nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NIST IPv6 document

From: Owen DeLong <owen () delong com>
Date: Fri, 7 Jan 2011 14:15:59 -0800

On Jan 7, 2011, at 7:12 AM, Justin M. Streiner wrote:


On Thu, 6 Jan 2011, Jeff Wheeler wrote:


On Thu, Jan 6, 2011 at 8:47 PM, Owen DeLong <owen () delong com> wrote:

1.      Block packets destined for your point-to-point links at your
       borders. There's no legitimate reason someone should be


Most networks do not do this today.  Whether or not that is wise is
questionable, but I don't think those networks want NDP to be the
reason they choose to make this change.


Correct me if I'm wrong, but wouldn't blocking all traffic destined for your infrastructure at the borders also play 
havoc with PTMUD?  Limiting the traffic allowed to just the necessary types would seem like a reasonable alternative.

jms


It would only play havoc if your infrastructure is originating packets destined
to the outside world from it's link addresses.

Generally this shouldn't happen.

Remember, I'm only blocking traffic TO the point-to-point LINK networks.
Not to the servers, loopbacks, etc.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: