IPv6 Hop-by-Hop Options Processing Procedures
draft-ietf-6man-hbh-processing-20
Yes
Erik Kline
No Objection
Murray Kucherawy
Orie Steele
Note: This ballot was opened for revision 16 and is now closed.
Erik Kline
Yes
Warren Kumari
(was No Objection, Discuss)
Yes
Comment
(2024-06-05 for -19)
Sent for earlier
Thank you for addressing my DISCUSS, and also addressing my comments. I initially balloted DISCUSS, and then moved to NoObj once my DISCUSS was addressed, and am now balloting YES.
Éric Vyncke
(was Discuss)
Yes
Comment
(2024-05-29 for -18)
Sent
Thank you for the sensible and sensitive work done in this document. The IETF community needs to continue to allow the Internet and IP to move forward. Thanks for addressing my previous blocking DISCUSS ballot as well as many (if not all) of my COMMENTS see: https://mailarchive.ietf.org/arch/msg/ipv6/UW5M-7RN1P3EJknROH9-3tf8I1s/
Deb Cooley
No Objection
Comment
(2024-05-28 for -17)
Sent
Many thanks to Peter Yee for his reviews. Section 8, paragraph 4: Nit: Echoing a concern that Peter Yee raised, I feel like this paragraph could be restructured a little to make it clear that this concern is not specific to this draft. My suggestions is to change the first sentence to: 'Although this is not specific to this draft, it should be noted that Internet protocol processing needs...'. And then remove the second to last sentence in the paragraph.
Gunter Van de Velde
No Objection
Comment
(2024-05-28 for -17)
Sent
# Gunter Van de Velde, RTG AD, comments for draft-ietf-6man-hbh-processing-17 Please find https://www.ietf.org/blog/handling-iesg-ballot-positions/ documenting the handling of ballots. Many thanks for this writeup. It is well written and a nice read to explore the wonderful opportunities and associated deep dark secrets embodied with HbH options. In the COMMENTS section i have added a series of comments with additional context. I hope this review and the various observations provide a way to help improve the document. One question i had at the end of reading the draft, is if a transit node may for performance optimization reorder, whiteout changing or removing options that are enclosed within the HbH header? Why? Maybe a particular implementation is interested in a subset of options and prefers to see them at the beginnings of the HbH header for hardware optimization when steering the packet through the available internet paths? G/ #DETAILED COMMENTS #================= 13 This document specifies procedures for how IPv6 Hop-by-Hop options 14 are processed in IPv6 routers and hosts. It modifies the procedures 15 specified in the IPv6 Protocol Specification (RFC 8200) to make 16 processing of the IPv6 Hop-by-Hop Options header practical with the 17 goal of making IPv6 Hop-by-Hop options useful to deploy and use in 18 the Internet. When published, this document updates RFC 8200. The word "practical" in this context can be improved for clarity and precision. A better word might be "efficient" or "feasible," which conveys the intention to make the processing of IPv6 Hop-by-Hop Options more manageable and effective in real-world deployments. similar use of the word practical was observed in the introduction section also. 117 * Fast Path: A path through a router that is optimized for 118 forwarding packets. The Fast Path might be supported by 119 Application Specific Integrated Circuits (ASICs), a Network 120 Processor (NP), or other special purpose hardware. This is the 121 usual processing path within a router taken by the forwarding 122 plane. The word "usual" in this context is appropriate, but "typical" or "standard" might be better choices to convey the intended meaning more clearly. 139 NOTE: [RFC6192] is an example of how designs can separate control 140 plane and forwarding plane functions. The separation between 141 hardware and software processing described in [RFC6398] does not 142 apply to all router architectures. However, a router that performs 143 all or most processing in software might still incur more processing 144 cost when providing special processing for Hop-by-Hop options. How about a slight rewrite of the section to enhance its readability: "Note: [RFC6192] provides an example of how designs can separate control plane and forwarding plane functions. The separation between hardware and software processing described in [RFC6398] does not apply universally to all router architectures. However, routers that perform all or most processing in software may still incur higher processing costs when providing special handling for Hop-by-Hop options." 