IPv6 ingress filtering
Gert Doering
gert at space.net
Fri May 17 13:38:48 CEST 2019
Hi,
On Thu, May 16, 2019 at 01:51:51PM -0700, Nick Buraglio wrote:
> Native IPv6 is clearly the right way to implement the service. However, my
> question is "why filter 2002::/16?". It doesn't pose any more risk than a
> native IPv6 address and there are some reasons to use it. Filtering it is
> wrought with the possibilities for poor customer experience. My stance is
> typically "don't filter $stuff unless you can identify a well defined
> risk".
Filtering it would allow the client to fall back to IPv4, instead of
letting it go onward with poor IPv6.
Unless you run a local relay you'll be hard pressed today to find any
case where 2002:: to *non* 2002:: traffic won't be significantly worse
than "just do IPv4" (in terms of "latency", "reliability", "packet loss").
2002:: to 2002:: is usually OK, as it follows the IPv4 path between
both sides (thus, same latency, packet loss, etc).
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list