nanog mailing list archives
Re: Should routers send redirects by default?
From: Jared Mauch <jared () puck nether net>
Date: Sat, 21 Aug 2010 10:26:59 -0400
On Aug 21, 2010, at 2:11 AM, Yann GAUTERON wrote:
2010/8/20 Jared Mauch <jared () puck nether net> Personally (and as the instigator in the ipv6/6man discussion) if the vendors could be trusted to expose their default settings in their configs, i would find a default of ON to be more acceptable. As their track-record is poor, and the harm has been realized in the network we operate (at least), I am advocating that as a matter of policy enabling redirects not be a default-on policy. If people want to hang themselves that's their problem, but at least they won't come with a hidden noose around their neck. On Cisco routers (at least some of them), have you tried the command show running-config all This command displays all configuration, including hidden default values. This may help when this command is present. Don't know about other vendors.
This varies by IOS (software revision), and because not all devices actually have the access to this "mainline" featureset due to when they branched for their localized hardware support. I certainly wish they could get there now, and it's better in the newer access (CPE) hardware. While related, the larger problem IMHO is them removing stuff like "show parser dump exec" and "show parser dump config". I have been a supporter of exposed defaults for years, including "more secure" and "more robust" defaults. The folks on the IETF list seem to think that the existing rate-limit mechanics will protect the routers. We did not arrive at these settings as a result of those rate-limits working properly sadly. - Jared
Current thread:
- Re: Should routers send redirects by default?, (continued)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
- Re: Should routers send redirects by default? Eric J. Katanich (Aug 20)
- Re: Should routers send redirects by default? Owen DeLong (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? James Hess (Aug 25)
- Re: Should routers send redirects by default? Butch Evans (Aug 25)
- Re: Should routers send redirects by default? Christopher Morrow (Aug 20)
- Re: Should routers send redirects by default? Yann GAUTERON (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 21)
- Re: Should routers send redirects by default? Christopher Morrow (Aug 20)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Leen Besselink (Aug 20)
- Re: Should routers send redirects by default? Eric J. Katanich (Aug 20)
- Re: Should routers send redirects by default? Jack Bates (Aug 21)
- Re: Should routers send redirects by default? Jared Mauch (Aug 21)
- Re: Should routers send redirects by default? Mark Smith (Aug 21)
- Re: Should routers send redirects by default? Mark Smith (Aug 21)