163 * If a subset of packets in a flow were to include Hop-by-Hop 164 options, this could introduce a potential to increase the number 165 of re-ordered packets and the re-ordering distances of the packets 166 delivered to the destination. This might result when the 167 Extension Header was included in only some packets, or if a 168 specific Hop-by-Hop option required different processing for some 169 packets in a flow. Significant reordering of the packets 170 belonging to a flow can impact the performance of upper layer 171 protocols and needs to be avoided. It took me few times reading this section to fully grasp the intent. I tried to slightly reword the section for convenience: "If a subset of packets within a flow includes Hop-by-Hop options, this may lead to an increased number of reordered packets and greater reordering distances for packets delivered to the destination. Such reordering could occur if the Extension Header is included only in some packets, or if a specific Hop-by-Hop option necessitates different processing for certain packets within the flow. Significant reordering of packets within a flow can negatively impact the performance of upper-layer protocols and should therefore be avoided. " 173 * Packets could include multiple Hop-by-Hop options. Too many 174 options could make the previous issues worse by increasing the 175 resources required to process them. The total size of the options 176 determines the number of header bytes that might need to be 177 processed. Measurements [Cus23a] show that the probability of 178 successful transmission is currently higher for packets that 179 include Options when it results in a short total Extension Header 180 (EH) Chain size (e.g., less than 40 bytes). s/previous/aforementioned/ 217 The main issues remain: s/issues/concerns/ 285 "Transmission and Processing of IPv6 Extension Headers" [RFC7045] 286 clarified how intermediate nodes should process Extension Headers. 287 This document is generally consistent with [RFC7045], and was raised 288 as an issue for discussion when [RFC2460] was updated and replaced by 289 [RFC8200]. This document updates [RFC8200] as described in the next For clarity maybe 'this document' should be more explicit that it is about draft draft-ietf-6man-hbh-processing-17 and not about RFC7045, which was what i understood when i first read this section, and had to re-read the text again. i tried too come up with an text blob to clarify this, but i couldn't unfortunately 331 It is expected that the Hop-by-Hop Options header will be processed 332 by the destination. Hosts SHOULD process the Hop-by-Hop Options Earlier in the document it was mentioned that the destination address is multicast, and that there may be multiple destinations that process the packet. The text here seems to imply that there is only a single destination. Hence maybe s/destination/destination(s)/ 469 DISCUSSION Is this section intended like this for the rfc-to-be, or is this to trigger discussions somewhere in the WG? 516 A possible approach to implementing this is to maintain a lookup 517 table based on Option Type of the IPv6 options that can be processed 518 at full forwarding rate. This would allow a router to quickly 519 determine if an option is supported and can be processed. If the 520 option is not supported, then the router processes the option as 521 described in Section 5.1 of this document. Do we need this paragraph? Can it be left out (i do not have strong feelings if section remains though)? Implementers will do whatever they do to comply with their technology to select/identify those options they are instructed to process 534 * New Hop-by-Hop options SHOULD be designed to ensure the router can 535 process the options at the full forwarding rate. That is, they 536 should be simple to process (see Section 5.2). I am not sure that the keyword here is 'simple to process'. It seems that the requirement is that it can be processed in 'fast path by hardware' maybe? 563 The general issue of robust operation of packets with new Hop-by-Hop 564 options is described in Section 6.1 below. s/issue/concern/ 568 Recent measurement surveys (e.g., [Cus23a]) show that packets that 569 include Extension Headers can cause the packets to be dropped by some 570 Internet paths. In a controlled domain, routers can be configured or 571 updated to provide support for any required Hop-by-Hop options. in an earlier part of the text the term 'limited domain' was used. Would using this term be appropriate here also? 573 The primary motivation of this document is to make it more practical 574 to use Hop-by-Hop options beyond such a single domain, with the Same as the previous comment. Is the text suggesting a limited domain is intended.
