nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Too bigs are sacred, was: Re: IPv6 addressing for core network

From: David Freedman <david.freedman () uk clara net>
Date: Thu, 10 Feb 2011 12:15:52 +0000
Iljitsch van Beijnum wrote:

On 10 feb 2011, at 0:26, David Freedman wrote:


Unless every packet you emit is ≤ the minimum MTU (1280), then, you need
to be able to receive TOOBIG messages.



Can you think of a packet type I will emit from my publically numbered
backbone interface which may solicit a TOOBIG that I'll have to care about?


What if you're trying to connect to your routers with 1500-byte+ POS, ATM, ethernet jumbo or what have you interfaces 
from some system with a big fat jumboframe MTU but some 100 Mbps ethernet firewall or office network in the middle?

If you're willing to accept TCP or UDP from somewhere, it's a bad idea to filter ICMP coming in from that same place.



I think the point I'm making is, that I'm not, I wont accept any traffic
to these backbone interfaces from outside the AS, this means no
management sessions from outside the network! (and in the rare,
emergency cases where something does need to get in from the outside,
policy may dictate acl hole-punching to support it)

In the case of people having an unreachable core (i.e MPLS
hidden or RFC1918/ULA/LinkLocal), this happens already, if they decide
to expose this somehow (MPLS TTL propagation, and/or allowing the ICMP
out) then it is only to assist troubleshooting (not that I accept
RFC1918/ULA sourced traffic from such networks at my edge , anyway),

these people are doing this by design, I think thats the point I'm
trying to get across, if you will never need to process TOOBIG in your
design, there is no need to accept it.


-- 


David Freedman
Group Network Engineering
Claranet Group
Previous By Date Next
Previous By Thread Next

Current thread: