![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: IPv6, IPSEC and deep packet inspection
From: bmanning () vacation karoshi com
Date: Sun, 2 Jan 2005 04:44:13 +0000
On Sat, Jan 01, 2005 at 10:09:24PM -0500, Sean Donelan wrote:
That depends very much on what is being reached. Would it be reasonable for a.gtld-servers.net and b.gtld-servers.net to start silently blocking v6 datagrams on a whim?There are *.root-servers.net (or the networks they're behind) which have/do block v4 datagrams on a whim, political winds, or the phase of the moon. Sometimes they drop them from just certain countries. Other times its difficult for the external observer to guess their motivation.
odd... that very behaviour crops up in nearly every ISP i've had the pleasure to interact w/ these few years. local policy tends to always have a clause that sez something about "reserve the right to defend in case of attack" - where a defense is to block/drop/filter packets. And virtually noone has the local policy that sez they must explain their actions to random (or not) people who want to intrude on their business. as for me, if there is an apparent DDos, the prefix will be filtered. getting on is easy. getting off takes some work. and if your not a directly affected party (e.g. its not your prefix) its not likely i'll tell you anyting about it w/o a court order.
On the other hand, all the gtld-servers.net happen to be operated by a single organization. What does their contract say they can do with v6, v4 or DECNET packets? Are they required to provide v4 or v6 service at all?
perhaps you could ask them to allow you to become their spokesman and you can interprete their contractual obligations for the rest of us JQ Public?
Its amazing how sometimes people want providers to drop all sorts of packets, and other times people get upset when providers drop all sorts of packets. ipv6 e-dns smtp netbios icmp net-10.0.0.0 multicast directed-broadcast
true, true... that whole expectation of a single Internet is powerful... too bad that human nature has caused operators to be burned so often that they are gunshy about facilitating a truely open, global network mesh. Welcome to the walled garden, Internet of the future. --bill
Current thread:
- Re: IPv6, IPSEC and deep packet inspection Christopher L. Morrow (Dec 31)
- <Possible follow-ups>
- Re: IPv6, IPSEC and deep packet inspection Stephen Sprunk (Dec 31)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Sean Donelan (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection bmanning (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Hank Nussbacher (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nicolas FISCHBACH (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Kevin Oberman (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Manish Karir (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nils Ketelsen (Jan 04)