APNIC IPv6 Deployment
Performance and Diagnostic Metrics (PDM) [RFC 8250] is an IPv6 Destination Option Extension Header. Many internet services today are time-sensitive, and latencies can have a direct impact on their businesses. PDM helps enterprises and organizations to analyze the delays per flow (5-tuple) and categorizes them into server-side delay and network delay. It allows them to quickly narrow down the issue and take appropriate steps to rectify it. PDM also adds packet sequence numbers which will enable a packet-level inspection per flow. PDM, along with its perks, has a few security limitations. PDMv2 protocol is a proposed standard that tries to overcome the security limitations of PDM while providing its merits. PDMv2 integrates confidentiality, integrity, and authentication features by leveraging the Hybrid Public Key Exchange (HPKE) [RFC 9180] framework. PDMv2 proposes a two-phase mechanism for establishing a shared context (secret) and encrypting the PDM data, respectively. It is designed to minimize possible overheads with optimal security for the extension header contents. PDMv2 architecture can overcome the security limitations of IPv6 Destination Options Headers.
ipv6