Jim Guichard
No Objection
Comment
(2024-05-27 for -17)
Sent
# Jim Guichard, RTG AD, comments for draft-ietf-6man-hbh-processing-17. All comments provide indits line numbers from v-17 of the document. 84 An IPv6 packet includes Hop-by-Hop options by including a Hop-by-Hop 85 Option header. The current list of defined Hop-by-Hop options can be 86 found at [IANA-HBH]. The focus for this document is to set the 87 minimum requirements for router processing of Hop-by-Hop options. Jim> The previous paragraph says that the document has the goal of making IPv6 Hop-by-Hop options useful to deploy and use at IPv6 routers and hosts. However, the above does not mention hosts (?). Is this just an omission in the text or is the focus only for routers and therefore the previous paragraph is inaccurate? Please clarify. 111 * control plane: IPv6 routers exchange control information through 112 the control plane. This processes the management and routing 113 information exchanged with other routers. Routers process fields 114 contained in packet headers. However, they do not process 115 information contained in packet payloads. Jim> Are the last two sentences accurate in the context of a control plane definition? While both sentences are true they do not seem relevant to the control plane. 309 When a packet includes one or more Extension Headers, the Next Header 310 field of the IPv6 Header does not identify the transport protocol. Jim> Wouldn’t it be better to say ‘what’ the Next Header field indicates rather than what it ‘does not’. There are lots of things it ‘does not’ indicate.
John Scudder
No Objection
Comment
(2024-05-28 for -17)
Sent
(I realized I had forgotten to capture one point while transcribing my notes. This updated ballot adds one more point, right at the end.) This document uses a lot of words to say what is ultimately a fairly simple message. It's also an important message, so I think it's worth the time to communicate it clearly; hence the effort put into this review. (The quote attributed to Pascal, to the effect of "I am sorry I have written you a long letter, I did not have time to write you a short one" might apply here.) As far as I can tell, the spec's TL;DR is: Routers: - SHOULD process HbH options as long as they can do so without compromising forwarding rate. - If it would compromise forwarding rate, they should triage the HbH options they process. (Details of triage not specified other than letting the operator configure HbH options to respect/ignore.) - Can ignore the whole HbH header by default, or can process it but use configuration to control what individual HbH options are processed. - MUST NOT drop a packet just because it contains a HbH header. - SHOULD make the list of HbH options that are processed configurable. - Concerning the RA option, if processing it at all, - "MUST protect itself from infrastructure attack". - Shouldn't bother the control plane for an RA that has no Value field of interest. Hosts when receiving: - SHOULD process HbH headers, and process all options within - But may choose not to process them (e.g. constrained hosts) - For any HbH header not processed, they MUST (Section 5.1) behave as if it wasn't present. Hosts when sending: - SHOULD "use a method that is robust". - MAY include more than one HbH option. I feel fairly strongly that this document would be more valuable if it were less expository, more prescriptive, and shorter -- "crisper", if you like. However, my concerns don't rise to the level of blocking publication, so I've captured some specific and potentially actionable points in comments, and I understand that the authors' preferences may not be the same as mine, or that they may not have the appetite for a large rewrite. On the other hand, if you're up for the challenge, I'm willing to contribute more effort. Note that not all of my comments are of that nature, many relate to correctness and accuracy -- so even if you completely disagree with my editorial point of view, please look over the rest of them. ## COMMENT ### Section 3, cut-and-paste error? * control plane: IPv6 routers exchange control information through the control plane. This processes the management and routing information exchanged with other routers. So far so good. Routers process fields contained in packet headers. However, they do not process information contained in packet payloads. This sentence is a verbatim copy of a sentence in the definition of "forwarding plane". Is it a cut-and-paste error? It doesn't seem relevant to a definition of the control plane. ### Section 4, rewrite for clarity, add informative reference The pronouns and determiners in the last couple of paragraphs make it hard to nail down what they mean. I think a simple rewrite to add more specificity would