This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/mat-wg@ripe.net/
[mat-wg] IPv6 extension headers support on RIPE Atlas
- Previous message (by thread): [mat-wg] IPv6 extension headers support on RIPE Atlas
- Next message (by thread): [mat-wg] IPv6 extension headers support on RIPE Atlas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tim Chown
tjc at ecs.soton.ac.uk
Wed Nov 6 08:27:00 CET 2013
Hi, Just to rewind a bit, the concern over support on-path for IPv6 Extension Headers, esp. the Fragmenttation Header, has always been there, it’s just that with the recent measurements by Fernando and an MSc student here, the numbers are rather worse than many people expected, moreso the longer the EH used. Fernando did the test extending his own IPv6 toolset, our student used scapy (which supports the four main EHs) to craft HTTP requests. We both targeted the top Alexa sites. The Fragmentation Header success rate across the sites tested was at best under 70%. The interest with Atlas is that we could test between participating sites, rather than just to Alexa-ranked web servers, which is more interesting esp. bearing in mind the desire to build IPv6 p2p apps. As for HTTP tests - I asked a few weeks ago about using the probes to do general HTTP measurements, and was told they were only possible for a limited set of users. No problem with that, but I simply guessed from that response that expecting the probes to do IPv6 EHs without significant changes was optimistic. And I certainly understand the security-related concerns. I have a different student now working further on the tests, which may include adding extra EH capability to scapy, and possible ‘looking glass’ style tests. I think Fernando is also exending his tests as he was only checking with one EH type. So we should get more/better information soon regardless, and we may get better clues as to how Atlas could help. I think this is an important issue for IPv6, witness the current discussions and I-Ds on EH handling, header lengths, etc. Best wishes, Tim On 6 Nov 2013, at 07:08, Tassos Chatzithomaoglou <achatz at forthnet.gr> wrote: > While i see the benefit of such measurements, i'm a little bit worried about turning Atlas into a possible "distributed attack" tool. > I think it would be better, at least for the time being, to allow such "packet manipulation" measurements under strict conditions. > This might be the very first step of turning Atlas into Scapy-Atlas, which sounds exciting and worrying at the same time. > > -- > Tassos > > Jen Linkova wrote on 6/11/2013 02:59: >> [ This is a outcome of some online&offline discussions we have had on IETF8 ] >> >> There are some ongoing efforts to measure IPv6 extension headers >> filtering in the Internet (in particular, see Fernando Gont's talk: >> >> http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf >> ) >> >> While individuals are running some experiments from their networks, >> I think it would be extremely useful to run distributed measurements >> using Atlas to understand the current situation and possible impact >> better. >> >> Therefore it would be great if Atlas supports: >> - inserting Ipv6 extension headers into probe packets. Ideally user >> should be allowed to define a chain of extension headers as specified >> in RFC2460. In particular, it would be nice to insert the following >> headers: >> -- Hop-by-Hop Options >> -- Fragment >> -- Destination Options >> >> - HTTP measurements (Tim, please add particular requirements if you have any). >> >> If anyone else would like to see such features supported by Atlas - >> please speak up! >> >
- Previous message (by thread): [mat-wg] IPv6 extension headers support on RIPE Atlas
- Next message (by thread): [mat-wg] IPv6 extension headers support on RIPE Atlas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ mat-wg Archives ]