Best practice for running 6to4 relays (was Re: 6to4 borkeness)
Michael Taht
m at teklibre.com
Thu Mar 20 00:19:36 CET 2008
Bernhard Schmidt wrote:
> Hi Michael,
>
>> 1) I am curious as to what best practice would be to correctly setup a
>> 6to4 router for a small ISP, announcing the route is valid just for ips
>> within my network - and not incurring the entire weight of australia
>> trying to route through my gateway? (significant bandwidth charges here)
>
> If you have a Cisco box it is fairly easy
>
Thanks (kevin, bernhard) for the stunningly fast help, I'd been working
through Ipv6 issues for a couple months before finding this list. Just
getting a couple servers to talk to themselves has been painful. My
endgame test this week is to get a bunch of olpcs on this side of the
world to talk to ipv6.google.com....
> b) pMTU discovery for the underlying IPv4 path seems to be a
> problematic item, so I set "ipv6 mtu 1280" to be on the safe side.
>
Is there a specific or minimum IOS release to avoid pMTU issues? Given
that this is an experiment it would be nice to go for broke and back off
when it breaks.
I'm aware that XP was apparently borked on this front, but that's not an
issue on this network. (thankfully)
> c) verify unicast reverse-path is set here because I've already seen a
> few DoS attempts through 6to4, and the ones I caught so far luckily
> had a non-2002:: source address (and got blocked by uRPF).
K. I worry about icmp DoS attempts on IPv6, and was thinking about rate
limiting them...
> Regards,
> Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20080320/4f8dd289/signature.bin
More information about the ipv6-ops
mailing list