IPv6 ingress filtering

Sander Steffann sander at steffann.nl
Thu May 16 20:20:47 CEST 2019


Hi David,

> While I happen to agree with you 2002::/16 SHOULD NOT be filtered, and RFC 7526 is quite clear that 2002::/16 is still valid. However, it is perfectly permissible to filter it, if that is the policy a network operator wishes to enforce.

With the 6to4 anycast relays deprecated the only 6to4 traffic should be src 2002::/16 and dst 2002::/16. Sites that are not using 6to4 themselves can filter 2002::/16. Everybody else will only see IPv4+proto41 traffic, which is not impacted by that filter.

Cheers,
Sander

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20190516/68104cbe/attachment.bin 


More information about the ipv6-ops mailing list