nanog mailing list archives
Re: BCP38 considerations in IPv6
From: Mark Andrews <marka () isc org>
Date: Fri, 11 Feb 2011 08:50:46 +1100
In message <acd7c570039e58b67bbf64e467f4b12b@192.168.152.50>, Ryan Rawdon writes :
Hello NANOGers - What considerations should be made with respect to implementing egress filtering based on source IPv6 addresses? Things like allowing traffic sourced from fe80::/10 in said filters for on-link communication (for the interface that the filter is applied to). Is there anything else that should be taken into account while implementing BCP38 egress filtering in IPv6? Ryan
You should definitely make sure you block ULA prefixes leaving your site by default. e.g. add unreach admin all from any to fc00::/7 via gif0 add unreach admin all from fc00::/7 to any via gif0 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- BCP38 considerations in IPv6 Ryan Rawdon (Feb 10)
- Re: BCP38 considerations in IPv6 Mark Andrews (Feb 10)
- Re: BCP38 considerations in IPv6 Iljitsch van Beijnum (Feb 10)
- Re: BCP38 considerations in IPv6 William F. Maton Sotomayor (Feb 10)
- Re: BCP38 considerations in IPv6 Mohacsi Janos (Feb 10)