(Loose) uRPF vs. non-announced IXP space
Gert Doering
gert at space.net
Wed Feb 8 13:12:35 CET 2012
Hi,
On Wed, Feb 08, 2012 at 01:01:24PM +0100, Thomas Schmid wrote:
> On 08.02.2012 12:55, Bernhard Schmidt wrote:
> > FYI, I've been informed that there has been a similar problem on the
> > RIPE ipv6-wg mailinglist last June. Start here:
> >
> > http://www.ripe.net/ripe/mail/archives/ipv6-wg/2011-July/001839.html
> >
> > There has not been a clear solution in this thread either.
>
> that's a real pain, especially since IXPs are the internet's MTU
> bottlenecks.
Actually, if the *IXP* is the MTU bottleneck, this is not a problem
at all - as the last router *before* the IXP would source the ICMP
packet, and not the router after the IXP mesh.
In this case, it's the first router *after* the IXP, which sends
back the ICMP packet using the IXP interface as egress, thus using
the uRPF-filtered source address.
> From my point of view RFC 5963 should be updated to recommend the
> global announcement
> of IX prefixes for IPv6 or - as already mentioned - an alternative would
> be to source the
> ICMP messages from a public address instead.
Vendors providing uRPF implementations that cannot be configured to
add exceptions, like "permit all ICMP packet too big" are part of the
problem.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7650 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20120208/1177b2c8/attachment-0001.bin
More information about the ipv6-ops
mailing list