help. Assuming I've understood your meaning correctly, something like this, OLD: "Transmission and Processing of IPv6 Extension Headers" [RFC7045] clarified how intermediate nodes should process Extension Headers. This document is generally consistent with [RFC7045], and was raised as an issue for discussion when [RFC2460] was updated and replaced by [RFC8200]. This document updates [RFC8200] as described in the next section and consequently clarifies the description in Section 2.2 of [RFC7045], using the language of BCP 14 [RFC2119] [RFC8174]. The document defines a set of procedures for the Hop-by-Hop Options header that are intended to make the processing of Hop-by-Hop options practical in modern transit routers. The common cases are that some Hop-by-Hop options will be processed across the Internet, while others will only be processed within a limited domain [RFC8799] (e.g., where a specific service is made available in that network segment that relies on one or more Hop-by-Hop options). NEW: "Transmission and Processing of IPv6 Extension Headers" [RFC7045] clarified how intermediate nodes should process Extension Headers. The present document is generally consistent with [RFC7045], and addresses an issue that was raised for discussion when [RFC2460] was updated and replaced by [RFC8200]. This document updates [RFC8200] as described in the next section and consequently clarifies the description in Section 2.2 of [RFC7045], using the language of BCP 14 [RFC2119] [RFC8174]. This document defines a set of procedures for the Hop-by-Hop Options header that are intended to make the processing of Hop-by-Hop options practical in modern transit routers. The common cases are that some Hop-by-Hop options will be processed across the Internet, while others will only be processed within a limited domain [RFC8799] (e.g., where a specific service is made available in that network segment that relies on one or more Hop-by-Hop options). Since you allude to "an issue that was raised for discussion", it also wouldn't go amiss to provide an informative citation to the relevant list thread. ### Section 5.1, use the RFC 8200 words Suggested rewording, both for correctness and to use the language of RFC 8200: OLD: [RFC8200] also requires that a Hop-by-Hop Options header only appear once in a packet. NEW: [RFC8200] also requires that a Hop-by-Hop Options header appear at most once in a packet. ### Sections 5.1, 5.1.1, clarity You juxtapose a quote from RFC 8200 that says (my paraphrase, with BCP 14 keyword added to be provocative) "routers SHOULD NOT process the HbH header unless explicitly configured to do so", next to a new requirement that "clarifies that a configuration could control whether processing skips any specific" HbH option. I'll paraphrase that one too, again inserting a BCP 14 keyword, as "routers MAY instead process the HbH header by default while allowing configuration to disable specific options." I guess those two things are compatible, but I had to do too much work to extract that interpretation and I'm not even confident that's really what you're trying to say. Can you confirm that it is? As a follow-up, if my paraphrase is right, how do you reconcile Section 5.1 where you say "Routers SHOULD process the Hop-by-Hop Options header" with (my paraphrase of) RFC 8200? You might reply that I've changed the meaning of Section 5.1 by omitting "using the method defined in this document", but if so I think you should rephrase the Section 5.1 language for clarity, as in, OLD: Routers SHOULD process the Hop-by-Hop Options header using the method defined in this document NEW: Routers that process the Hop-by-Hop Options header SHOULD do so using the method defined in this document. On the other hand, if you intend that "Routers SHOULD process the Hop-by-Hop Options header", I think you have more work to do in Section 5.1.1, as discussed above. ### Section 5.2, first HbH option The first couple of paragraphs appear to privilege the first HbH option compared to the rest. Is this deliberate? Can you help me understand why, if so? For example, A router configuration needs to avoid vulnerabilities that arise when it cannot process the first Hop-by-Hop option at full forwarding rate. A router SHOULD NOT therefore be configured to process the first Hop-by-Hop option if this adversely impacts the aggregate forwarding rate. A router SHOULD process additional Hop-by-Hop options, if configured to do so, providing that these also do not adversely impact the aggregate forwarding rate. When I unpack this, how is it different from (my text): A router configuration needs to avoid vulnerabilities that arise when processing of a Hop-by-Hop option would prevent it from forwarding at full forwarding rate. A router SHOULD process