Folks, FYI. Thought this might be of interest. P.S.: Input/comments welcome Thanks! Cheers, Fernando -------- Original Message -------- Subject: Some stats on IPv6 fragments and EH filtering on the Internet Date: Mon, 04 Nov 2013 15:01:48 -0800 From: Fernando Gont <fernando@gont.com.ar> To: 6man@ietf.org <6man@ietf.org>, IPv6 Operations <v6ops@ietf.org> Folks, I did a presentation on the topic at the IEPG meeting earlier this week. It provides some concrete data regarding IPv6 fragmentation and Extension Header filtering on the Internet. The slideware is available at: <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf> Certainly there's *much* more work to be done in this area, but I thought that this could be good food sfor some of the discussions that we were having on the topic. Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------- Original Message -------- Subject: Re: Some stats on IPv6 fragments and EH filtering on the Internet Date: Mon, 4 Nov 2013 23:27:12 +0000 From: Tim Chown <tjc@ecs.soton.ac.uk> To: 6man@ietf.org <6man@ietf.org>, IPv6 Operations <v6ops@ietf.org> Hi, Also as per the IEPG discussion, the results I had in conjunction with a summer MSc project student can be summarised as follows. The headline is that he saw a 37.7% failure rate for the Fragmentation Header (alone), a bit better than Fernandos results, but still not good. He tested the top 1,000 IPv6-enabled Alexa sites. He used the scapy toolkit which supports the four main extension header types (routing, fragmentation, destination and hop-by-hop) He tested a) valid combinations of those 4 extension headers as per RFC 2460 b) other non-valid combinations c) duplicated extension headers d) fragmentation header Primarily TCP tests, doing HTTP GET requests. For single extension headers, acceptance was Routing header 63.9% Frag header 62.3% Hop by hop header 60% Destination option header 15.8% When using no extension headers, success rate was 100% When using multiple headers, the rates fall markedly, not dissimilar with Fernandos numbers for longer headers. About 120 sites accept all four types of extension headers. A small number of sites accepted illegal combinations/ordering of extension headers. A more detailed set of results is being pushed to a conference paper. I now have another student taking this further, and validating the above results, so feel free to contact me off-list if youre interested. Tim On 4 Nov 2013, at 23:01, Fernando Gont <fernando@gont.com.ar> wrote:
Folks,
I did a presentation on the topic at the IEPG meeting earlier this week. It provides some concrete data regarding IPv6 fragmentation and Extension Header filtering on the Internet.
The slideware is available at: <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf>
Certainly there's *much* more work to be done in this area, but I thought that this could be good food sfor some of the discussions that we were having on the topic.
Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1