Filtering ULA?

Pekka Savola pekkas at
Mon Sep 22 22:31:39 CEST 2008

(re-send due to list change)

On Mon, 22 Sep 2008, Iljitsch van Beijnum wrote:
>  As for the packets: what if someone generates an ICMP too big message with a
>  ULA source address? That could happen. It would be really bad if people
>  filtered out those packets because that creates PMTUD black holes.

Sometimes folks (usually from a network X using RFC1918 space internally) start 
complaining about network Y breaking PMTUD because they filter RFC1918 or some 
other bogus addresses on the border.  As if network X had some $DEITY given 
right to break connectivity by exposing RFC1918 addresses to the outside and 
expecting the others to special-case around their brokenness.

If it isn't routed, it's bogus and should be dropped. If you expose unroutable 
address space to outside, don't make it others' fault if it causes breakage.

The same applies to ULA space IMHO.  (And that's what the spec says as well.)

Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

More information about the ipv6-ops mailing list