[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on draft-ietf-psamp-framework-10.txt



Hi all

I review the draft-ietf-psamp-framework-10.txt. I suggest that the
drafts should be modified content of ipv6. There are two suggestions in
ipv6 about this draft.

1: in section 5.2 " (i) the IP header (excluding options in IPv4,
stacked headers in IPv6) "
I think that field match operation should include extension headers of
ipv6. Extension headers are very important part in ipv6. Network manager
could get lots of information from extension headers. For example, it
could sample by the fragment information in whole flow. And  it could
analysed if  there has action of attack? (fragment information could be
get from basic header in ipv4). The other face, it's easy to implement
field match by extension headers. Because the TCP/UDP headers are behind
the other extension header. TCP/UDP port is the basic rule of acl. So
TCP/UDP header is often been arrived by next header field. it could know
what kind of extension header including in packet when visit TCP/UDP
header. So whatever router and switch could discover which extension
header been include in packet easy.

2:in section 5.2 "Router Stare Filtering" there are eight conditions. I
suggest two more conditions as follow:
		(i)no arp/ND found for the packet in Ethernet interface
		(ii)forwarding to ipv6 over ipv4 tunneling by ipv6
routing table, for example 6to4/Configured/Automatic tunneling

Best regards
Hongfei Chen



--
to unsubscribe send a message to psamp-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/psamp/>