[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NIST IPv6 document

Subject: NIST IPv6 document
From: owen at delong.com (Owen DeLong)
Date: Mon, 10 Jan 2011 15:04:23 -0800
In-reply-to: <EMEW3|0ba540fb648edde02e3488297e052778n09DuW03tjc|ecs.soton.ac.uk|[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <EMEW3|0ba540fb648edde02e3488297e052778n09DuW03tjc|ecs.soton.ac.uk|[email protected]>

On Jan 10, 2011, at 5:56 AM, Tim Chown wrote:

> 
> On 7 Jan 2011, at 15:12, Justin M. Streiner wrote:
> 
>> On Thu, 6 Jan 2011, Jeff Wheeler wrote:
>> 
>>> On Thu, Jan 6, 2011 at 8:47 PM, Owen DeLong <owen at delong.com> wrote:
>>>> 1.      Block packets destined for your point-to-point links at your
>>>>       borders. There's no legitimate reason someone should be
>>> 
>>> Most networks do not do this today.  Whether or not that is wise is
>>> questionable, but I don't think those networks want NDP to be the
>>> reason they choose to make this change.
>> 
>> Correct me if I'm wrong, but wouldn't blocking all traffic destined for your infrastructure at the borders also play havoc with PTMUD?  Limiting the traffic allowed to just the necessary types would seem like a reasonable alternative.
> 
> Recommendations for PTMUD-friendly filtering are described in RFC 4890.
> 
> Tim

Unless my point-to-point links are originating packets to the outside world
(they should not be, in general), then I should not expect any PMTU-D
responses directed at them.

As such, blocking even those packets TO my point-to-point interfaces
should not be problematic.

Owen

Follow-Ups:
- NIST IPv6 document
  - From: jbates at brightok.net (Jack Bates)

References:
- NIST IPv6 document
  - From: oberman at es.net (Kevin Oberman)
- NIST IPv6 document
  - From: jsw at inconcepts.biz (Jeff Wheeler)
- NIST IPv6 document
  - From: mohacsi at niif.hu (Mohacsi Janos)
- NIST IPv6 document
  - From: jsw at inconcepts.biz (Jeff Wheeler)
- NIST IPv6 document
  - From: rdobbins at arbor.net (Dobbins, Roland)
- NIST IPv6 document
  - From: owen at delong.com (Owen DeLong)
- NIST IPv6 document
  - From: rs at seastrom.com (Robert E. Seastrom)
- NIST IPv6 document
  - From: jsw at inconcepts.biz (Jeff Wheeler)
- NIST IPv6 document
  - From: owen at delong.com (Owen DeLong)
- NIST IPv6 document
  - From: jsw at inconcepts.biz (Jeff Wheeler)
- NIST IPv6 document
  - From: streiner at cluebyfour.org (Justin M. Streiner)
- NIST IPv6 document
  - From: tjc at ecs.soton.ac.uk (Tim Chown)

Prev by Date: Is Cisco equpiment de facto for you?
Next by Date: arin and ops fora (was Re: AltDB?)
Previous by thread: NIST IPv6 document
Next by thread: NIST IPv6 document
Index(es):
- Date
- Thread