them to be more troublesome to process than IPv4 options are/were?
The problem is that you can have long EH chains, with one after another. Generally speaking, most hardware forwarding engines will perform a lookup based on the first N bytes of a packet. If arbitrary length EHs are not supported by the hardware, then you have 3 options: forward the packets unilaterally, drop the packets unilaterally or punt to a cpu/npu. Punting and forwarding both open up denial of service attacks for hardware-forwarded routers, so generally the only sensible option is to drop packets with long EH chains. Nick