IPv6 Type 0 Routing Header issues
Patrick Grossetete
pgrosset at cisco.com
Mon Apr 30 18:24:10 CEST 2007
Gert,
On Cisco routers able to be configured as MIPv6 HA then you
can use the Routing Type filter from
the previous e-mail beginning with IOS 12.4(2)T
Regards
Patrick
At 05:48 PM 4/30/2007, Gert Doering wrote:
>Hi,
>
>On Mon, Apr 30, 2007 at 05:46:12PM +0200, Sebastian Wiesinger wrote:
> > > - all the nice and shiny IPv6 filtering stuff isn't available in
> > > 12.2S-based releases yet. Thanksverymuch.
> >
> > Oh. That's a bummer. Well I'm out of ideas. Perhaps using a bridge to
> > filter it on L2 if possible.
>
>Haaaahaha :-)
>
>What you *can* do is drop all routing headers, but then you break
>Mobile IPv6. Which nobody is using.
>
>OTOH, using control plane policing, policing packets with RH headers
>targetting your routers down to "100 pps" *should* definitely reduce the
>usefulness of RH0 attacks using these routers as "bounce point" - if it
>is properly supported, which I'm not 100% sure right now.
>
>Gert Doering
> -- NetMaster
>--
>Total number of prefixes smaller than registry allocations: 113403
>
>SpaceNet AG Vorstand: Sebastian v. Bomhard
>Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
>D-80807 Muenchen HRB: 136055 (AG Muenchen)
>Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20070430/06166f19/attachment.htm
More information about the ipv6-ops
mailing list