nanog mailing list archives
Re: Too bigs are sacred, was: Re: IPv6 addressing for core network
From: David Freedman <david.freedman () uk clara net>
Date: Thu, 10 Feb 2011 12:15:52 +0000
Iljitsch van Beijnum wrote:
On 10 feb 2011, at 0:26, David Freedman wrote:Unless every packet you emit is ≤ the minimum MTU (1280), then, you need to be able to receive TOOBIG messages.Can you think of a packet type I will emit from my publically numbered backbone interface which may solicit a TOOBIG that I'll have to care about?What if you're trying to connect to your routers with 1500-byte+ POS, ATM, ethernet jumbo or what have you interfaces from some system with a big fat jumboframe MTU but some 100 Mbps ethernet firewall or office network in the middle? If you're willing to accept TCP or UDP from somewhere, it's a bad idea to filter ICMP coming in from that same place.
I think the point I'm making is, that I'm not, I wont accept any traffic to these backbone interfaces from outside the AS, this means no management sessions from outside the network! (and in the rare, emergency cases where something does need to get in from the outside, policy may dictate acl hole-punching to support it) In the case of people having an unreachable core (i.e MPLS hidden or RFC1918/ULA/LinkLocal), this happens already, if they decide to expose this somehow (MPLS TTL propagation, and/or allowing the ICMP out) then it is only to assist troubleshooting (not that I accept RFC1918/ULA sourced traffic from such networks at my edge , anyway), these people are doing this by design, I think thats the point I'm trying to get across, if you will never need to process TOOBIG in your design, there is no need to accept it. -- David Freedman Group Network Engineering Claranet Group
Current thread:
- Re: IPv6 addressing for core network, (continued)
- Re: IPv6 addressing for core network sthaug (Feb 09)
- Re: IPv6 addressing for core network Iljitsch van Beijnum (Feb 09)
- Re: IPv6 addressing for core network Sam Stickland (Feb 09)
- Re: IPv6 addressing for core network sthaug (Feb 09)
- Re: IPv6 addressing for core network David Freedman (Feb 09)
- Too bigs are sacred, was: Re: IPv6 addressing for core network Iljitsch van Beijnum (Feb 09)
- Re: Too bigs are sacred, was: Re: IPv6 addressing for core network David Freedman (Feb 09)
- Re: Too bigs are sacred, was: Re: IPv6 addressing for core network Owen DeLong (Feb 09)
- Re: Too bigs are sacred, was: Re: IPv6 addressing for core network David Freedman (Feb 09)
- Re: Too bigs are sacred, was: Re: IPv6 addressing for core network Iljitsch van Beijnum (Feb 10)
- Re: Too bigs are sacred, was: Re: IPv6 addressing for core network David Freedman (Feb 10)
- Re: Too bigs are sacred, was: Re: IPv6 addressing for core network Valdis . Kletnieks (Feb 10)
- Re: IPv6 addressing for core network Owen DeLong (Feb 09)