nanog mailing list archives
Re: Should routers send redirects by default?
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Fri, 20 Aug 2010 17:56:51 +0000
On Aug 21, 2010, at 12:20 AM, Christopher Morrow wrote:
o routers are required to be able to send redirect messages o routers should NOT do this by default
I concur with this position from an opsec standpoint; at the same time, I don't know that *mandating* a default configuration setting for a legal (if largely iatrogenic) mode of operation is something that the IETF should be doing. Here's an alternate formulation which gets the point across, but doesn't stray into the area of : 1. Routers are required to be able to send redirect messages. 2. It is recommended that routers should NOT do this by default. As was mentioned somewhere in the 6man thread, the root of the problem has to do with the ugliness of IPv6 in general, and the whole v6 ICMP/ND mess in particular. Unfortunately, those ships have long since sailed; while it's tempting to try and retrofit fixes for poor design decisions in the fundamental protocol specifications by mandating sane implementation defaults in conformance documents, a recommendation rather than a mandate seems more situationally-appropriate in this context. The 'right way', impractical though it may be, is in fact to fix this problem is to go back and fix the protocol specifications; since that isn't going to happen, making recommendations gets the point across without being overbearing. YMMV, of course. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
Current thread:
- Should routers send redirects by default? Christopher Morrow (Aug 20)
- Re: Should routers send redirects by default? Jack Bates (Aug 20)
- Re: Should routers send redirects by default? Mikael Abrahamsson (Aug 20)
- Re: Should routers send redirects by default? Jack Bates (Aug 20)
- Re: Should routers send redirects by default? Christopher Morrow (Aug 20)
- Re: Should routers send redirects by default? Mikael Abrahamsson (Aug 20)
- Re: Should routers send redirects by default? Dobbins, Roland (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
- Re: Should routers send redirects by default? Jack Bates (Aug 20)