IPv6 Type 0 Routing Header issues
gert at space.net
Mon Apr 30 18:34:14 CEST 2007
On Mon, Apr 30, 2007 at 06:18:43PM +0200, Patrick Grossetete wrote:
> I will recommend looking at the PSIRT published in January
> to find what is available from a given IOS release.
Thanks for reminding me :-) - yes, we have installed those upgrades over
the previous months, where available (we're still waiting for 12.2(18)S3,
which was scheduled to be available "early April", grrr).
> I understand we need to get "no ipv6 source-route"
> as default across all release trains but can't state when it will happen.
A changed default value would be useful, but this is not my main gripe.
My main problem is that there *is no* "no ipv6 source-route" command on
12.2SX* IOS, and this is the only IOS that I can run on our 7600 boxes
- given that these don't run "main stream" IOS (well, technically there
is 12.2SR* as well, but due to Cisco politics, we won't run that - and
as far as I know, SR doesn't have "no ipv6 source-route" either).
On some of the 7200s, we run 12.2S or 12.2SB (due to the assumption that
these IOSes are targeted towards ISP customers), and these don't have it
either. 12.3 main has it.
So while I'm safe against the crashes due to "bad" RH0 headers (which
is good :) ), my routers can still be used to create RH0 traffic loops,
to eat bandwith, and possibly hurt other folks - and I can't see a
good way to handle that. Control plane policing *might* do the job,
Total number of prefixes smaller than registry allocations: 113403
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 305 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20070430/63e1c5a3/attachment-0001.bin
More information about the ipv6-ops