IPv6 ingress filtering
Gert Doering
gert at space.net
Fri May 17 20:12:00 CEST 2019
Hi,
On Fri, May 17, 2019 at 12:55:33PM -0500, David Farmer wrote:
> A few questions;
>
> Are you generating ICMPv6 toward non-2002::/16 sources for traffic destined
> to 2002::/16?
> Are you generating ICMPv6 toward 2002::/16 source for traffic destined to
> non-2002::/16?
> For the later, where are you getting the route for 2002::/16 from?
Indeed, as you said, filtering correctly (= ICMP unreachable, so clients
can fail over quickly [if HE is not in use]) is hard.
We still run our own relay, so do not filter today. Mostly because I
know it works and (since it's our relay) I can rely on it to not break
things for people - and haven't had time to change that to "filter".
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20190517/64b0b657/attachment.bin
More information about the ipv6-ops
mailing list