Hop-by-Hop options, if configured to do so, providing that these do not adversely impact the aggregate forwarding rate. The primary change in my rewrite was to cut A router SHOULD NOT therefore be configured to process the first Hop-by-Hop option if this adversely impacts the aggregate forwarding rate. As far as I can tell the rewrite is semantically the same, but I'm concerned that I have missed something, otherwise, why would you have put in that special mention of the first option? :-( One interpretation I came up with after reading it a few times is that what you mean is something like "when it cannot process even a single Hop-by-Hop option at full forwarding rate". Does that get at your intent? I appreciate that practically speaking, most forwarding code will go through the options serially starting with the first, but not only is that not a requirement, but in some of your other text you drive home the message that the order of processing is not guaranteed. So, I think you should be careful to separate that assumption from what you're trying to specify. This is only one example. Another is the first paragraph, A source creating packets with a Hop-by-Hop Options header SHOULD use a method that is robust to network nodes processing only the first Hop-by-Hop option that is included in the packet, or that forward packets without the option being processed (see Section 6.1). I would've expected something more like, A source creating packets with a Hop-by-Hop Options header SHOULD use a method that is robust to network nodes selectively processing only some of the Hop-by-Hop options that are included in the packet, or that forward packets without the option(s) being processed (see Section 6.1). As it is, a close reading of the sentence tells me it's fine if the method is *not* robust to network nodes that process only the second option, for example. This isn't a full scrub of the section, e.g. the fourth paragraph has "further" (after what? The first? The last one successfully processed?) ### Section 5.2, including more than one HbH option I found "A source MAY, based on local configuration, include more than one Hop-by-Hop option" peculiar, given that there's never been a restriction on that in the past (has there?), i.e. you're granting permission for something that was always allowed, so... thanks? I think I see what you're doing, which is to subtly throw shade on the idea of including more than one HbH option, but if you want to do that, why do it subtly? E.g., you could go whole hog with something like A source SHOULD NOT include more than one Hop-by-Hop option, although it MAY do so based on local configuration. In the latter case it might wish to restrict the size... ### Section 5.2, clarity OLD: If a router is unable to process any Hop-by-Hop option (or is not NEW: If a router is unable to process a given Hop-by-Hop option (or is not ### Section 5.2, sense of "any" is underdetermined This document modifies this behaviour for the "01", "10", and "11" action bits, so that if a router is unable to process any Hop-by-Hop option (or is not configured to do so), it SHOULD behave in the way specified for an unrecognized Option Type when the action bits were set to "00". It also modifies the behaviour for the "10" and "11" Is "any Hop-by-Hop option" supposed to mean "any given HbH option" or is it supposed to mean "no HbH option"? I think it's the former, in which case, I suggest the change. ### Section 5.2, clarity, standalone patch This document modifies this behaviour for the "01", "10", and "11" action bits, so that if a router is unable to process any Hop-by-Hop option (or is not configured to do so), it SHOULD behave in the way specified for an unrecognized Option Type when the action bits were set to "00". ... The modified text for "01", "10", and "11" values is: 01 - MAY discard the packet. Nodes should not rely on routers dropping these unrecognized Option Types. 10 - MAY discard the packet ... 11 - MAY discard the packet ... And as a reminder (to me, at least!), 00 is: 00 - skip over this option and continue processing the header. I had to go over this several times before I finally worked out that the modified text for the three values quoted above is not actually in conflict with the SHOULD in the first quoted paragraph. While puzzling over it, I also noticed that even though all three values are modified to permit discard, only the first includes the sentence "Nodes should not rely on routers dropping these unrecognized Option Types". It seems to me that even though it would make the document more verbose, and isn't strictly mandatory for technical correctness upon careful reading, it would be helpful for clarity to spell things out more explicitly, as in, NEW: The modified text for "01", "10", and "11" values is: 01 - SHOULD behave as specified for 00, but MAY discard the packet if so configured. 