nanog mailing list archives
Re: Dropping IPv6 Fragments
From: joel jaeggli <joelja () bogus com>
Date: Thu, 04 Oct 2012 08:27:41 -0700
On 10/4/12 8:15 AM, Dobbins, Roland wrote:
On Oct 4, 2012, at 9:58 PM, joel jaeggli wrote:Likewise with the acl I have the property that the initial packet has all the info in it while the fragment does not.For iACLs, just filter non-initial fragments directed to infrastructure IPs. Cisco & Juniper ACLs have ACL matching criteria for non-initial fragments.
Yeah, that's more or less what we said in RFC 6192.That said as the network operator of a content provider I have more devices in my portfolio than just backbone routers.
----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- Dropping IPv6 Fragments Tom Taylor (Oct 04)
- Re: Dropping IPv6 Fragments Saku Ytti (Oct 04)
- Re: Dropping IPv6 Fragments Tom Taylor (Oct 04)
- Re: Dropping IPv6 Fragments Sander Steffann (Oct 04)
- Re: Dropping IPv6 Fragments Dobbins, Roland (Oct 04)
- Re: Dropping IPv6 Fragments joel jaeggli (Oct 04)
- Re: Dropping IPv6 Fragments Dobbins, Roland (Oct 04)
- Re: Dropping IPv6 Fragments joel jaeggli (Oct 04)
- Re: Dropping IPv6 Fragments Fernando Gont (Oct 04)
- Re: Dropping IPv6 Fragments Masataka Ohta (Oct 04)
- Re: Dropping IPv6 Fragments Saku Ytti (Oct 04)
- Re: Dropping IPv6 Fragments Merike Kaeo (Oct 04)
- Re: Dropping IPv6 Fragments Mark Andrews (Oct 04)
- Re: Dropping IPv6 Fragments Benno Overeinder (Oct 05)