IPv6 network policies
Steve Bertrand
steve at ibctech.ca
Sat Apr 10 01:35:23 CEST 2010
...while I'm at it, I might as well ask a couple other questions that
I've been contemplating recently.
My network is _just_ under the size that two people can manage. We keep
extensive documentation on almost absolutely everything (mostly automated).
There are a couple of areas that are grey and sketchy though. One of
these areas is ACL management.
Although I use uRPF for everything, this doesn't fix the areas where
ACLs are still needed (and in fact, I have ACLs in place on top of uRPF).
An issue that I notice from time-to-time, is that I have an interface
that has the appropriate v4 ACLs applied, but the v6 ones have been
forgotten. What do other operators do to ensure consistency on ACL
application in regards to both protocols?
The other 'question' I have is regarding a very sensitive area. I do not
want to get into a war about this. I figure that this list is exactly
where I should ask.
What I'm looking for is from _only_ those that use it, is how you
document it, example config snips, if/how you reserve around it and from
a topology standpoint how you alloc/assign it. I'm sorry, but I'm
talking about /126 or /127 for ptp. I must admit, I am concerned with
ping-pong and no real easy way to combat it, so I'd like operational
feedback and education from those that use them without any traditional
strong opinions from those that oppose it (if possible :)
Steve
More information about the ipv6-ops
mailing list