nanog mailing list archives
Re: Dropping IPv6 Fragments
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 4 Oct 2012 15:15:45 +0000
On Oct 4, 2012, at 9:58 PM, joel jaeggli wrote:
Likewise with the acl I have the property that the initial packet has all the info in it while the fragment does not.
For iACLs, just filter non-initial fragments directed to infrastructure IPs. Cisco & Juniper ACLs have ACL matching criteria for non-initial fragments. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- Dropping IPv6 Fragments Tom Taylor (Oct 04)
- Re: Dropping IPv6 Fragments Saku Ytti (Oct 04)
- Re: Dropping IPv6 Fragments Tom Taylor (Oct 04)
- Re: Dropping IPv6 Fragments Sander Steffann (Oct 04)
- Re: Dropping IPv6 Fragments Dobbins, Roland (Oct 04)
- Re: Dropping IPv6 Fragments joel jaeggli (Oct 04)
- Re: Dropping IPv6 Fragments Dobbins, Roland (Oct 04)
- Re: Dropping IPv6 Fragments joel jaeggli (Oct 04)
- Re: Dropping IPv6 Fragments Fernando Gont (Oct 04)
- Re: Dropping IPv6 Fragments Masataka Ohta (Oct 04)
- Re: Dropping IPv6 Fragments Saku Ytti (Oct 04)
- Re: Dropping IPv6 Fragments Merike Kaeo (Oct 04)
- Re: Dropping IPv6 Fragments Mark Andrews (Oct 04)
- Re: Dropping IPv6 Fragments Benno Overeinder (Oct 05)