10 - SHOULD behave as specified for 00, but MAY discard the packet if so configured and, regardless of whether or not the packet's Destination Address was a multicast address, and if the packet was discarded, MAY send an ICMP Parameter Problem, Code 2, message to the packet's Source Address, pointing to the unrecognized Option Type. 11 - SHOULD behave as specified for 00, but MAY discard the packet if so configured and, only if the packet's Destination Address was not a multicast address, and the packet was discarded, MAY send an ICMP Parameter Problem, Code 2, message to the packet's Source Address, pointing to the unrecognized Option Type. Nodes should not rely on routers dropping unrecognized Option Types. I added a SHOULD clause for each. I also added "if so configured" to the MAY parts, it's unclear to me if that's overreach or helpful clarification of intent since I don't know if you intended the MAY to cover other cases too. Finally, I factored out the "should not rely on" sentence so that it doesn't appear to apply only to the 01 case. Apart from simple readability, the other argument I'd give in favor of making this change (or one like it) is that in this kind of patch-type approach to updating a base document (which is what this is, despite the fact you haven't used OLD/NEW blocks), it's desirable for the patched base document to at least potentially stand alone. ### Section 5.2, "a multicast address", plus RFC 2119 keyword I have two concerns about When a node sends an ICMP message in response to a packet with a multicast address, this could be exploited as an amplification attack. This is particularly problematic when the Source Address is not valid (which can be mitigated to varying degrees by using a reverse path forwarding (RPF) check). A node SHOULD only send ICMP messages in response to a packet with a multicast address when this is enabled for the specific Source Address and/or the group Destination Address. The first concern is that when you write "a packet with a multicast address", it's not clear, until one reads the final sentence, that you mean either the source address or the destination address. I suggest spelling it out explicitly. The second concern is that although your intent with "SHOULD only" is clear enough, it doesn't fit the RFC 2119 definition of SHOULD. A possible rewrite to cover both concerns is, NEW: When a node sends an ICMP message in response to a packet with a multicast source or destination address, this could be exploited as an amplification attack. This is particularly problematic when the Source Address is not valid (which can be mitigated to varying degrees by using a reverse path forwarding (RPF) check). A node SHOULD NOT send ICMP messages in response to a packet with a multicast source or destination address unless this is enabled for the specific Source Address and/or the group Destination Address. (You could use "and/or" wherever I have put "or", but in my view it's not necessary, after all, it's not "xor".) ### Section 5.2, expository paragraph needed? Is this paragraph doing any necessary work? When an ICMP Parameter Problem, Code 2, message is delivered to the source, the source can become aware that at least one node on the path has failed to recognize the option. Generating an ICMP message incurs additional router processing. Reception of this message is not guaranteed, routers might be unable to be configured so that they do not generate these messages, and they are not always forwarded to the source. The motivation here is to loosen the requirement to send an ICMPv6 Parameter Problem message when a router forwards a packet without processing the list of all options. I can see how it might've been needed during working group development of the document, but if I imagine I'm an implementor reading this spec, I'm not sure what I do with it. As far as I can tell the whole thing can be condensed down to "you might not get an IMCP parameter problem if one of your options isn't recognized, but then again that was always true"... and because of "that was always true", you could leave it out without harm. ### Section 5.2.1 The function of a Router Alert Option can result in the processing that this specification is proposing to eliminate, that is, to instruct a router to process the packet in the control plane. I don't think this specification is solely proposing to protect the control plane, it's also trying to protect the forwarding plane from option lists that are too heavyweight to be processed at line rate in the fast path. (Bullets 3 and 4 in the second bullet list in Section 4.) Fortunately, a rewrite to correct this is as