nanog mailing list archives
Re: IPv6 Addressing Help
From: Jeroen Massar <jeroen () unfix org>
Date: Fri, 14 Aug 2009 20:35:38 +0200
TJ wrote: [..]
A great counter-point to this is that if you do use /64s (or for that matter - anything shorter than the currently-not-recommended /127s, AFAIK), you should apply ACLs to them to prevent ping-pong.
One should be doing uRPF at minimum on all links anyway. BCP84 ;) If the user (or whatever you call the place where you send packets to) has a default route back and is not properly routing those packets can come back quite quickly. eg, route a /48 to the user. The user only uses the first /64, and doesn't care about the rest and doesn't route them to lo0 to avoid the default to match, the packets will nicely ping pong back to you. Easy solution: source address check, then the source will not be matching and you can drop the packet, or ICMP !A them so that the user might once figure out what goes on. Of course if user is sending packets with their source and their destination you will need another kind of filter, but they will only hurt themselves with it. Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- IPv6 Addressing Help Chris Gotstein (Aug 14)
- Re: IPv6 Addressing Help Jeroen Massar (Aug 14)
- Re: IPv6 Addressing Help Thomas Mangin (Aug 14)
- Re: IPv6 Addressing Help Chris Gotstein (Aug 14)
- Re: IPv6 Addressing Help Roland Dobbins (Aug 14)
- RE: IPv6 Addressing Help TJ (Aug 14)
- Re: IPv6 Addressing Help Jeroen Massar (Aug 14)
- Re: IPv6 Addressing Help Thomas Mangin (Aug 14)
- Re: IPv6 Addressing Help David Freedman (Aug 14)
- Re: IPv6 Addressing Help Owen DeLong (Aug 14)
- Re: IPv6 Addressing Help Randy Bush (Aug 14)
- Re: IPv6 Addressing Help Larry Blunk (Aug 14)
- Re: IPv6 Addressing Help Jeroen Massar (Aug 14)
- Re: IPv6 Addressing Help Randy Bush (Aug 14)
- Re: IPv6 Addressing Help Jon Lewis (Aug 14)
- Re: IPv6 Addressing Help David Freedman (Aug 14)
- Re: IPv6 Addressing Help Mark Smith (Aug 15)
- Re: IPv6 Addressing Help Randy Bush (Aug 15)
- Re: IPv6 Addressing Help Mark Smith (Aug 15)