nanog mailing list archives
Re: BCP for securing IPv6 Linux end node in AWS
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 15 May 2017 06:57:09 -0400
On Sun, May 14, 2017 at 09:29:45AM -0400, Eric Germann wrote:
I???ve reviewed some of the stuff out there, but apparently I???m catching too many of the ICMP types in the rejection as routing eventually breaks. My guess is router discovery gets broken by too tight of filters.
That's a good guess, but I would also guess that path MTU discovery may be breaking. (Or not.) I think you may want to implement RFC 4890, with a look at RFC 4443. ---rsk
Current thread:
- BCP for securing IPv6 Linux end node in AWS Eric Germann (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Alarig Le Lay (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Bjørn Mork (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Eric Germann (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Saku Ytti (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Enno Rey (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Rich Kulawiec (May 15)
- Re: BCP for securing IPv6 Linux end node in AWS JORDI PALET MARTINEZ (May 15)
- Re: BCP for securing IPv6 Linux end node in AWS Alarig Le Lay (May 14)