simple as removing one definite article. NEW: The function of a Router Alert Option can result in processing that this specification is proposing to eliminate, that is, to instruct a router to process the packet in the control plane. ### Section 5.2.2, inappropriate RFC 2119 keyword The final paragraph of this section is the single sentence, The actions of the lookup table SHOULD be configurable by the operator of the router. But the previous paragraph told me that said lookup table is "a possible approach". It seems weird to me to use an RFC 2119 keyword to mandate behavior specific to "a possible approach". If I were you, I'd use lowercase "should", and I would combine this paragraph with the preceding one. ### Section 6, "simple to process" isn't actionable * New Hop-by-Hop options SHOULD be designed to ensure the router can process the options at the full forwarding rate. That is, they should be simple to process (see Section 5.2). I don't see anything in Section 5.2 that tells me how to make an option simple to process. If you think it does explain that, please help me understand how. Otherwise, I think you should remove the cross-reference. For that matter, even with the suggested change, this bullet point makes me a little bit sad because it feels isomorphic to the famous "don't write bugs" advice. (See also RFC 9225.) But, ¯\_(ツ)_/¯ ### Section 8, forcing packets to the slow path can also harm the control plane Security issues with including IPv6 Hop-by-Hop options are well known and have been documented in several places, including [RFC6398], [RFC6192], [RFC7045] and [RFC9098]. The main issue, as noted in Section 4, is that any mechanism that can be used to force packets into the router's control plane can be exploited as a Denial-of- Service attack on a transit router by saturating the resources needed for router management (routing protocols, network management protocols, etc.) and cause the router to fail or perform sub- optimally. There is a related but not identical issue, which is that in many routers, some resources are shared between the control plane and the slow path -- you nod to this in your definition of "slow path" in Section 3. Even if packets are forced only into the slow path, but not the control plane, that can still work as a denial of service attack against the control plane. I suppose we might get into an ontological debate about what exactly "the control plane" is in this context and whether the paragraph as written already encompasses it, but I think it would be better to err on the side of completeness even if it requires a bit more verbosity. The fix I propose is simple enough, though: s/control plane/slow path or control plane/. ### Section 8, misleading bullet points I think these two bullet points are misleading in a couple of ways: * The document sets an expectation that if a packet includes a single Hop-by-Hop option that packet will be forwarded across the network path." * Additional Hop-by-Hop options MAY be included, based on local configuration. Nodes only process these additional Hop-by-Hop options if configured to do so. The first bullet, by focusing on "a single Hop-by-Hop option", implies that if multiple options were included, the packet might not be forwarded. I think that's not right, per my understanding of the document. The second bullet's second sentence ("only process... if") appears to be a case of "the exception proves the rule" that nodes commit to processing the first Hop-by-Hop option. But this is also not right. For that matter, it's not clear whether "nodes" in that sentence refers to destination or intermediate nodes. I have assumed the latter. A rewrite might be, NEW: * The document sets an expectation that if a packet includes a Hop-by-Hop Options header that packet will be forwarded across the network path. * A source MAY include one or more Hop-by-Hop options. Whether any of these options is processed, and if so which and how many, is dependent on the configuration of intermediate nodes.
Murray Kucherawy
No Objection
Orie Steele
No Objection
Paul Wouters
No Objection
Comment
(2024-05-28 for -17)
Not sent
This document made me sad
Roman Danyliw
(was Discuss)
No Objection
Comment
(2024-05-29 for -18)
Sent
Thank you to Behcet Sarikaya for the GENART review. Thank you for addressing my DISCUSS feedback. ** What is the relationship between the guidance found in this document and the filtering guidance in RFC9288?
Zaheduzzaman Sarker
No Objection
Comment
(2024-05-29 for -17)
Sent
Thanks for working on this specification. Thanks for Brian Trammell for the TSVART review. I have no issues here from transport protocol point of view, however, I am supporting Roman's discuss as I would also like to know what is classified as reasonable exception.